Firewall
Note
The basic IP allowlist feature is available from firmware ≥ 25.1.8.
For comprehensive firewall capabilities, firmware version ≥ 28.0.2 is required. Starting from this firmware version, the menu item IP allowlist is replaced by Firewall. The IP allowlist configurations will be automatically updated when you update the firmware.
Cybersecurity holds significant importance in the renewable energy sector. Implementing a firewall is a crucial measure to safeguard your system by specifying allowed and forbidden network traffic. In the firewall configuration, you can establish rules to permit or block traffic between devices and the virtual networks organized under VLAN. The firewall only affects network traffic via the blue'Log’s Ethernet interface.
If you use VCOM as a backup, be aware that firewall configurations are not automatically included in VCOM backups. We strongly recommend enabling VCOM backup and performing a manual backup before enabling the firewall. This ensures that all configurations can be restored in case of any incorrect firewall configuration. See Backup and restore
Set up firewall rules
Prerequisites
You are using blue'Log XC or blue'Log XM
Firmware ≥ 28.0.2 is installed
You have completed the necessary actions described in the section VLAN.
If you use VCOM as a backup: You have performed a VCOM backup. See Backup and restore.
Steps
Under System > Firewall, select the Plus icon to add a rule.
Select the protocol. Depending on your firmware version, the following will be available: TCP, UDP, ICMP (firmware ≥ 29.1.10).
Select the interface from all available internet interfaces, including configured VLANs.
Select the direction for the firewall rule: incoming or outgoing.
Enter the source IP address for this rule. CIDR notation, e.g. “/16", is possible.
Enter the source port for this rule. For options, hover over the Info icon next to Source port.
In the Action column, choose whether to allow or forbid the action. If you forbid an action, you will block all network traffic via the blue'Log Ethernet interface.
We recommend adding a comment for the rule. This helps all users maintain an overview of the firewall rules, e.g. if you need to re-configure the firewall.
Select the Disk icon to save.
Firewall rule settings are stored until the firewall is activated. When you have entered and reviewed your rules, activate the Firewall toggle. The firewall is now activated.
Note
To prevent you from locking yourself out of the web interface, the following ports cannot be configured:
80 (in/out)
22 (in/out)
443 (in/out)
Further actions
Set order of firewall rules
You can change the order in which the firewall rules are applied by selecting the up/down arrows in the Priority column in the table.
Edit or delete firewall rules
You can edit or delete the the firewall rule next to its name in the list.
To delete or edit items in bulk, tick the individual check boxes in the list, or tick the check box to mark all items in the table header. Select Edit selected or Delete selected.