12.4. ENIP¶
The Ethernet Industrial Protocol (ENIP) is part of the Common Industrial Protocol (CIP). The Common Industrial Protocol (CIP) defines the object structure and specifies the message transfer. The ENIP Enforcer function applies the Deep Packet Inspection (DPI) function to the ENIP and CIP data stream. The Ethernet Industrial Protocol (ENIP) is used to monitor and control industrial automation equipment such as PLCs (Programmable Logic Controllers), sensors, and meters.
The device uses the ENIP Enforcer function to perform the DPI function on the data stream. The device performs the DPI function based on the values defined in the specified profiles. The device blocks the data packets that violate the specified profiles.
Note
The ENIP Enforcer function performs the DPI function only on packets that contain an explicit request, and drops packets that contain an implicit request. An explicit request contains CIP message over TCP. An implicit request contains CIP message over UDP.
When the ENIP Enforcer profile is active, the device applies the profile to the data stream.
The device permits only data packets containing the values specified in the following fields:
Function type
Sanity check
Default object list
Wildcard service codes
Allow embedded PCCC (Programmable Controller Communication Commands)
The menu contains the following dialogs:
ENIP Profile
ENIP Object
You can find the ENIP enforcer at Firewall → Enforcer → ENIP.
12.4.1. ENIP Settings¶
- Enabled
Wheter the ENIP enforcer is active or not.
Possible values:
Enabled
Disabled (default setting)
- Name
Name of the ENIP enforcer.
Possible values:
Character string with 0..100 characters
- Description
Description of the ENIP enforcer.
Possible values:
Character string with 0..250 characters
- Sanity Check
Activates/deactivates the plausibility check for the data packets.
Possible values:
enabled (default setting)
The plausibility check is active.
The device checks the plausibility of the data packets regarding format and specification.
The device blocks the data packets that violate the specified profiles.
disabled
The plausibility check is inactive.
- TCP Reset
Activates/deactivates the resetting of the TCP connection in case of a protocol violation or if the plausibility check detects an error.
Possible values:
enabled (default setting)
The resetting of the TCP connection is active.
If the device identifies a protocol violation or detects a plausibility check error, then the device terminates the TCP connection. The device establishes the TCP connection again on receiving a new connection request.
disabled
The resetting of the TCP connection is inactive.
- Debug
Activates/deactivates the debugging of the profiles.
Possible values:
enabled
Debugging is active.
The device sends the reset packet along with the information related to the termination of TCP connection. The prerequisite is that in the TCP reset field the checkbox is marked.
disabled (default setting)
Debugging is inactive.
- Allow embedded PCCC
Activates/deactivates DPI for PCCC messages encapsulated in data packets. PCCC messages are embedded within the Ethernet Industrial Protocol (ENIP). Activating this setting is useful when securing network traffic to and from PLC-5 and MicroLogix controllers.
Possible values:
enabled
DPI for PCCC messages is active.
disabled (default setting)
DPI for PCCC messages is inactive.
- Preset
Preset of class IDs and service codes
Possible values:
Read Only
Assigns the class IDs for the read function.
Read Write
Assigns the class IDs for the read/write functions.
Any (default setting)
Assigns the class IDs for every function.
The device does not permit any subsequent changes in the Advanced Class IDs list.
Advanced
Lets you specify user-defined class IDs.
