Industrial Secure Routers EDR-G902 Series Moxa vietnam
Features and Benefits
- Firewall/NAT/VPN/Router all-in-one
- Secure remote access tunnel with VPN
- Protect critical assets with stateful firewall
- Inspect industrial protocol with PacketGuard technology
- Easy network setup with address translation (NAT)
- Dual WAN redundant interfaces through public networks
- Support for VLANs in different interfaces
- -40 to 75°C operating temperature range (T model)
- ISA99 / IEC 62443 / NERC CIP compliance
Introduction
The EDR-G902 series is a high-performance, industrial VPN server with a firewall/NAT all-in-one secure router. It is designed for Ethernet-based security applications in sensitive remote control or monitoring networks, and it provides an Electronic Security Perimeter for the protection of critical cyber assets such as pumping stations, DCS, PLC systems on oil rigs, and water treatment systems. The EDR-G902 series includes the following cybersecurity features:
- Virtual Private Network (VPN): VPNs are designed to provide users with secure communication links when accessing a private network from the public Internet. They use IPSec (IP Security) server or client mode for encryption and authentication of all IP packets at the network layer to ensure confidentiality and sender authentication.
- Firewall: Controls network traffic between different trust zones. Network Address Translation (NAT), which shields the internal LAN from unauthorized activity from outside hosts, is included.
The EDR-G902’s Quick Automation Profile function supports most common fieldbus protocols, including EtherCAT, EtherNet/IP, FOUNDATION Fieldbus, Modbus/TCP, and PROFINET. Users can easily create a secure Ethernet Fieldbus network from a user-friendly web UI with a single click. In addition, Moxa’s PacketGuard technology (Deep Packet Inspection) helps to filter Modbus TCP commands at OSI layer 7. The wide temperature range models that are available operate reliably in hazardous, -40 to 75°C environments.
Whitepaper The right industrial firewall can strengthen the safety and reliability of control systems |
|
In this paper, we present important considerations for implementing network security and network security risk management. We also include information on how to develop mitigation strategies for specific problems and provide directions on how to choose the right industrial firewall to ensure safety and reliability for industrial networks........more |
---------------------------------------------------------------------------------------------------------------------------------------------------------
White Paper Protecting Industrial Control Systems with Gigabit Cybersecurity |
|
An Industrial Control System (ICS) needs the type of network security that takes into consideration its central role in industrial applications. Problems that arise in ICS operations can result in losses on many different levels, including costs incurred from equipment damage, and even loss of life. Although ICS networks may use some of the same technology and devices as enterprise IT systems, from a hands-on practical point of view, ICS network security differs in three aspects: protecting devices, content for filtering, and operating environment...........more |
---------------------------------------------------------------------------------------------------------------------------------------------------------
FAQ Is Your Network Infrastructure Ready for the IIoT? |
|
The Industrial Internet of Things (IIoT) trend aims to improve efficiency and productivity by connecting different devices together as well as collecting and analyzing large volumes of data to offer accurate information. However, before reaping the benefits of the IIoT, users need to ensure that the correct infrastructure is in place. To make sure your network is ready for the IIoT, check out five of the most frequently mentioned questions........more |
