Skip to main content
Skip table of contents

Firewall

Note

  • The basic IP allowlist feature is available from firmware 25.1.8.

  • For comprehensive firewall capabilities, firmware version ≥ 28.0.2 is required. Starting from this firmware version, the menu item IP allowlist is replaced by Firewall. The IP allowlist configurations will be automatically updated when you update the firmware.

Cybersecurity holds significant importance in the renewable energy sector. Implementing a firewall is a crucial measure to safeguard your system by specifying allowed and forbidden network traffic. In the firewall configuration, you can establish rules to permit or block traffic between devices and the virtual networks organized under VLAN. The firewall only affects network traffic via the blue'Log’s Ethernet interface.

If you use VCOM as a backup, be aware that firewall configurations are not automatically included in VCOM backups. We strongly recommend enabling VCOM backup and performing a manual backup before enabling the firewall. This ensures that all configurations can be restored in case of any incorrect firewall configuration. See Backup and restore

Set up firewall rules

Prerequisites

  • You are using blue'Log XC or blue'Log XM

  • Firmware ≥ 28.0.2 is installed

  • You have completed the necessary actions described in the section VLAN.

  • If you use VCOM as a backup: You have performed a VCOM backup. See Backup and restore.

Steps

  1. Under System > Firewall, select the Plus icon to add a rule.

  2. Select the protocol. Depending on your firmware version, the following will be available: TCP, UDP, ICMP (firmware ≥ 29.1.10).

  3. Select the interface from all available internet interfaces, including configured VLANs.

    Select interface

    Select interface

  4. Select the direction for the firewall rule: incoming or outgoing.

  5. Enter the source IP address for this rule. CIDR notation, e.g. “/16", is possible.

  6. Enter the source port for this rule. For options, hover over the Info icon next to Source port.

  7. In the Action column, choose whether to allow or forbid the action. If you forbid an action, you will block all network traffic via the blue'Log Ethernet interface.

  8. We recommend adding a comment for the rule. This helps all users maintain an overview of the firewall rules, e.g. if you need to re-configure the firewall.

  9. Select the Disk icon to save.

  10. Firewall rule settings are stored until the firewall is activated. When you have entered and reviewed your rules, activate the Firewall toggle. The firewall is now activated.

Note

To prevent you from locking yourself out of the web interface, the following ports cannot be configured: 

  • 80 (in/out)

  • 22 (in/out)

  • 443 (in/out)

Firewall.png

Firewall is activated

Further actions

Set order of firewall rules

You can change the order in which the firewall rules are applied by selecting the up/down arrows in the Priority column in the table.

Firewall priority rules

Firewall priority rules

Edit or delete firewall rules

  • You can edit or delete the the firewall rule next to its name in the list.

  • To delete or edit items in bulk, tick the individual check boxes in the list, or tick the check box to mark all items in the table header. Select Edit selected or Delete selected.  

Edit or delete firewall rules

Edit or delete firewall rules


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.