Ethernet Network Question

[Electromechanical30]

We are in the process of creating a new production line. This line uses Ethernet communications.

We have 8 devices (PC's and PLC's) on a private LAN. The PC's need to talk to a file management server, and the server needs to talk to individual PC's. We will also need to be able to access all nodes remotely.

The delema - the customer requires this network to be seperated from their corporate network via a firewalled router. The file management server is on their corporate network and it is designed to have it's peers set up in it's table by static IP addressing.

Is their a way to allow full duplex communications to the PC's behind the router (LAN) with the file server on the WAN?

You input is greatly appreciated!!

 

[SolderingGunslinger]

Yes. Either the firewall needs to be configured to allow the data to pass or the production line must be entirely on a different sub net and the production line communicates through the DMZ via a VPN (Virtual Private Network) Client. Net Screen Remote is a pretty good VPN.

Another idea is to install a second NIC in the File Management Server so it can communicate directly with the production line. In this way the FMS can serve both the WAN and the LAN. Firewall software should be installed in the FMS to prevent access to the production line from the WAN.

Without more information it is difficult to come up with more specific recommendations...besides, I'd have to send you a bill ;-)

I remain,

The Old Soldering Gunslinger

 

[richs]

Hi-

This application should be configurable with almost any
router. From what I see, the requirement for the firewall
is the only concern. Routing should be straightforward,
having the server aware of the PC/PLC subnetwork, and
the PCs aware of the gateway node of the router to allow
communication with the server. Further, remote access
via the corporate lan is also possible.

Essentially, the PCs and the PLCs are just extensions of
the corporate network with a blocking firewall from the
subnet back onto the corporate lan. In fact, you might
even want to block outside firewall traffic from the
PLCs unless it comes from the server for example.

There are very simple and low cost routers that include
firewall capability that should set one back less than
$100.00 (usually much less). I would suggest that you
look at the Linksys routers. Note: Linksys is owned
by Cisco now, and I used to work at Cisco, however,
I no longer have any affilation with them......

The external router function tends to make the
corporate network types happy without breaking the budget.
They (the corporate network types) might have a suggestion
on the firewall types that they would recommend. If they
do, maybe they will give you one.... Otherwise, go
with the low cost router/firewall.

That being said, I suggest you hit the Linksys site,
find a selection of routers there and download the
manuals for checking the configuration.

Hope that this helps.

Cheers,
Rich S.

 

[Electromechanical30]

Thanks for the input!!

I should be able to wing it from here. Corporate has issued a D-Link firewall/router with a VPN client.

Regards,
jMk