MODBUS (IPS) tab
General settings
| Max no. of pending requests | Maximum number of requests without responses in a single session. This value has to be between 1 and 512 seconds (default value: 10). |
| Maximum request duration (in seconds) | This value is the period after which requests without responses will be deleted. This value must be between 1 and 3600 seconds inclusive (default value: 10). |
| Support serial gateways | If this option is selected, you will allow protocol scans for Modbus traffic heading to the TCP Modbus gateway to the serial port (in this case, Modbus messages will have fields containing particular values). |
Allowed Unit IDs
This list shows the Unit IDs allowed. It is possible to Add or Delete elements to or from this list by clicking on the relevant buttons.
Modbus settings
| Maximum message size (bytes) | This value makes it possible to restrict the size allowed for a message. It has to be between 8 and 4096 (default value: 260). |
| Max. number of files | This field allows defining the maximum number of fields allowed for "Read File Record" and "Write File Record" operations in order to protect certain vulnerable automatons beyond a defined number of files. |
Managing Modbus function codes
Public operations
This list sets out the public functions allowed by default on the firewall. The buttons Modify write operations and Modify all operations make it possible to modify the action (Allow/Block) applied to the selected function or to all functions.
Other operations allowed
This list allows authorizing additional function codes blocked by default by the firewall. It is possible to Add or Delete elements to or from this list by clicking on the relevant buttons.
Managing Modbus addresses
In this panel, the access privileges of Modbus function codes to memory addresses on automatons can be filtered. By default, all Modbus function codes in read and write (1,2,3,4,5,6,15,16,22,23,24) are allowed to access all memory ranges on automatons (0-65535). It is possible to Add or Delete access rules to or from this list by clicking on the relevant buttons.
This added protection in the firewall makes it possible to define a Modbus profile that specifies the memory ranges on the PLC in which Modbus data can be written.
Support
| Disable intrusion prevention | When this option is selected, the scan of the protocol will be disabled and traffic will be authorized if the filter policy allows it. |
| Log each Modbus request | Enables or disables the logging of requests. |
| Automatically detect and inspect the protocol | If this protocol is enabled, the inspection function will automatically apply to discover corresponding traffic that filter rules allow. |