Configuring the switchgear for remote communications24
6
6.2 Network security/VPN deviceNOTE: GE recommends that your Entellisys Low Voltage Switchgear system be equipped with
a VPN/Firewall device if it is connected to a LAN that is also used for other purposes. Failure to
do so could result in unauthorized access to the control and settings functions of the circuit
breakers.
In addition to the standard username and password administrative functions for Entellisys,
accessibility to control functions a nd parameter settings must b e considered from the network
point of view. The provisions for securing the network on wh ich Entellisys communicates to HMI
Control Stations and other SCADA systems depends greatly on how the network over which
they communicate is configured.
•In-Gear HMI only – In this configuration, there is no network access external to the
switchgear and therefore no impl ications for network security.
•In-Gear and Near-Gear HMIs – The implications for network security depend on the
accessibility of the network the Near-Gear HMI uses to reach the main switchgear
instrumentation compartment.
•In-Gear, Near-Gear, Remote HMIs, and SCADA system access – The im plications for network
security depend on the accessi bility of the network the Near-Gear HMI uses to reach the
main switchgear assembly.
GE provides a mechanical mounting assembly compatible with Juniper Networks NetScreen-
5GT VPN/Firewall Appliance. Since configuration of the device is mostly dependent on the
specific network architecture of the fa cility in which it is installed, plea se consult the NetScreen
documentation for assistance in configuring this device, or contact your local IT department or
network service provider.
As a minimum, GE recommends that the VPN/Firewall appliance be configured to only permit
communications between the dev ices in the switchgear instrumen t compartment and the
external devices that are inten ded to communicate with th em.
Contact GE Post Sales Service for the latest VPN/Firewall appliance application guide. See How
to contact us onpage2.