2 network security/vpn device – GE Industrial Solutions Entellisys System Administrator Manual User Manual
Page 24
Configuring the switchgear for remote communications
24
6
6.2 Network security/VPN device
NOTE: GE recommends that your Entellisys Low Voltage Switchgear system be equipped with
a VPN/Firewall device if it is connected to a LAN that is also used for other purposes. Failure to
do so could result in unauthorized access to the control and settings functions of the circuit
breakers.
In addition to the standard username and password administrative functions for Entellisys,
accessibility to control functions and parameter settings must be considered from the network
point of view. The provisions for securing the network on which Entellisys communicates to HMI
Control Stations and other SCADA systems depends greatly on how the network over which
they communicate is configured.
• In-Gear HMI only – In this configuration, there is no network access external to the
switchgear and therefore no implications for network security.
• In-Gear and Near-Gear HMIs – The implications for network security depend on the
accessibility of the network the Near-Gear HMI uses to reach the main switchgear
instrumentation compartment.
• In-Gear, Near-Gear, Remote HMIs, and SCADA system access – The implications for network
security depend on the accessibility of the network the Near-Gear HMI uses to reach the
main switchgear assembly.
GE provides a mechanical mounting assembly compatible with Juniper Networks NetScreen-
5GT VPN/Firewall Appliance. Since configuration of the device is mostly dependent on the
specific network architecture of the facility in which it is installed, please consult the NetScreen
documentation for assistance in configuring this device, or contact your local IT department or
network service provider.
As a minimum, GE recommends that the VPN/Firewall appliance be configured to only permit
communications between the devices in the switchgear instrument compartment and the
external devices that are intended to communicate with them.
Contact GE Post Sales Service for the latest VPN/Firewall appliance application guide. See