Use case | Secure your Modbus gateway service

Do you want to secure Modbus messaging across an internet connection to safeguard the information being communicated between Digi devices over your network?
You can by implementing security measures, such as access control, encryption, network segmentation, monitoring and logging, and firmware upgrades to ensure the integrity and confidentiality of Modbus communications between Digi devices on your network.

1. Determine the devices on your network that need to communicate with each other via the Modbus Gateway service.

2. Isolate Modbus traffic using VLANS or separate network interfaces.

3. Implement strong authentication.

4. Define access policies.

   Update the Services > Modbus Gateway > Gateway servers > Access control list settings to only allow access to the Modbus service on the specific network interfaces, firewall zones, and source IP addresses that you expect the Modbus queries to come from. See Configure the Modbus gateway for more information.

5. Create a VPN tunnel, such as IPsec or Wireguard, to protect data in transit between your devices.

6. Configure firewalls to monitor and control incoming and outgoing traffic.

By implementing these advanced security protocols and ensuring reliable data transmission, this service effectively addresses the challenges of data integrity and privacy on your network.