Extensive LED expansion and security improvements

LED simulation in WBM – expansion to include DI/DO

• SCALANCE SC-600 devices have no physical LED for the DI and DO. Their status is now indicated in the WBM via the LED simulation at the top right of the pages.

Information:

• Redundancy – Link Check - Table for monitoring optical connections in the ring is displayed.

• Ethernet statistics - Tables with interface statistics and RMON statistics are displayed.

• Firewall monitoring - A table containing all active connections that pass through the firewall.

System:

• Restart – Select Backup Configuration - For the planned restart, you can specify which backup configuration is to be active after the restart.

• Load & Save – Firewall and NAT configuration - "FirewallNATConfig" enables the firewall and NAT settings to be exported in *csv format for archiving purposes.

• Load & Save – Exchange configuration data with TIA Portal - "RunningSINEMAConfig" allows you to export the configuration from the device in order to import it into TIA. "SINEMAConfig" allows you to import an exported device configuration from TIA into the device.

• Ports – Power down of ring and standby ports - Ring and standby ports can be deactivated by means of the "Power down" function.

• IPv6 - IPv6 properties can also be configured for a large number of services.

• Connection check - Connections can be monitored by ping. In the event that the accessibility test fails, you can configure actions to be executed.

• Configuration backup - Configuration backups can be created for state restoration.

Layer 2:

• Quality of Service (QoS) - Data traffic can be prioritized.

• Mirroring - Mirroring on the interfaces can be used.

• Spanning Tree – Enhanced passive listening compatibility - Enhanced passive listening can be activated.

• RMON – Remote monitoring - It is possible to configure which ports the RMON statistics should be generated for.

Layer 3 (IPv4):

• Subnetworks – Unique VLAN MAC address - It is possible to set a configuration so that each VLAN interface is assigned its own MAC address. By default, all VLAN interfaces have the MAC address of the first VLAN.

• PBR – Policy Based Routing - Package forwarding can be specified on the basis of policies.

• OSPFv2 - Network infrastructures can be used where device routing is controlled via OSPF.

Layer 3 (IPv6):

• Subnetworks - The IPv6 interface of the device can be configured.

• Static routes - Static IPv6 routes can be created.

Security:

• Passwords – user defined password policy - A custom password policy can be specified for the device.

• Firewall – Extended global logging settings - Global settings can be made for the following settings:

• Log limitation - Max. number of entries of a rule in the firewall log per second

• Log all rejected packages - Regardless of individual rules, all rejected packages of the firewall are logged

• Log all accepted packages - Regardless of individual rules, all accepted packages of the firewall are logged

• Firewall > dynamic rules and IP rules IPv6 - Firewall rules can now also contain IPv6 addresses.

• Firewall > IP rules – Direction "Any"

• The communication direction From/To can now also be specified as "Any", which includes all communication directions except those to and from the device.

• Firewall > IP Rules – Enable/Disable - Firewall rules can be enabled and disabled in the list.

• Firewall > Dynamic rules – time-controlled - Dynamic firewall rules can be created that are enabled and disabled based on date and time.

• IPsec VPN – General IKEv2 Make-before-break - A configuration can be set to ensure that there is no interruption to the VPN communication during authentication.

• OpenVPN - SCALANCE SC-600 appliances can function as L3-OpenVPN clients and L3-OpenVPN servers.

• OpenVPN > Server – Client-to-Client for L2 tunnel - For Layer2 OpenVPN tunnel, you can allow communication among the clients.

The following configuration limits have been increased:

• VXLAN: The number of configurable VXLAN ingress replications has been increased from 16 to 32.

Changes have been made in the following areas:

• Firewall:

• The firewall now works bumplessly.

• When the firewall rules in the device are changed, non-relevant connections are not affected.

• The firewall updates from the SINEMA Remote Connect Server, for example, no longer cause active connections to be affected.

Corrections have been made in the following areas:

• Dynamic firewall rules with RADIUS authentication - Parallel login of multiple users belonging to the same RADIUS group is now possible.

• NTP client and NTP server - When synchronizing the time as an NTP client with an NTP server and forwarding this time as an NTP server for a network, no major time differences are now to be expected.

• Firewall rules with overlapping addresses - When using firewall rules in which both individual addresses and address CIDR specifications overlap, all firewall rules are now observed in the correct order.

• Inter-VLAN bridge - When using the Inter-VLAN bridge, the DCP requests that are not directed to the device are no longer answered.

Security fixes and improvements:

• This version contains security-relevant product improvements which increase the robustness.

• This update contains security-relevant changes which enhance robustness against possible attacks.