12.4.2. ENIP Class IDs for different function types¶
Class ID |
Service codes |
|---|---|
0x01 = Identity |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x11 = Find Next Object Instance
0x18 = Get Member
|
0x02 = Message Router |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x54
|
0x04 = Assembly |
0x0E = Get Attribute Single
0x18 = Get Member
|
0x05 = Connection |
0x08 = Create
0x0E = Get Attribute Single
0x11 = Find Next Object Instance
0x4C
|
0x06 = Off-Link Connection Manager |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x4C
0x4E
0x52
0x54
0x56
0x57
0x59
0x5A
0x5B
|
0x07 = Register |
0x0E = Get Attribute Single
|
0x08 = Discrete Input Point |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x09 = Discrete Output Point |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x0A = Analog Input Point |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x0B = Analog Output Point |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x0E = Presence Sensing |
0x0E = Get Attribute Single
|
0x0F = Parameter |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x18 = Get Member
0x4B
|
0x10 = Parameter Group |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x12 = Group |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x1D = Discrete Input Group |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x1E = Discrete Output Group |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x1F = Discrete Group |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x20 = Analog Input Group |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x21 = Analog Output Group |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x22 = Analog Group |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x23 = Position Sensor Object |
0x0E = Get Attribute Single
0x18 = Get Member
|
0x24 = Position Controller Supervisor Object |
0x0E = Get Attribute Single
|
0x25 = Position Controller Object |
0x0E = Get Attribute Single
|
0x26 = Block Sequencer Object |
0x0E = Get Attribute Single
|
0x27 = Command Block Object |
0x0E = Get Attribute Single
|
0x28 = Motor Data Object |
0x0E = Get Attribute Single
|
0x29 = Control Supervisor Object |
0x0E = Get Attribute Single
|
0x2A = AC/DC Drive Object |
0x0E = Get Attribute Single
|
0x2B = Acknowledge Handler Object |
0x0E = Get Attribute Single
|
0x2C = Overload Object |
0x0E = Get Attribute Single
|
0x2D = Softstart Object |
0x0E = Get Attribute Single
|
0x2E = Selection Object |
0x0E = Get Attribute Single
0x18 = Get Member
|
0x30 = S-Device Supervisor Object |
0x0E = Get Attribute Single
|
0x31 = S-Analog Sensor Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x32 = S-Analog Actuator Object |
0x0E = Get Attribute Single
|
0x33 = S-Single Stage Controller Object |
0x0E = Get Attribute Single
|
0x34 = S-Gas Calibration Object |
0x0E = Get Attribute Single
0x4B
|
0x35 = Trip Point Object |
0x0E = Get Attribute Single
|
0x37 = File Object |
0x0E = Get Attribute Single
0x18 = Get Member
0x4B
0x4D
0x4F
|
0x38 = S-Partial Pressure Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x4C
0x4D
0x4E
|
0x40 = S-Sensor Calibration Object |
0x0E = Get Attribute Single
0x4B
|
0x41 = Event Log Object |
0x0E = Get Attribute Single
0x18 = Get Member
|
0x42 = Motion Device Axis Object |
0x03 = Get Attribute List
0x0E = Get Attribute Single
0x4B
0x50
0x52
0x54
|
0x43 = Time Sync Object |
0x01 = Get Attributes All
0x03 = Get Attribute List
0x0E = Get Attribute Single
|
0x44 = Modbus Object |
0x0E = Get Attribute Single
0x4B
0x4C
0x4D
0x4E
|
0x45 = Originator Connection List Object |
0x4C
|
0x46 = Modbus Serial Link Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x47 = Device Level Ring (DLR) Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x18 = Get Member
|
0x48 = QoS Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x4D = Target Connection List Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x4E = Base Energy Object |
0x01 = Get Attributes All
0x03 = Get Attribute List
0x0E = Get Attribute Single
0x18 = Get Member
|
0x4F = Electrical Energy Object |
0x01 = Get Attributes All
0x03 = Get Attribute List
0x0E = Get Attribute Single
|
0x50 = Non-Electrical Energy Object |
0x01 = Get Attributes All
0x03 = Get Attribute List
0x0E = Get Attribute Single
|
0x51 = Base Switch Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x52 = SNMP Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x53 = Power Management Object |
0x01 = Get Attributes All
0x03 = Get Attribute List
0x0E = Get Attribute Single
0x18 = Get Member
|
0x54 = RSTP Bridge Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x55 = RSTP Port Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x91 = ANSI Extended Symbol Segment |
