What is and isn’t accessible

The x500’s advanced built-in firewall completely separates its WAN network (company network) from its LAN network (machine network). It blocks all communication except for authorized and encrypted data verified by a valid identity certificate. This means that only authorized users can access the machine network via X4 Remote.

This article explains what is and what isn’t remotely and locally accessible. If you’re looking for information about our security in general, take a look here.

  • How does it work?
  • Remote accessibility
  • Local accessibility

How does it work?

Every network packet contains a source address and a destination address. This is so networking components know where to send the packet to and so that the recipient knows where to send a reply to. This is essential in networking. Otherwise we won’t be able to send an e-mail, look up something online, or any of the other tasks we’ve grown accustomed to.

The x500 uses this information to see where a packet is coming from (from LAN, WAN, VPN?) and going to (LAN, WAN, Internet?) and then determines whether this is allowed or not, based on its firewall rules. This is depicted in the image below.

Remote accessibility

This section discusses the accessibility when you have set up a VPN connection from a remote location. Please read How does it work? for clarification.

VPN to LAN

Accessible

Traffic coming in via the VPN connection, going to the LAN network of the x500, is allowed. In other words, remotely you can access all devices that are connected to the LAN network of the x500 (i.e. the machine network).

VPN to WAN

NOT accessible

Traffic coming in via the VPN connection, going to the WAN network of the x500, is blocked. In other words, remotely you can not access any device that is connected to the WAN network of the x500 (i.e. the company network).

Local accessibility

This section discusses the accessibility when you are on-site and your computer is connected to either the company network or the machine network (depending on the situation). Please read How does it work? for clarification.

WAN to LAN

NOT accessible (by default)

Traffic coming in via the WAN network, going to the LAN network of the x500, is blocked by default. In other words, if you are connected to the WAN network (i.e. the company network) you can not access any device that is connected to the LAN network of the x500 (i.e. the machine network), with the x500’s default settings.

If necessary, you can add a port forwarding to allow traffic through from WAN to LAN.

LAN to WAN

NOT accessible (by default)

Traffic coming in via the LAN network, going to the WAN network of the x500, is blocked by default. In other words, if you are connected to the LAN network (i.e. the machine network) you can not access any device that is connected to the WAN network of the x500 (i.e. the company network), with the x500’s default settings.

If necessary, you can allow access to the company network to allow traffic through from LAN to the company network.

LAN to Internet

NOT accessible (by default)

Traffic coming in via the LAN network, going to the internet, is blocked by default. In other words, if you are connected to the LAN network (i.e. the machine network) you can not access the internet, with the x500’s default settings.

If necessary, you can allow access to the internet to allow traffic through from LAN to the internet.

 

?crire à Lenze