UMAS (IPS) tab
The UMAS (Unified Messaging Application Services) protocol is the intellectual property of Schneider Electric. To ensure the communication between Schneider Electric controllers and software, activate the option sysctl net.link.ether.handle802_3=1 with a command line on the firewalls set up between those elements.
UMAS Parameters
| Maximum message size (bytes) | This value makes it possible to restrict the size allowed for a message. It has to be between 10 and 4096 (default value: 1480). |
| Maximum reservation life time (in seconds, 0 for infinite time) | The reservation mechanism makes it possible to prevent certain behavior-modifying requests from being run at the same time. It is based on a reservation ID that the server randomly defines and returns in the Umas_takePlcReservation response, then uses in the 'Reservation ID' field of commands that the client sends as part of this reservation. Whenever a client reserves a server, reservation requests from other clients will be rejected. Depending on the specifications of the protocol, any unused reservations will be disabled after 50 seconds. Once it has been allocated, a reservation can be used by UMAS requests originating from different TCP connections. Furthermore, the reservation remains valid even after a TCP connection that had been using is shut down, up until its expiration (50 seconds). The value specified in this field therefore makes it possible to shorten the 50-second lifetime set by specifications. |
UMAS function codes management
Public operations
This table lists the codes and associated UMAS functions that have been predefined on the firewall. These functions are classified by function group: Application Management, Application download to PLC, Application upload from PLC, Configuration Information requests, Connection Information requests, Debugging, PLC Status commands, PLC Status requests, Read commands, Reservation requests and Write commands.
The Block by operation set and Allow by operation set buttons make it possible to modify the action (Allow/Block) that had been applied to the selected operation set.
Other operations allowed
This list allows authorizing additional function codes blocked by default by the firewall. It is possible to Add or Delete elements to or from this list by clicking on the relevant buttons.
Support
| Disable intrusion prevention | When this option is selected, the scan of the protocol will be disabled and traffic will be authorized if the filter policy allows it. |