Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pjang
Staff & Editor
Staff & Editor

Created on ‎09-04-2025 10:05 PM

Article Id 409320

Technical Tip: FortiGuard Application Control Signatures for Schneider UMAS ICS protocol (aka Modbus Unity)

Description

 

This article provides a series of Application Control signatures that have been created for scanning and identifying Schneider Electric's Modbus-based Unified Messaging Application Services (UMAS) protocol for Industrial Control Systems (ICS)/SCADA. Additionally, there is a comparison table showing the list of FortiGuard's signatures and the equivalent signatures of other vendors.

 

Scope

 

FortiGate, Application Control, Modbus protocol.

 

Solution

 

Schneider Electric uses a proprietary protocol named UMAS for configuring/monitoring their programmable logic controllers (PLCs) via TCP/502. To identify this traffic protocol, the FortiGuard team has implemented Application Control signatures under the 'Modbus. Unity' family of Industrial Application Control signatures (which requires the FortiGuard Operational Technology (OT) Security Service license).

 

The following is a list of the currently available Modbus.Unity/UMAS Application Control signatures via FortiGuard, along with some known equivalent signatures from other vendors, where available. For more information regarding the individual signatures, refer to the FortiGuard Labs website regarding Application Signatures: FortiGuard Labs - Modbus.Unity 

 

FortiGuard Modbus.Unity/UMAS Signatures Palo Alto UMAS Signatures (based on this whitepaper)
Modbus modbus-base
Modbus.Unity umas-base
Modbus.Unity_Check.PLC  
Modbus.Unity_Download.Block umas-download-block
ModBus.Unity_End.Strategy.Download  
ModBus.Unity_End.Strategy.Upload  
ModBus.Unity_Get.Status.Module  
Modbus.Unity_Init.Comm umas-init-comm
Modbus.Unity_Initialize.Download umas-initialize-download
Modbus.Unity_Initialize.Upload umas-initialize-upload
ModBus.Unity_Keep.Alive  
Modbus.Unity_Monitor.PLC.Read umas-monitor-bits-read/umas-monitor-words-read
Modbus.Unity_Monitor.PLC.Write umas-monitor-bits-write/umas-monitor-words-write
ModBus.Unity_Read.Card.Info  
Modbus.Unity_Read.Coils.Registers umas-coils-registers-read
ModBus.Unity_Read.Eth.Master.Data  
Modbus.Unity_Read.ID umas-read-id
Modbus.Unity_Read.IO.Object  
Modbus.Unity_Read.Memory.Block umas-memory-block-read
ModBus.Unity_Read.PLC.Info  
ModBus.Unity_Read.Project.Info  
Modbus.Unity_Read.Variables umas-variables-read
Modbus.Unity_Release.PLC.Reservation umas-plc-reservation-release
Modbus.Unity_Repeat umas-repeat-request
Modbus.Unity_SD.Backup.Make umas-sd-backup-make
Modbus.Unity_SD.Backup.Restore umas-sd-backup-restore
Modbus.Unity_Start.PLC umas-plc-start
Modbus.Unity_Stop.PLC umas-plc-stop

Modbus.Unity_Take.PLC.Reservation

 umas-plc-reservation-take
Modbus.Unity_Upload.Block umas-upload-block

Modbus.Unity_Write.Coils.Registers

 umas-coils-registers-write
ModBus.Unity_Write.IO.Object umas-io-object-write
ModBus.Unity_Write.Memory.Block umas-memory-block-write
Modbus.Unity_Write.Variables

umas-variables-write
250
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.