Red Lion IndustrialPr 6000 Router User Manual
Page 62
Software User Guide
62
Network Tab
Allow DNP3: To allow external devices to connect to the DNP3 Server, via port 20,000, through untrusted interfaces
on this unit, select Yes; otherwise select No. The recommended setting for this field is No.
To restrict access via a configured whitelist, click the check box marked Use Whitelist and then select a whitelist name
for the list of names available in the drop‐down list box provided. Whitelists may be viewed/defined via the Net‐
work>Firewall>ACL Rules>Subnet Whitelist Rules screen.
Note: Setting this option to Yes does not enable the DNP3 Server, it just allows it to be accessible via the firewall when
it is enabled. Then DNP3 Server may be enabled via the Automation>DNP3>Physical Link Layer screen.
DNP3 Whitelist Name: Select the desired whitelist for the drop‐down menu. Whitelists are created in the Net‐
work>Firewall>ACL Rules> Subnet Whitelist Rules screen.
Allow Web Interface Access: To allow external devices to connect to the Web Interface, through untrusted interfaces
on this unit, select Yes; otherwise select No. The recommended setting for this feature is Yes.
To restrict access via a configured whitelist, click the check box marked Use Whitelist and then select a whitelist name
from the list of names available in the drop‐down list box provided. Whitelists may be viewed/defined via the Net‐
work>Firewall>ACL Rules>Subnet Whitelist Rules screen.
Note: This setting will not override any firewall rules defined on other pages, such as service access or redirect rules.
Web UI Whitelist Name: Select the desired whitelist for the drop‐down menu. Whitelists are created in the Net‐
work>Firewall>ACL Rules> Subnet Whitelist Rules screen.
Allow SNMP Agent Access: To allow external devices to connect to the SNMP Agent, via port 161, through untrusted
interfaces on this unit, select Yes; otherwise select No. The recommended setting for this feature is Yes.
To restrict access via a configured whitelist, click the check box marked Use Whitelist and then select a whitelist name
from the list of names available in the drop‐down list box provided. Whitelists may be viewed/defined via the Net‐
work>Firewall>ACL Rules>Subnet Whitelist Rules screen.
Note: Setting this option to Yes does not enable the SNMP Agent, it just allows it to be accessible via the firewall when
it is enabled. The SNMP Agent may be enabled via the Services>SNMP Agent screen.
Note: This setting will not override any firewall rules defined on other pages, such as service access or redirect rules.
SNMP Whitelist Name: Select the desired whitelist for the drop‐down menu. Whitelists are created in the Net‐
work>Firewall>ACL Rules> Subnet Whitelist Rules screen.
Allow IPSEC (Required): Specify whether to allow ESP data, as well as UDP port 500 to communicate with external
devices through untrusted interfaces. The recommended setting for this field is Yes.
Note: This is necessary if you are planning to configure any IPSEC tunnels originating from this device.
Allow NAT‐Traversal (Required): Specify whether to allow data on UDP port 4500 on untrusted interface. The recom‐
mended setting for this field is Yes.
Note: This is necessary if you are planning to run any IPSEC tunnels through our device. This would support a unit
behind a trusted interface to make an IPSEC connection to a host beyond an untrusted interface.
Trusted Interfaces: Identifies the trusted (internal) interface. Traffic from this interface will be permitted outbound.
Default is “WAN/eth0”.