Modbus ============== Modbus is a communications protocol designed by Modicon Incorporated for use with its PLCs. The profiles specify function codes and register or coil addresses. The function code in the protocol Modbus TCP specifies the purpose of the data transfer. The device blocks the data packets that violate the specified profiles. If an error is detected, then the device terminates the data connection upon user request. The predefined function code lists and the function code generator support you when specifying the function codes. When the Modbus Enforcer profile is active (enabled checkbox is marked), the device applies the profiles to the data stream. * The device permits data packets containing only the function codes specified in the Function code field. * The device rejects the data packets containing any other function codes that are not specified in the Function code field. You can find the Modbus protocol at **Firewall → Enforcer → Modbus**. .. image:: img/Enforcer-Modbus.png :width: 100% :align: center :alt: Modbus Modbus Settings ********************** **Enabled** Wheter the Modbus enforcer is active or not. Possible values: * **Enabled** * **Disabled** (default setting) **Name** Name of the Modbus enforcer. Possible values: * **Character string** with 0..100 characters **Description** Description of the Modbus enforcer. Possible values: * **Character string** with 0..250 characters **Unit identifier** Specifies the Modbus TCP identification unit for the Modbus Enforcer profile. Possible values: * **** (default setting) The device permits data packets without an identification unit. * **0..255** The device permits data packets with the specified identification unit. The field lets you specify the following options: * A single Modbus TCP identification unit with a single numerical value, for example 1. * Multiple Modbus TCP identification units with numerical values separated by a comma, for example 1,2,3. **TCP Reset** Activates/deactivates the resetting of the TCP connection in case of a protocol violation or if the plausibility check detects an error. Possible values: * **enabled** (default setting) The resetting of the TCP connection is active. If the device identifies a protocol violation or detects a plausibility check error, then the device terminates the TCP connection. The device establishes the TCP connection again on receiving a new request. * **disabled** The resetting of the TCP connection is inactive. **Sanity Check** Activates/deactivates the plausibility check for the data packets. Possible values: * **enabled** (default setting) The plausibility check is active. The device checks the plausibility of the data packets regarding format and specification. The device blocks the data packets that violate the specified profiles. * **disabled** The plausibility check is inactive. **Exception** Activates/deactivates the sending of an exception response in case of a protocol violation or if the plausibility check identifies errors. Possible values: * **enabled*** (default setting) The sending of an exception response is active. If the device identifies a protocol violation or a plausibility check error, then the device sends an exception response to the end points and terminates the Modbus TCP connection. * **disabled** The sending of an exception response is inactive. The Modbus TCP connection remains established. **Preset** Preset of Modbus rules. Possible values: * **Read Only** (default setting) Assigns the function codes for the read function of the Modbus TCP protocol. 1,2,3,4,7,11,12,17,20,24 * **Read Write** Assigns the function codes for the read/write functions of the Modbus TCP protocol. 1,2,3,4,5,6,7,11,12,15,16,17,20,21,22,23,24 * **Programming** Assigns the function codes for the programming functions of the Modbus TCP protocol. 1,2,3,4,5,6,7,11,12,15,16,17,20,21,22,23,24,40,42,90,125,126 * **All** Assigns the function codes for every function of the Modbus TCP protocol. 1,2,..,254,255 * **Custom** Lets you specify user-defined values in the Function code field. Modbus Rules ********************** .. image:: img/Enforcer-Modbus-Rules.png :width: 100% :align: center :alt: Modbus Rules **Name** Name of the Modbus rule. Possible values: * **Character string** with 0..100 characters **Description** Description of the Modbus rule. Possible values: * **Character string** with 0..250 characters **Description** Description of the Modbus rule. Possible values: * **Character string** with 0..250 characters **Function code** Possible values: * **0..255** **Read Address Start** Default is 0. Possible values: * **0..65535** (2¹?-1) **Read Address Length** Default is 1. Possible values: * **0..65535** (2¹?-1) **Write Address Start** Default is 0. Possible values: * **0..65535** (2¹?-1) **Write Address Length** Default is 1. Possible values: * **0..65535** (2¹?-1) Modbus Function Codes ********************** .. list-table:: :widths: 2 58 20 20 :header-rows: 1 * - # - Meaning - Address range (read) - Address range (write) * - 1 - Read Coils - <0..65535> - \- * - 2 - Read Discrete Inputs - <0..65535> - \- * - 3 - Read Holding Registers - <0..65535> - \- * - 4 - Read Input Registers - <0..65535> - \- * - 5 - Write Single Coil - \- - <0..65535> * - 6 - Write Single Register - \- - <0..65535> * - 7 - Read Exception Status - \- - \- * - 8 - Diagnostic - \- - \- * - 11 - Get Comm Event Counter - \- - \- * - 12 - Get Comm Event Log - \- - \- * - 13 - Program (584/984) - \- - \- * - 14 - Poll (584/984) - \- - \- * - 15 - Write Multiple Coils - \- - <0..65535> * - 16 - Write Multiple Registers - \- - <0..65535> * - 17 - Report Slave ID - \- - \- * - 20 - Read File Record - \- - \- * - 21 - Write File Record - \- - \- * - 22 - Mask Write Register - \- - <0..65535> * - 23 - Read/Write Multiple Registers - <0..65535> - <0..65535> * - 24 - Read FIFO Queue - <0..65535> - \- * - 40 - Program (Concept) - \- - \- * - 42 - Concept Symbol Table - \- - \- * - 43 - Encapsulated Interface Transport - \- - \- * - 48 - Advantech Co. Ltd. - Management Functions - \- - \- * - 66 - Scan Data Inc. - Expanded Read Holding Registers - \- - \- * - 67 - Scan Data Inc. - Expanded Write Holding Registers - \- - \- * - 90 - Unity Programming/OFS - \- - \- * - 100 - Scattered Register Read - \- - \- * - 125 - Schneider Electric - Firmware - \- - \-