Creating a customized inspection profile
Create a customized inspection profile for the selected industrial protocol (Modbus in the example). In this profile, all function codes will be configured to generate an alarm allowing the identification of codes going through the network. This inspection profile will then be used in the filter policy.
Selecting the Modbus protocol profile
- In the Configuration > Application protection > Protocols menu, select the Modbus protocol (Industrial protocols section):
- Select the protocol profile (9) custom:
Prohibiting all public Modbus operations
- In the table lusting all public Modbus operations, browse the menu Modify all operations, and select Block. This action would result in an alarm being raised every time a Modbus function code is detected:
- Confirm by clicking on Apply.
Customizing the application inspection profiles
- In the Configuration > Application protection > Inspection profile menu, click on Go to profiles.
- Select the profile (9) IPS_09 (by default, this inspection profile will use no. 9 protocol profiles):
- Expand the Edit menu and select Rename in order to customize the name of this inspection profile:
- Choose a representative name (IPS_Network_Discovery in the example) and confirm the change by clicking on Update.