The new ETHERLINE ACCESS from LAPP is a NAT / Firewall and solves 3 headaches for Machine Builders.
1. Integrating my machine into a customers network
One common issue for machine builders is we set out machines up with fixed IP addresses with ranges we prefer (like 192.168.1.xxx), however when we get to site that range might not be suitable for the customer. We then have to change our standard machines setup to suit the customers IP range. This leads to increased documentation (keeping track of the different settings used per site).
The answer to get around this is using the NAT / Firewall box from LAPP. The box has a lookup table where you specify on the client side the IP addresses they want, then on your machine network you can map what you want them to translate to. You can keep all the IP addresses the same on your machine and fulfill the requirements of the customers IT at the same time.
2. Unwanted network traffic
When I install my machine in the customers network, I want to ensure nothing that happens on the customers network will affect my machine. If they set a duplicate IP address the same as my PLC, or if they have a lot of broadcast traffic on their network, this could affect how much my machine operates or even crash my machine. The customer also wants assurance that my machine will not interfere with their network.
Again the NAT / Firewall box solves this issue. Any IP address which is not mapped in the box are not accessible from the other side of the network. On my machine I might only want to map my PLC (for integration with the customers SCADA). The firewall will then block any traffic from my network not originating from the specific IP address from entering the customers network, and vice versa the customers network cannot access any device I don’t specify in the firewall.
3. Cybersecurity
Cybersecurity is an ever-growing concern; the possibility of someone external hacking into our hardware causing downtime, or the possibility of someone inside the network with a bit too much time on their hands playing around with something they don’t understand.
With the Firewall functionality takes security to the next level. You can set rules around IP addresses, what ports they can access, and you can even lockdown access to set MAC addresses. For example, I can allow the customers SCADA PC to only accesses Ethernet IP ports (44818 & 2222). That way they cannot get in and reprogram my controller.
If the customers network uses DCHP dynamic addressing, no problem. For the commissioning technicians from my company I can whitelist their laptop MAC address. That way they can still access all ports through the firewall no matter what IP address their laptop was allocated.