A number of rules apply when you limit access to certain address ranges.
Maximum address ranges for inputs (the range differs depending on the PLC type):
If Modbus/TCP gateway is enabled, you can map the memory area to a Modbus data type.
The start address must be less than or equal to the end address.
Reading registers across different memory areas is not allowed.
Example: DT0 to DT4999 and DT5000 to DT10000 are defined as memory areas with read permission. In this case, a read request for registers DT4990 to DT5010, for example, is not allowed. If you are using a SCADA system that combines read requests for better performance, consider increasing the address range that can be accessed.
Make sure address ranges in the same memory area do not overlap.
Example: You may not specify DT0 to DT4999 and DT2500 to DT10000 at the same time. Exception: You specify DT0 to DT4999 and LD2500 to LD10000 (both read access), or you specify DT0 to 32565 (read access) and DT2000 to DT5000 (read/write access). This kind of overlapping may be useful, for example, if you want to allocate different ranges for read (bigger range) and write access (smaller range) as in the example.
The behavior differs, depending on the setting for Allow FPWIN Pro.
When Allow FPWIN Pro is disabled: If one or more restrictions have been defined, memory areas outside the specified ranges cannot be accessed.
Example: If DT0 to DT 5000 is defined as Read and DT5001 to DT10000 as Read/write, all DT registers greater than 10000 cannot be accessed.
When Allow FPWIN Pro is enabled: You must explicitly block the memory areas you want to protect.
Example: If DT0 to DT5000 is defined as Read and DT5000 to DT10000 as Read/write, you must add a third restriction from DT100001 to DT99999 if you want to block all other addresses. DT99999 can always be used to specify the highest address of a PLC.