We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure Application Rules Matching SCADA Protocols

  • Last updated on

System Control and Data Acquisition (SCADA) is a wide family of protocols used in industrial processes. The CloudGen Firewall handles the most common ones. To allow the SCADA protocol to access a destination, a protocol object is required. SCADA protocols are handled via protocol objects in application rules. The following SCADA protocols are supported:  

  • S7
  • IEC 60870-5-104
  • IEC 6485
  • MODBUS
  • DNP3

Before You Begin

Verify that you have enabled Application Control and that you are using the latest feature level of the firewall service. For more information, see How to Enable Application Control.

Step 1. Create an Access Rule

Create an access rule to allow traffic from the source to the destination network.

  1. Go to FIREWALL > Access Rules.
  2. Click Add Access Rule.
  3. The Add Access Rule window opens.
  4. Select Pass as the action.
  5. Enter a name for the rule. For example, SCADA-DNP3 .
  6. Specify the following settings that must be matched by the traffic to be handled by the access rule:
    • Source – The source addresses of the traffic.
    • Destination – The destination addresses of the traffic.
    • Service – Select a service object, or select Any for this rule to match for all services.
    • Connection Method – Select Original Source IP .
      scada_rule.png
  7. Click Save.
  8. Drag and drop the access rule so that it is the first rule that matches the traffic that you want it to forward. Ensure that the rule is located above the BLOCKALL rule; rules located below the BLOCKALL rule are never executed.
    scada_access_rule_added.png

Step 2. Create an Application Rule

  1. Go to FIREWALL > Application Rule.
  2. Click Add Application Rule.
  3. Select Pass as the action.
  4. Enter a name for the rule. For example, SCADA-DNP3 .
    scada_access_pg1.png
  5. Click Advanced.
  6. Specify the following settings:
    • Source Networks – The source addresses of the traffic, e.g., Local Networks.
    • Protocols – One of the above-mentioned SCADA-protocols, e.g., DNP3.
      scada_access_pg2.png
  7. Click Save.
  8. Drag and drop the access rule so that it is the first rule that matches the traffic that you want it to forward. Ensure that the rule is located above the BLOCKALL rule; rules located below the BLOCKALL rule are never executed.
    scada_app_rule_added.png
Last updated on