Configuring the S7Commplus Preprocessor

Note	This section applies to Snort 2 preprocessors. For information on Snort 3 inspectors, see https://www.cisco.com/go/snort3-inspectors.

The S7Commplus preprocessor is supported on all threat defense devices.

Procedure

Step 1

Choose Policies > Access Control heading > Access Control, then click Network Analysis Policy or Policies > Access Control heading > Intrusion, then click Network Analysis Policies.

Note	If your custom user role limits access to the first path listed here, use the second path to access the policy.

Step 2

Click Snort 2 Version next to the policy you want to edit.

Step 3

Click Edit ( edit icon ) next to the policy you want to edit.

If View ( View button ) appears instead, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration.

Step 4

Click Settings in the navigation panel.

Step 5

If S7Commplus Configuration under SCADA Preprocessors is disabled, click Enabled.

Step 6

Optionally, click Edit ( edit icon ) next to S7Commplus Configuration and modify s7commplus_ports to identify ports that the preprocessor inspects for S7Commplus traffic. Separate multiple ports with commas.

Step 7

To save changes you made in this policy since the last policy commit, click Policy Information, then click Commit Changes.

If you leave the policy without committing changes, cached changes since the last commit are discarded if you edit a different policy.

What to do next

If you want to generate intrusion events, enable S7Commplus preprocessor rules (GID 149). For more information, see Setting Intrusion Rule States
Deploy configuration changes.