For the industrial network security and virus protection, A special industrial Ethernet security monitor with industrial network layer firewall and depth detection on Modbus TCP is designded for protecting industrial control network. According to the configuration of safety strategy, the monitor can detect unauthorized access, network status and abnormal message, and the critical data of Modbus by using the boundary method, a security monitoring strategy based on process relation is proposed and implemented. Display alarm information and give Suggestions for processing. After testing, the results show that the tools has no influence on the normal industrial control network, the key device can be protected from multiple levels, such as network layer, data flow, key equipment data and process relations.and can effectively detect the exception of industrial control network based on the configuration strategy.