EDR-G902 Series
Industrial secure routers with firewall/NAT/VPN
- Mô tả Specs Details Overview Components Packages Resources Additional Modules Complementary products Architecture Tools Benefits Features Customer Ordering
- Thông số Specs Details Overview Components Packages Resources Additional Modules Complementary products Architecture Tools Benefits Features Customer Ordering
- Ordering Specs Details Overview Components Packages Resources Additional Modules Complementary products Architecture Tools Benefits Features Customer Ordering
- Tài liệu Specs Details Overview Components Packages Resources Additional Modules Complementary products Architecture Tools Benefits Features Customer Ordering
Tính năng và lợi ích
- Firewall/NAT/VPN/Router tất cả trong một
- Đường hầm truy cập từ xa bảo mật với VPN
- Bảo vệ các tài sản quan trọng với firewall stateful
- Kiểm tra giao thức công nghiệp với công nghệ PacketGuard
- Thiết lập mạng dễ dàng với bộ dịch địa chỉ IP (NAT)
- Giao diện dự phòng WAN kép thông qua các mạng công khai
- Hỗ trợ cho VLAN ở các giao diện khác nhau
- Dải nhiệt độ hoạt động rộng -40 đến 75°C (T model)
- Tuân thủ ISA99 / IEC 62443 / NERC CIP
Giới thiệu
EDR-G902 là một server VPN công nghiệp hiệu suất cao với một firewall/NAT tất cả trong một thiết bị định tuyến an toàn. Nó được thiết kế cho các ứng dụng bảo mật dùng trường Ethernet trong mạng giám sát hoặc điều khiển từ xa nhạy cảm, nó cung cấp một phạm vi an ninh điện để bảo vệ các tài sản mạng quan trọng như là các trạm bơm, hệ thống PLC, DCS trên giàn khoan dầu, hệ thống xử lý nước thải. Dòng EDR-G902 bao gồm các đặc tính an ninh mạng như sau:
- Mạng riêng ảo (VPN): VPN được thiết kế để cung cấp cho người dùng với liên kết truyền thông an toàn khi truy cập một mạng riêng từ internet công khai. Nó dùng chế độ client hoặc server IPSec (IP Security) mã hóa và xác thực tất cả các gói IP ở lớp mạng để đảm bảo bảo mật và xác thực người gửi.
- Firewall: Điều khiển lưu lượng mạng giữa các vùng tin cậy khác nhau. Network Address Translation (NAT) bảo vệ mạng LAN nội bộ khỏi các hoạt động trái phép từ host bên ngoài và được bao gồm.
Chức năng Quick Automation Profile của EDR-G902 hỗ trợ hầu hết các giao thức trường phổ biến bao gồm EtherCAT, EtherNet//IP, FOUNDATION Fieldbus, Modbus/TCP và PROFINET. Người dùng có thể dễ dàng tạo ra một mạng trường Ethernet từ một trình duyệt web thân thiện với người dùng chỉ bằng một click. Hơn nữa, công nghệ PacketGuard của Moxa (Kiểm tra gói sâu) giúp lọc các lệnh Modbus TCP ở OSI layer 7. Các model có dải nhiệt độ hoạt động rộng -40 đến 75°C có thể hoạt động hiệu quả ở môi trường khắc nghiệt.
| • Technology | |
| Standards | IEEE 802.3 for 10BaseT IEEE 802.3u for 100BaseT(X) and 100BaseFX IEEE 802.3ab for 1000BaseT(X) IEEE 802.3z for 1000BaseX |
| Protocols | SNMPv1/v2c/v3, DHCP Server/Client, TFTP, NTP/SNTP server and client, HTTP, HTTPS, Telnet, SSH, Syslog, SMTP, LLDP, PPPoE, PPTP, Dynamic DNS, traffic prioritization |
| Routing | Static routing, RIP V1/V2, OSPFThroughput: • Max. 25000 packets per second (or 300 Mbps) |
| Routing Redundancy | VRRP |
| VLAN | 5 VLANs per interfaces (VLAN ID: 1 to 4094) |
| Flow Control | IEEE 802.3x flow control, back pressure flow control |
| • Security Functions | |
| Firewall | Features: • Stateful inspection • Router firewall and transparent (bridge) firewall • Filter: IP and MAC address, ports, ICMP, Ethernet protocols • Deep Packet Inspection: Modbus TCP/UDP • Quick Automation Profiles: EtherCAT, EtherNet/IP, FOUNDAT |
| DoS and DDoS Protection | Null Scan, Xmas Scan, NMAP-Xmas Scan, SYN/FIN Scan, FIN Scan, NMAP-ID Scan, SYN/RST Scan, NEW-Without-SYN Scan, ICMP-Death, SYN-Flood, ARP-Flood |
| NAT | N-to-1, 1-to-1, bidirectional 1-to-1, and port forwarding |
| IPSec VPN | Protocols: • IPSec • L2TP (server) • PPTP (client) Encryption: • DES, 3DES, AES-128, AES-192, AES-256 Authentication: • RSA (key size: 1024-bit, 2048-bit) • X.509 v3 certificate • MD5 and SHA (SHA-256) Throughput: • Max. 60 Mbps (Condition: AES-246, SHA-256) |
| OpenVPN | Protocols: • OpenVPN (client and server), UDP and TCP • Tunnel mode (routing) and TAP mode (bridge) Encryption: • Blowfish CBC, DES CBC, DES-EDE3 CBC, AES-128/192/256 CBC Authentication: • User password by MD5 and SHA1 Concurrent VPN Tunnels: • Server mode: max. 5 external clients • Client mode: max. 2 external servers |
