12/12/2023
Bosch Rexroth | App | Security

ctrlX OS - Firewall

Valid for basic license, version 3.6.2 and greater:

The ctrlX OS Firewall Basic web interface has 3 sections:

  • Filter

  • Routing

  • Directional interfaces

Which are working in parallel to the "Advanced" view that is the old web interface available by clicking in the top right over the word "Advanced".

New Firewall Basic web UI

Modern networks require internet access, directional connections, filtering, routing,
and even more:

  • Directional interfaces, internet connection, LANs segmentation: it is important that the device can be easily connected to internet and, that the interface connected to internet is then protected against incoming connections.

  • Routing: many times, like in the remote access usage, it is important to use the core to implement the DNAT, SNAT and Masquerade functions in order to be able to remote access the devices in the LAN.

  • Filtering: probably the most basic of the operations: allow or deny the use of a certain port/service.

Valid for advanced license, version 2.6 and greater:

The Firewall app advanced gives the user full access to Nftables.

Nftables uses tables (IP, IP6, Inet), chains (Input, Output, Forward) and rules that are hierarchy levels at the same time. Tables include chains that include the actual firewall rules. The app provides a graphic interface of the Nftables functionality. This allows to comfortably create, edit and manage rules for network traffic/ packet filtering.

The firewall app offers Network Address Translation (NAT). NAT makes it possible to replace the destination or source IP address of a data packet with another address in the data packet. Both destination and source NAT are supported. Using source NAT of the firewall app, several devices (IP addresses) of the machine from the machine network can communicate with the production network via the ctrlX CORE using a single IP address (masquerading), which has security advantages. In contrast, Destination NAT enables the firewall app to address different services on different devices (IP addresses) in the machine network via one IP address of the ctrlX CORE from the production network (port forwarding).

Features

  • Firewall based on Nftables.

  • Network tables for IPv4, IPv6 and Inet (IPv4 + IPv6) network traffic.

  • Chains for Input (packets received by device), Output (packets leaving the device) and Forward (packets passing the device).

  • Rules support simple and advanced expressions to accept, drop or reject network packets.

  • Chain Management - managing of network rules (Create, edit, delete).

  • Rule Management - managing of expressions (Create, edit, delete, change of sequence).

  • Monitoring of rule(s) configuration via network packet counter.

  • Source NAT to adapt the source address of the data packet.

  • Destination NAT to adapt the destination address of the data packet.

Firewall configuration

Firewall advanced interface


Support

Related Links

Curious?

You can test many apps free of charge with a virtual control system provided by ctrlX WORKS.
Just download ctrlX WORKS and follow this How-to

[link-button type="light" text="TRY IT NOW" target="_blank" href="https://community.boschrexroth.com/ctrlx-os-store-apps-oc2pqqwn/post/ctrlx-works-xOJLFLUiK4NGm5H"]

Types
ctrlX OS Apps
Categories
Security

Latest published/updated articles