Re: Firewall for IEC 60870-5-104 standard.

alberx · ‎08-06-2024

Hello,

I need a firewall supporting IEC 60870-5-104 standard. I know ISA300 does it, but I don't need a rugged firewall because of the location and other purposes of the firewall.

My question is if any other Cisco Secure firewall supports it (4200, 9300..). Data sheets doesn't show but I have read somewhere that it is possible configure security rules for that protocols in Management Console.

So I'm not sure if any Cisco Firewall would support the standard and able to configure security rules for that protocols.

Does anybody has experience with that?

Thanks.

nipun043 · ‎08-06-2024

The IR1835 and IR8340 support full Next generation firewall capabilities including IPS/IDS , app-aware firewalls , URL filtering , application malware and DNS queries . they dont see to be IEC certified - but have T101/104 , SCADA capabilities

alberx · ‎08-07-2024

Good point thanks. But the requirements of my client talk specificaly about a NGFW managed by FMC.

alberx · ‎08-09-2024

For anyone interested. I found the AVC (Cisco Firepower Application Detector Reference), that is the one used for the Cisco Firewalls.

https://www.cisco.com/c/en/us/td/docs/security/firepower/Application_Detectors/vdb-343/cisco_firepower_application_detector_reference_343.html

Also the Firepower Applicaton Detectors:

https://appid.cisco.com/home

I think the VDB is applied in all the Cisco firewalls doesn't matter the model.

So I suppose any Cisco Firewall could detect IoT applications of the IEC 60870-5-104 standard because they are included in VDB.