ETHERNET/IP (IPS tab)

Settings

Max no. of pending requests Maximum number of requests without responses in a single EtherNet/IP session. This value has to be between 1 and 512 seconds (default value: 10).
Maximum request duration (in seconds) This value is the period after which EtherNet/IP requests without responses will be deleted. This value has to be between 1 and 3600 seconds (default value: 10).
Maximum message size (bytes) This value makes it possible to restrict the size allowed for an EtherNet/IP message. It has to be between 24 and 65535 (default value: 65535).

Commands management

Public commands tab

This list sets out the public EtherNet/IP functions allowed by default on the firewall. The action (Allow/Block) applied to each command can be modified by clicking in the Action column. The Modify all commands button makes it possible to change the action (Allow/Block) applied to all commands.

Other commands allowed tab

This list makes it possible to allow additional EtherNet/IP commands blocked by default on the firewall. It is possible to Add or Delete elements to or from this list by clicking on the relevant buttons.

Support

Disable intrusion prevention When this option is selected, the scan of the EtherNet/IP protocol will be disabled and traffic will be authorized if the filter policy allows it.
Log each request Enables or disables the logging of EtherNet/IP requests.
Automatically detect and inspect the protocol If this protocol is enabled, the inspection function will automatically apply to discover corresponding traffic that filter rules allow.