IEC 60870-5-104 (IEC 104)
Settings
| Max no. of pending requests | Maximum number of requests without responses in a single session. This value has to be between 1 and 32768 seconds (default value: 12). |
| Maximum request duration (in seconds) | This value is the period after which requests without responses will be deleted. This value has to be between 1 and 255 seconds (default value: 10). |
| Maximum message size (bytes) | This value makes it possible to restrict the size allowed for a message. It has to be between 12 and 255 (default value: 255). |
Redundancy
The IEC 104 protocol adds the concept of redundancy: a client host sets up a certain number of connections with its server, with only one of these connections active at any given time. This set of connections is called a "redundancy group". Whenever the active connection is disrupted, one of the established connections will immediately take over.
| Maximum number of redundancy groups | This is the maximum number of redundancy groups allowed per server. |
| Maximum number of redundant connections | This is the maximum number of connections that can be set up in a redundancy group. |
ASDU management
Public IDs
This table shows the predefined ASDUs (Application Service Data Units) on the firewall. ASDUs, represented by their identifiers, are classified byType Id: System information, Settings and Process information.
These public type identifiers are allowed by default (Allow action). The buttons Block by Type ID, Allow by Type ID and Modify all Type IDs make it possible to modify the action (Allow/Block) applied to the selected ASDU set or to all ASDUs listed in the table.
Other authorized Type IDs
This list allows additional identifiers to be added. It is possible to Add or Delete elements to or from this list by clicking on the relevant buttons.
Support
| Disable intrusion prevention | When this option is selected, the scan of the protocol will be disabled and traffic will be authorized if the filter policy allows it. |
| Log each IEC 60870-5-104 request | Enables or disables the logging of requests. |
| Automatically detect and inspect the protocol | If this protocol is enabled, the inspection function will automatically apply to discover corresponding traffic that filter rules allow. |
Advanced settings
Additional cause
An IEC104 packet's Cause of transmission (COT) field makes it possible to specify why the packet was sent.
In addition to the list of COTs predefined in the IEC104 protocol standard, this grid allows you to Add (using the button of the same name) Additional causes that the IEC 60870-5-104 protocol analysis engine will analyze.