Complete the code to define a VLAN for the OT network segment.
vlan [1] { name "OT_Network" }
The OT network VLAN is commonly assigned VLAN ID 20 to separate it from IT networks.
Complete the firewall rule to allow only Modbus TCP traffic from IT to OT segment.
firewall rule allow_modbus {
source vlan IT
destination vlan OT
protocol [1]
port 502
}Modbus TCP uses TCP protocol on port 502, so the protocol must be set to tcp.
Fix the error in the ACL to block all traffic except SSH from IT to OT.
acl it_to_ot {
permit [1] any any eq 22
deny ip any any
}SSH uses TCP protocol on port 22, so the permit rule must specify tcp.
Fill both blanks to create a subnet for the OT network and set the correct mask.
subnet [1] [2] { description "OT subnet" }
The OT subnet uses 192.168.50.0 with a mask of 255.255.255.0 for a typical /24 network.
Fill all three blanks to define a firewall rule allowing HTTPS from IT to OT with logging enabled.
firewall rule allow_https {
source vlan [1]
destination vlan [2]
protocol [3]
port 443
log enable
}HTTPS traffic is TCP on port 443 from IT VLAN to OT VLAN, so source is IT, destination OT, protocol tcp.