Configuring Firewall for Sensor Traffic
Question
When deploying a sensor network that uses CoAP, which of the following must be done on the firewall to allow sensor traffic into the data center?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D.
CoAP (Constrained Application Protocol) is a lightweight protocol designed for IoT devices that have limited computing resources and operate in low-power, low-bandwidth, and lossy networks. CoAP uses UDP as its underlying transport protocol and runs on top of IPv4 or IPv6.
When deploying a sensor network that uses CoAP, the following steps must be taken on the firewall to allow sensor traffic into the data center:
A. Permit UDP traffic from the sensor IP address range: CoAP uses UDP as its transport protocol, so the firewall must be configured to allow UDP traffic from the sensor IP address range. The firewall should also allow traffic on the CoAP port, which is typically port 5683.
B. Configure stateful inspection for ROLL: CoAP is often used in conjunction with RPL (Routing Protocol for Low-Power and Lossy Networks), which is a routing protocol designed for IoT networks. RPL uses a variant of IPv6 called IPv6 over Low-power Wireless Personal Area Networks (6LoWPAN). The firewall must be configured to perform stateful inspection of ROLL (RPL Objective Function Zero) messages to ensure that they are properly formed and not malicious.
C. Enable NAT64: NAT64 (Network Address Translation IPv6 to IPv4) is a mechanism that allows IPv6-only networks to communicate with IPv4-only networks. If the sensor network is using IPv6 and the data center is using IPv4, NAT64 must be enabled on the firewall to translate between the two protocols.
D. Permit IP Option 135 traffic from the sensor IP address range(s): IP Option 135 is used by CoAP to carry additional data, such as security information or routing information. The firewall must be configured to allow IP Option 135 traffic from the sensor IP address range(s) to ensure that the CoAP messages are properly formed and not blocked.
In summary, when deploying a sensor network that uses CoAP, the firewall must be configured to allow UDP traffic from the sensor IP address range on port 5683, perform stateful inspection for ROLL messages, enable NAT64 if necessary, and permit IP Option 135 traffic from the sensor IP address range(s).
