Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thuan
Participant
Jump to solution

FW for OT

 

Hello experts,

My case: I have to use 1570R to protect OT network. But the 1570R device is not performing enough. So I needed a solution that didn't change the client's architecture.

Capture 1570R.PNG

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin

I have already provided you with the answer, which is yes. Go by the link in the comment above, and download the attached white paper, it contains all the info you are looking for, including policy examples with modbus and other related services.

 

View solution in original post

0 Kudos
12 Replies
G_W_Albrecht
Legend
Legend

Why are you using a 1570R industrial ? You should estimate needed performance and decide between SMB (1600/1800) or GAiA appliance based on this.

CCSE CCTE CCSM SMB Specialist
0 Kudos
Thuan
Participant

I'm confused as to whether network firewalls (like 1600/1800, quantum 6000, ...) can handle industrial protocols.
I know that in the category (application/application control wiki) there are entries for the scada protocols. But I'm not sure about that. I haven't found any documentation that a network firewall can handle industrial protocols.
As you (Legend) say, I can use network firewall in this case.

0 Kudos
_Val_
Admin
Admin

Which particular protocols are you enquiring about?

0 Kudos
Thuan
Participant

modbus, OPC, IEC, electrical industry related protocols

0 Kudos
G_W_Albrecht
Legend
Legend

See sk177203: Quantum IoT Controller [IoT Protect] Security Best Practices

If you need special protocols i would ask TAC and/or your local CP SE !

CCSE CCTE CCSM SMB Specialist
0 Kudos
Thuan
Participant

modbus, OPC, IEC, electrical industry related protocols. I wonder if CP 6200 is ok?

0 Kudos
Chris_Atkinson
Employee
Employee

 

1570R is environmentally hardened compared with 6200 is that a requirement?

You can search for specific protocols like Modbus here:

https://appwiki.checkpoint.com/appwikisdb/public.htm

0 Kudos
_Val_
Admin
Admin

Did you search the community for answers?

Look here, for example: https://community.checkpoint.com/t5/IoT-Protect/Protect-ICS-SCADA-Network-Whitepaper/td-p/40878

0 Kudos
Thuan
Participant

Thank you!

In short I want to ask if CP 6200 can work with industrial protocol: modbus, OPC, IEC, ... (electrical industry related protocols).

I know that in the category (application/application control wiki) there are entries for the scada protocols. But I'm not sure about that. 

Is it possible to answer yes/no in this case?

0 Kudos
_Val_
Admin
Admin

I have already provided you with the answer, which is yes. Go by the link in the comment above, and download the attached white paper, it contains all the info you are looking for, including policy examples with modbus and other related services.

 

0 Kudos
Thuan
Participant

Thanks expert.
I apologize if I have bothered you for a while on this topic.

I have read 1_protect-ics-scada-network-whitepaper (Protecting Industrial Control Systems and SCADA Networks | White Paper)
Does the section Enforce with Zero Impact/page 7 prove what you say?

0 Kudos
_Val_
Admin
Admin

Hi, there is no need to apologize, we are here to help.

Page seven has an example with mudbus enforcement. Also, quite a few documents and guides are available on the main site in the Scada section: https://www.checkpoint.com/industry/industrial-control-systems/

If you need any further help, please let me know.

0 Kudos