• Technology | |
Standards | IEEE 802.3 for 10BaseT IEEE 802.3u for 100BaseT(X) and 100BaseFX IEEE 802.3ab for 1000BaseT(X) IEEE 802.3z for 1000BaseX |
Protocols | SNMPv1/v2c/v3, DHCP Server/Client, TFTP, NTP/SNTP server and client, HTTP, HTTPS, Telnet, SSH, Syslog, SMTP, LLDP, PPPoE, PPTP, Dynamic DNS, traffic prioritization |
Routing | Static routing, RIP V1/V2, OSPFThroughput: • Max. 25000 packets per second (or 300 Mbps) |
Routing Redundancy | VRRP |
VLAN | 5 VLANs per interfaces (VLAN ID: 1 to 4094) |
Flow Control | IEEE 802.3x flow control, back pressure flow control |
• Security Functions | |
Firewall | Features: • Stateful inspection • Router firewall and transparent (bridge) firewall • Filter: IP and MAC address, ports, ICMP, Ethernet protocols • Deep Packet Inspection: Modbus TCP/UDP • Quick Automation Profiles: EtherCAT, EtherNet/IP, FOUNDAT |
DoS and DDoS Protection | Null Scan, Xmas Scan, NMAP-Xmas Scan, SYN/FIN Scan, FIN Scan, NMAP-ID Scan, SYN/RST Scan, NEW-Without-SYN Scan, ICMP-Death, SYN-Flood, ARP-Flood |
NAT | N-to-1, 1-to-1, bidirectional 1-to-1, and port forwarding |
IPSec VPN | Protocols: • IPSec • L2TP (server) • PPTP (client) Encryption: • DES, 3DES, AES-128, AES-192, AES-256 Authentication: • RSA (key size: 1024-bit, 2048-bit) • X.509 v3 certificate • MD5 and SHA (SHA-256) Throughput: • Max. 60 Mbps (Condition: AES-246, SHA-256) |
OpenVPN | Protocols: • OpenVPN (client and server), UDP and TCP • Tunnel mode (routing) and TAP mode (bridge) Encryption: • Blowfish CBC, DES CBC, DES-EDE3 CBC, AES-128/192/256 CBC Authentication: • User password by MD5 and SHA1 Concurrent VPN Tunnels: • Server mode: max. 5 external clients • Client mode: max. 2 external servers |
Real-Time Firewall / VPN Event Log | • Event Type: Firewall Event, VPN Event, System Security Event • Media: Local storage, Syslog server, and SNMP trap |
• Interface | |
WAN/WAN1 | 1 RJ45/Fiber combo port |
WAN2/DMZ | 1 RJ45/Fiber combo port |
LAN | RJ45 |
RJ45 Ports | 10/100/1000BaseT(X) auto negotiation speed |
Fiber Ports | 100/1000BaseSFP slot |
LED Indicators | PWR1, PWR2, FAULT, 10/100/1000M |
Alarm Contact | One relay output with current-carrying capacity of 1 A @ 24 VDC |
Digital Inputs | 1 input • +13 to +30 V for state “1” • -30 to +3 V for state “0” • Max. input current: 8 mA |
• Power Requirements | |
Input Voltage | 12/24/48 VDC, redundant dual inputs |
Input Current | 0.45 A @ 24 V |
Overload Current Protection | Present |
Connection | Removable terminal block |
Reverse Polarity Protection | Present |
• Physical Characteristics | |
Housing | Metal, IP 30 protection |
Dimensions | 51 x 152 x 131.1 mm (2.01 x 5.98 x 5.16 in) |
Weight | 1250 g (2.82 lb) |
Installation | DIN-rail mounting, wall mounting (with optional kit) |
• Environmental Limits | |
Operating Temperature | Standard Models: 0 to 60°C (32 to 140°F) Wide Temp. Models: -40 to 75°C (-40 to 167°F) |
Storage Temperature | -40 to 85°C (-40 to 185°F) |
Ambient Relative Humidity | 5 to 95 % (non-condensing) |
• Standards and Certifications | |
Safety | UL 508 |
EMC | EN 55032/24 |
EMI | CISPR 32, FCC Part 15B Class A |
EMS | IEC 61000-4-2 ESD: Contact: 6 kV; Air: 8 kV IEC 61000-4-3 RS: 80 MHz to 1 GHz: 10 V/m IEC 61000-4-4 EFT: Power: 4 kV; Signal: 4 kV IEC 61000-4-5 Surge: Power: 2 kV; Signal: 1 kV IEC 61000-4-6 CS: Signal: 10 V IEC 61000-4-8 |
Marine | DNV (EDR-G902) |
Shock | IEC 60068-2-27 |
Freefall | IEC 60068-2-32 |
Vibration | IEC 60068-2-6 |
• MTBF (mean time between failures) | |
Time | 530,000 hrs |
Standard | Telcordia (Bellcore), GB |
• Warranty | |
Warranty Period | 5 years |
Details | www.anhnghison.com |