0x03 = Get Attribute List
0x55
|
0x6C |
0x01 = Get Attributes All
|
0xAC |
0x01 = Get Attributes All
0x4C
|
0xB2 |
0x08 = Create
0x4E
0x4F
|
0xF3 = Connection Configuration Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x4C
0x4D
0x4E
0x50
|
0xF4 = Port Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0xF5 = TCP/IP Interface Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0xF6 = EtherNet Link Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x300 = Module Diagnostics |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x301 = InputIOCnx |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x302 = Local Slaves |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x400 = Service Port Control Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x401 = Dynamic IO Control Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x402 = Router Diagnostics Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x403 = Router Routing Table Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x404 = SMTP |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x405 = SNTP |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x406 = HSBY |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
Class ID |
Service codes |
|---|---|
0x01 = Identity |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x11 = Find Next Object Instance
0x18 = Get Member
|
0x02 = Message Router |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x4B
0x54
|
0x04 = Assembly |
0x08 = Create
0x09 = Delete
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x18 = Get Member
0x19 = Set Member
0x1A = Insert Member
0x1B = Remove Member
0x4B
0x4C
|
0x05 = Connection |
0x05 = Reset
|
0x06 = Off-Link Connection Manager |
0x01 = Get Attributes All
0x02 = Set Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x4C
0x4E
0x52
0x54
0x56
0x57
0x59
0x5A
0x5B
|
0x07 = Register |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x08 = Discrete Input Point |
0x01 = Get Attributes All
0x02 = Set Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x09 = Discrete Output Point |
0x01 = Get Attributes All
0x02 = Set Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x0A = Analog Input Point |
0x01 = Get Attributes All
0x02 = Set Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x0B = Analog Output Point |
0x01 = Get Attributes All
0x02 = Set Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x0E = Presence Sensing |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x0F = Parameter |
0x01 = Get Attributes All
0x05 = Reset
0x0D = Apply Attributes
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x15 = Restore
0x16 = Save
0x18 = Get Member
0x4B
|
0x10 = Parameter Group |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x12 = Group |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x1D = Discrete Input Group |
0x01 = Get Attributes All
0x02 = Set Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x1E = Discrete Output Group |
0x01 = Get Attributes All
0x02 = Set Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x1F = Discrete Group |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x20 = Analog Input Group |
0x01 = Get Attributes All
0x02 = Set Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x21 = Analog Output Group |
0x01 = Get Attributes All
0x02 = Set Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x22 = Analog Group |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x23 = Position Sensor Object |
0x05 = Reset
0x0D = Apply Attributes
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x15 = Restore
0x16 = Save
0x18 = Get Member
0x19 = Set Member
|
0x24 = Position Controller Supervisor Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x25 = Position Controller Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x26 = Block Sequencer Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x27 = Command Block Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x28 = Motor Data Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x15 = Restore
0x16 = Save
|
0x29 = Control Supervisor Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x05 = Reset
|
0x2A = AC/DC Drive Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x15 = Restore
0x16 = Save
|
0x2B = Acknowledge Handler Object |
0x08 = Create
0x09 = Delete
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x4B
0x4C
|
0x2C = Overload Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x15 = Restore
0x16 = Save
|
0x2D = Softstart Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x15 = Restore
0x16 = Save
|
0x2E = Selection Object |
0x05 = Reset
0x06 = Start
0x07 = Stop
0x08 = Create
0x09 = Delete
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x18 = Get Member
0x19 = Set Member
0x1A = Insert Member
0x1B = Remove Member
