EasyManua.ls Logo

Rohde & Schwarz GP-E - Page 206

Rohde & Schwarz GP-E
233 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Application Examples
R&S
®
GP-E/GP-S
206User Manual v16.2.1 ─ 01
a) Start to configure a firewall rule as described under Chapter 3.3, "Firewall Rule
Settings", on page 22.
Note: Under "Policy" , you can either Allow (in the case of whitelisting) or
Reject (in the case of blacklisting) the IEC 104 protocol. In the case of TCP
connections, it is not recommended to silently Drop the traffic.
b)
Click " Add Decoder" on the "Custom Decoders" tab.
c) From the "Protocol" drop-down list, select iec104.
d) From the "Option" drop-down list, select the portion of the packet that you want
to be searched.
Table 4-7: Custom decoders options.
"Option" settings Description
asduMessageDirection
Enter either 0 for messages flowing in the
direction of the TCP connection establishment
or 1 for messages flowing in the other direction.
Usually the control center initiates the TCP con-
nection.
asduMessageType
Enter the type identification number for process
and system information in monitor and control
direction. The value can be any integer from 1
to 255. For example, type ID 11 stands for
Measured value, scaled value in moni-
tor direction and Clock synchronization
command in control direction is defined by type
ID 103. For more information, see the Interna-
tional Standard IEC 60970-5-104.
asduTransmissionCause
The value to be entered depends on the
asduMessageType.
asduTransmissionCauseNegative
Enter either 0 for False or 1 for True.
asduTransmissionCauseTest
Enter either 0 for False or 1 for True.
asduOriginatorAddress
Enter the originator address which forwards
mirrored and interrogated ASDUs in monitor
direction to the source that triggered the proce-
dure (for redundant control systems). The value
can be any integer from 0 to 255.
asduAddress
Enter the common ASDU address. The value
can be any integer from 0 to 65535.
e) Select the "Type" of content to search for (text string, number, hash value or
regular expression) from the drop-down list.
f) By selecting the "Invert" checkbox, the rule matches traffic if the specified
"Option" is not matched (equivalent to a Boolean NOT operator).
g) Depending on the "Type" selected, enter the text, number, term or search key-
word that the analysis in the first step disclosed in the "Expression" field.
h) Click "OK" to add the decoder to the list of available custom decoders for this
firewall rule.
i) Finish configuring the firewall rule.
Decoder Examples

Table of Contents