The network environment must be sufficiently secure to serve a building automation application. This section lists the most relevant network requirements for Desigo Plug and Play Automation.
Separate process infrastructure
The main principle is that the building automation network has a dedicated IP network segment, separated from any office, guest access or maintenance connections. Isolation is achieved by network segmentation with suitable border routers, firewalls, authentication servers etc. following the defense in depth concept.
WARNING
A separate VLAN does not meet the requirements for zone boundary protection.
Firewall settings
The WAN connection of the edge controller must be protected by a firewall. Traffic types and destinations are given in Section System characteristics.
IP settings
The edge controller expects to receive a local IP address from a DHCP server, typically implemented in the infrastructure providing internet access. No traffic passes between the LAN and WAN sides.