ETHERNET/IP
EtherNet/IP settings
| Max. number of pending requests | Maximum number of requests without responses in a single EtherNet/IP session. This value has to be between 1 and 512 (default value: 10). |
| Maximum request duration (seconds) | This value is the period after which EtherNet/IP requests without responses will be deleted. This value has to be between 1 and 3600 seconds (default value: 10). |
| Maximum message size (bytes) | This value makes it possible to restrict the size allowed for an EtherNet/IP message. It has to be between 24 and 65535 (default value: 65535). |
EtherNet/IP command management
Public commands
This list sets out the public EtherNet/IP functions allowed by default on the firewall. The action (Analyze / Block) applied to each command can be modified by clicking in the Action column. The Modify all commands button allows modifying the action (Analyze / Block) applied to all commands.
Other commands allowed
This list makes it possible to allow additional EtherNet/IP commands blocked by default on the firewall. It is possible to Add or Delete elements to or from this list by clicking on the relevant buttons.
Support
| Disable intrusion prevention | When this option is selected, the scan of the EtherNet/IP protocol will be disabled and traffic will be authorized if the filter policy allows it. |
| Log every EtherNet/IP query | Enables or disables the logging of EtherNet/IP requests. |
| Automatically detect and inspect the protocol | If this protocol has been enabled, it will automatically be used for discovering corresponding packets in filter rules. |