Good morning,
I have a question about the remote access control of the eWon Cosy 131 via key switch:
If remote access control is enabled and there is a low signal on the Digitial In, how is the deactivation done internally?
Specifically, a customer would like to know if it is a software deactivation, i.e. theoretically an intruder could still gain access? Or is it a hardware disconnection, so that the connection is not possible in purely physical terms?
Thank you very much.
The VPN connection is deactivated using software. Theoretically, an intruder could still gain access if they already had local access to the network, but only if the Cosy 131s firewall were deactivated. By default, the Cosy 131 drops all packets from the WAN.
If the customer would prefer, they could put a switch on the power supply.
Hello Kyle,
thank you for the explanation!
Hello Kyle,
one more question: if we wanted to use NAT 1:1 we would set WANItfProt = 2 (allow all). Does that mean that the firewall is deactivated (like you mentioned above)?
Thanks
Setting WANItfProt=2 allows traffic from WAN to LAN. It does not allow traffic from the internet, just from the plant network. NAT 1:1 will forward all traffic from the WAN to the IP address that you specify, but you will also be able to access the Ewon’s webpage and any other services, like FTP, which are running. Of course you will still need the Ewon password to access anything.