ETHERNET/IP (IPS tab)
Settings
| Max no. of pending requests | Maximum number of requests without responses in a single EtherNet/IP session. This value has to be between 1 and 512 seconds (default value: 10). |
| Maximum request duration (in seconds) | This value is the period after which EtherNet/IP requests without responses will be deleted. This value has to be between 1 and 3600 seconds (default value: 10). |
| Maximum message size (bytes) | This value makes it possible to restrict the size allowed for an EtherNet/IP message. It has to be between 24 and 65535 (default value: 65535). |
Commands management
Public commands tab
This list sets out the public EtherNet/IP functions allowed by default on the firewall. The action (Allow/Block) applied to each command can be modified by clicking in the Action column. The Modify all commands button makes it possible to change the action (Allow/Block) applied to all commands.
Other commands allowed tab
This list makes it possible to allow additional EtherNet/IP commands blocked by default on the firewall. It is possible to Add or Delete elements to or from this list by clicking on the relevant buttons.
Support
| Disable intrusion prevention | When this option is selected, the scan of the EtherNet/IP protocol will be disabled and traffic will be authorized if the filter policy allows it. |
| Log each request | Enables or disables the logging of EtherNet/IP requests. |
| Automatically detect and inspect the protocol | If this protocol is enabled, the inspection function will automatically apply to discover corresponding traffic that filter rules allow. |