|
0x30 = S-Device Supervisor Object |
0x05 = Reset
0x06 = Start
0x07 = Stop
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x4B
0x4C
0x4E
|
0x31 = S-Analog Sensor Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x4B
0x4C
|
0x32 = S-Analog Actuator Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x33 = S-Single Stage Controller Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x63
|
0x34 = S-Gas Calibration Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x4B
|
0x35 = Trip Point Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x37 = File Object |
0x06 = Start
0x07 = Stop
0x08 = Create
0x09 = Delete
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x15 = Restore
0x16 = Save
0x18 = Get Member
0x4B
0x4C
0x4D
0x4E
0x4F
0x50
0x51
|
0x38 = S-Partial Pressure Object |
0x01 = Get Attributes All
0x08 = Create
0x09 = Delete
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x4B
0x4C
0x4D
0x4E
0x4F
|
0x40 = S-Sensor Calibration Object |
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x4B
|
0x41 = Event Log Object |
0x05 = Reset
0x06 = Start
0x07 = Stop
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x18 = Get Member
0x19 = Set Member
0x1A = Insert Member
0x1B = Remove Member
|
0x42 = Motion Device Axis Object |
0x03 = Get Attribute List
0x04 = Set Attribute List
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x1C = Group Sync
0x4B
0x4C
0x4D
0x4E
0x4F
0x50
0x51
0x52
0x53
0x54
|
0x43 = Time Sync Object |
0x01 = Get Attributes All
0x03 = Get Attribute List
0x04 = Set Attribute List
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x44 = Modbus Object |
0x0E = Get Attribute Single
0x4B
0x4C
0x4D
0x4E
0x4F
0x50
0x51
|
0x45 = Originator Connection List Object |
0x08 = Create
0x09 = Delete
0x4C
|
0x46 = Modbus Serial Link Object |
0x01 = Get Attributes All
0x05 = Reset
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x4B
|
0x47 = Device Level Ring (DLR) Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x18 = Get Member
0x4B
0x4C
0x4D
0x4E
|
0x48 = QoS Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x4D = Target Connection List Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x4C
|
0x4E = Base Energy Object |
0x01 = Get Attributes All
0x03 = Get Attribute List
0x04 = Set Attribute List
0x05 = Reset
0x08 = Create
0x09 = Delete
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x18 = Get Member
0x19 = Set Member
0x1A = Insert Member
0x1B = Remove Member
0x4B
0x4C
|
0x4F = Electrical Energy Object |
0x01 = Get Attributes All
0x03 = Get Attribute List
0x0E = Get Attribute Single
|
0x50 = Non-Electrical Energy Object |
0x01 = Get Attributes All
0x03 = Get Attribute List
0x0E = Get Attribute Single
|
0x51 = Base Switch Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x52 = SNMP Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x53 = Power Management Object |
0x01 = Get Attributes All
0x03 = Get Attribute List
0x04 = Set Attribute List
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x18 = Get Member
0x19 = Set Member
0x4D
0x4E
0x4F
|
0x54 = RSTP Bridge Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x55 = RSTP Port Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0x91 = ANSI Extended Symbol Segment |
0x03 = Get Attribute List
0x55
|
0x6B |
0x55
|
0x6C |
0x01 = Get Attributes All
|
0xAC |
0x01 = Get Attributes All
0x4C
|
0xB2 |
0x08 = Create
0x4E
0x4F
|
0xF3 = Connection Configuration Object |
0x01 = Get Attributes All
0x02 = Set Attributes All
0x08 = Create
0x09 = Delete
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x15 = Restore
0x4B
0x4C
0x4D
0x4E
0x4F
0x50
0x51
0x52
|
0xF4 = Port Object |
0x01 = Get Attributes All
0x05 = Reset
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0xF5 = TCP/IP Interface Object |
0x01 = Get Attributes All
0x02 = Set Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
|
0xF6 = EtherNet Link Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x10 = Set Attribute Single
0x4C
|
0x300 = Module Diagnostics |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x301 = InputIOCnx |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x302 = Local Slaves |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x400 = Service Port Control Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x401 = Dynamic IO Control Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x402 = Router Diagnostics Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x403 = Router Routing Table Object |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|
0x404 = SMTP |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x32
|
0x405 = SNTP |
0x01 = Get Attributes All
0x0E = Get Attribute Single
0x32
|
0x406 = HSBY |
0x01 = Get Attributes All
0x0E = Get Attribute Single
|