AMP ============== The ASCII Message Protocol (AMP) is a communication protocol widely used in the automation industry for Supervisory Control and Data Acquisition (SCADA) and system integration. The ASCII Message Protocol (AMP) is designed to help ensure reliable communication between industrial equipment. The ASCII Message Protocol (AMP) is used to monitor and control industrial automation equipment such as Programmable Logic Controllers (PLCs), sensors, and meters. The device uses the Deep Packet Inspection (DPI) function to discard data packets that violate one of the specified profiles. The AMP Enforcer function supports Common ASCII Message Protocol (CAMP) and Non-Intelligent Terminal Protocol (NITP) using TCP. The device uses the AMP Enforcer function to perform the DPI function on the CAMP and NITP data stream. The device performs the DPI function based on the Program and mode protect function and the specified profiles. When the AMP Enforcer profile is active, the device applies the profiles to the data stream. The device permits only data packets that contain the values specified in the following fields depending on the status of the Program and mode protect function: * Protocol * Message type * Address class * Device class * Memory address * Data word * Task code * Task code data * Block check characters * Error check characters * Sanity check The menu contains the following dialogs: * AMP Global * AMP Profile You can find the AMP enforcer at **Firewall → Enforcer → AMP**. .. image:: img/Enforcer-AMP.png :width: 100% :align: center :alt: AMP AMP Settings ********************** **Name** Name of the AMP enforcer. Possible values: * **Character string** with 0..100 characters **Description** Description of the AMP enforcer. Possible values: * **Character string** with 0..250 characters **Enabled** Wheter the AMP enforcer is active or not. Possible values: * **Enabled** * **Disabled** (default setting) **Protocol** Specifies the TCP payload protocol type of the data packets to which the device applies the profile. The device applies the profile only to data packets that contain the specified value in the Protocol field. Possible values: * **camp** Common ASCII Message Protocol * **nitp** Non-Intelligent Terminal Protocol * **any (default setting)** The device applies the profile to every data packet without evaluating the protocol. **Task code** The prerequisite is that in the *Protocol* field one of the following values is specified: * *nitp* * *camp*: Additionally, in the *Message type* field, a hexadecimal value in the range 00..03 or the hexadecimal value FF is specified. * *any*: Additionally, in the *Message type* field, the value *any* is specified. Possible values: * 01-9A **Task code data** Specifies the task code data for the Task code. The prerequisite is that in the *Protocol* field one of the following values is specified: * **camp** Additionally, in the *Message type* field, a hexadecimal value in the range 00..03 or the hexadecimal value FF, and in the *Task code* field a single hexadecimal value are specified. * **nitp** Additionally, in the *Task code* field, a single hexadecimal value is specified. Possible values: * **0..F** The device applies the profile only to data packet that contains the specified task code data. The maximum length is 72 bytes. **Message types** Specifies if the message is of the type command or response. The prerequisite is that in the *Protocol* field the value *camp* is specified. Possible values: * 00-FF **Address Classes** Specifies the particular type of the memory to be accessed on the equipment. Prerequisites: * In the *Protocol* field, the value *camp* is specified. * In the *Message type* field, a hexadecimal value in the range 00..03 or the hexadecimal value FF is specified. Possible values: * **any** (default setting) The device applies the profile to every data packet without evaluating the address class. * **0000..FFFF** The device applies the profile only to data packets that contain the specified address class. **Device class** Specifies the type of device class (vendor specific device) to be accessed. Prerequisites: * In the *Protocol* field, the value *camp* is specified. * In the *Message type* field, a hexadecimal value in the range 00..03 or the hexadecimal value FF is specified. Possible values: * **any** (default setting) The device applies the profile to every data packet without evaluating the device class. * **0000..FFFF** The device applies the profile only to data packets that contain the specified device class. **Memory address** Specifies the starting address of the memory to be read or written. Prerequisites: * In the *Protocol* field, the value *camp* is specified. * In the *Message type* field, a hexadecimal value in the range 00..01 or 04..09 or the hexadecimal value FF is specified. Possible values: * **any** (default setting) The device applies the profile to every data packet without evaluating the memory address. * **0000..FFFF** The device applies the profile only to data packets that contain the specified memory address. **Data word** Specifies the starting address that the equipment uses to read data from the packet. Prerequisites: * In the *Protocol* field, the value *camp* is specified. * In the *Message type* field, a hexadecimal value in the range 00..01 or 08..09 or the hexadecimal value FF is specified. Possible values: * **any** (default setting) The device applies the profile to every data packet without evaluating the data word. * **0000..FFFF** The device applies the profile only to data packets that contain the specified data word. **Sanity check** Activates/deactivates the plausibility check for the data packets. Possible values: * **enabled** (default setting) The plausibility check is active. The device checks the plausibility of the data packets regarding format and specification. The device blocks the data packets that violate the specified profiles. * **disabled** The plausibility check is inactive. **TCP Reset** Activates/deactivates the resetting of the TCP connection in case of a protocol violation or if the plausibility check detects an error. Possible values: * **enabled** (default setting) The resetting of the TCP connection is active. If the device identifies a protocol violation or detects a plausibility check error, then the device terminates the TCP connection. The device establishes the TCP connection again on receiving a new connection request. * **disabled** The resetting of the TCP connection is inactive. **Debug** Activates/deactivates the debugging of the profiles. Possible values: * **enabled** Debugging is active. The device sends the reset packet along with the information related to the termination of TCP connection. The prerequisite is that in the TCP reset field the checkbox is marked. * **disabled** (default setting) Debugging is inactive. Task Codes ********************** .. image:: img/Enforcer-AMP-TaskCodes.png :width: 100% :align: center :alt: AMP Task Codes **Enabled** Wheter the AMP enforcer is active or not. Possible values: * **Enabled** * **Disabled** (default setting) **Description** Description of the AMP enforcer. Possible values: * **Character string** with 0..250 characters **Task code** Possible values: * 01-9A **Mode** Specifies the mode applicable for the Task code. Possible values: * **config** Specifies commands associated with the modification of the controller settings, the application program or the operational mode. * **non-config** Specifies read/write commands, excluding the commands associated with modification of the controller settings, application program or operational mode. AMP Global Settings ********************** .. image:: img/Enforcer-AMP-GlobalSettings.png :width: 100% :align: center :alt: AMP Global Settings **Protect mode** Activates/deactivates the inspection of the data packets that contain the Task codes with the value config in the Mode field. Possible values: * **enabled** (default setting) The inspection is active. The device forwards only the data packets that match the parameters specified in the profiles. The device discards data packets that contain the value config in the Mode field for the Task codes specified in the profiles. * **disabled** The device forwards the data packets that match the parameters specified in the profiles, including the data packets that contain Task codes with the value config in the Mode field. Task Code ******************** .. list-table:: :widths: 5 65 :header-rows: 1 * - # - Meaning * - 01 - Read Word Memory Random * - 02 - Write Word Memory Area Random * - 30 - Read Operational Status * - 32 - Program to Run Mode * - 33 - Go to Program Mode * - 34 - Execute Power-up * - 35 - Execute Complete (Warm) Start * - 36 - Execute Partial (Hot) Start * - 50 - Read User Word Area Block * - 51 - Write User Word Area Starting at Address * - 58 - Set Controller Time of Day Clock * - 59 - Write Discrete I/O Status or Force via Data Element Type * - 5A - Write Block * - 6B - Read Discrete I/O Status or Force via Data Element Type * - 71 - Read Controller Time of Day Clock * - 7D - Read SF/Loop Processor Mode * - 7E - Read Random * - 7F - Read Block * - 88 - Select Number of SF Module Task Codes Per Scan * - 89 - Read Number of SF Module Task Codes Per Scan * - 99 - Write VME Memory Area Block/Random * - 9A - Read VME Memory Area Block/Random AMP Message types ****************** .. list-table:: :widths: 5 25 :header-rows: 1 * - # - Meaning * - 00 - Module General Query Command * - 01 - Module General Response Command * - 02 - Packet T/C Command * - 03 - Packed T/C Response * - 04 - Read data Command * - 05 - Read data Response * - 06 - Write data Command * - 07 - Write data Response * - 08 - Mem Exch Command * - 09 - Mem Exch Response * - FF - Protocol Error