| Real-Time Firewall / VPN Event Log | • Event Type: Firewall Event, VPN Event, System Security Event • Media: Local storage, Syslog server, and SNMP trap |
| • Interface | |
| WAN/WAN1 | 1 RJ45/Fiber combo port |
| WAN2/DMZ | 1 RJ45/Fiber combo port |
| LAN | RJ45 |
| RJ45 Ports | 10/100/1000BaseT(X) auto negotiation speed |
| Fiber Ports | 100/1000BaseSFP slot |
| LED Indicators | PWR1, PWR2, FAULT, 10/100/1000M |
| Alarm Contact | One relay output with current-carrying capacity of 1 A @ 24 VDC |
| Digital Inputs | 1 input • +13 to +30 V for state “1” • -30 to +3 V for state “0” • Max. input current: 8 mA |
| • Power Requirements | |
| Input Voltage | 12/24/48 VDC, redundant dual inputs |
| Input Current | 0.45 A @ 24 V |
| Overload Current Protection | Present |
| Connection | Removable terminal block |
| Reverse Polarity Protection | Present |
| • Physical Characteristics | |
| Housing | Metal, IP 30 protection |
| Dimensions | 51 x 152 x 131.1 mm (2.01 x 5.98 x 5.16 in) |
| Weight | 1250 g (2.82 lb) |
| Installation | DIN-rail mounting, wall mounting (with optional kit) |
| • Environmental Limits | |
| Operating Temperature | Standard Models: 0 to 60°C (32 to 140°F) Wide Temp. Models: -40 to 75°C (-40 to 167°F) |
| Storage Temperature | -40 to 85°C (-40 to 185°F) |
| Ambient Relative Humidity | 5 to 95 % (non-condensing) |
| • Standards and Certifications | |
| Safety | UL 508 |
| EMC | EN 55032/24 |
| EMI | CISPR 32, FCC Part 15B Class A |
| EMS | IEC 61000-4-2 ESD: Contact: 6 kV; Air: 8 kV IEC 61000-4-3 RS: 80 MHz to 1 GHz: 10 V/m IEC 61000-4-4 EFT: Power: 4 kV; Signal: 4 kV IEC 61000-4-5 Surge: Power: 2 kV; Signal: 1 kV IEC 61000-4-6 CS: Signal: 10 V IEC 61000-4-8 |
| Marine | DNV (EDR-G902) |
| Shock | IEC 60068-2-27 |
| Freefall | IEC 60068-2-32 |
| Vibration | IEC 60068-2-6 |
| • MTBF (mean time between failures) | |
| Time | 530,000 hrs |
| Standard | Telcordia (Bellcore), GB |
Available Models
| Model No. | Description | |
|---|---|---|
| EDR-G902 | Industrial Gigabit Firewall/NAT secure router with 1 WAN port, 50 VPN tunnels, 0 to 60°C operating temperature | |
| EDR-G902-T | Industrial Gigabit Firewall/NAT secure router with 1 WAN port, 50 VPN tunnels, -40 to 75°C operating temperature |
Compatible Modules
SFP-1G Series
| Model No. | Description | |
|---|---|---|
| SFP-1G10ALC | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1310 nm, RX 1550 nm, 0 to 60°C operating temperature | |
| SFP-1G10ALC-T | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1310 nm, RX 1550 nm, -40 to 85°C operating temperature | |
| SFP-1G10BLC | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1550 nm, RX 1310 nm, 0 to 60°C operating temperature | |
| SFP-1G10BLC-T | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1550 nm, RX 1310 nm, -40 to 85°C operating temperature | |
| SFP-1G20ALC | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1310 nm, RX 1550 nm, 0 to 60°C operating temperature | |
| SFP-1G20ALC-T | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1310 nm, RX 1550 nm, -40 to 85°C operating temperature | |
| SFP-1G20BLC | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1550 nm, RX 1310 nm, 0 to 60°C operating temperature | |
| SFP-1G20BLC-T | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1550 nm, RX 1310 nm, -40 to 85°C operating temperature | |
| SFP-1G40ALC | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1310 nm, RX 1550 nm, 0 to 60°C operating temperature | |
| SFP-1G40ALC-T | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1310 nm, RX 1550 nm, -40 to 85°C operating temperature | |
| SFP-1G40BLC | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1550 nm, RX 1310 nm, 0 to 60°C operating temperature | |
| SFP-1G40BLC-T | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1550 nm, RX 1310 nm, -40 to 85°C operating temperature | |
| SFP-1GEZXLC | SFP module with 1 1000BaseEZX port with LC connector for 110 km transmission, 0 to 60°C operating temperature | |
| SFP-1GEZXLC-120 | SFP module with 1 1000BaseEZX port with LC connector for 120 km transmission, 0 to 60°C operating temperature | |
| SFP-1GLHLC | SFP module with 1 1000BaseLH port with LC connector for 30 km transmission, 0 to 60°C operating temperature | |
| SFP-1GLHLC-T | SFP module with 1 1000BaseLH port with LC connector for 30 km transmission, -40 to 85°C operating temperature | |
| SFP-1GLHXLC | SFP module with 1 1000BaseLHX port with LC connector for 40 km transmission, 0 to 60°C operating temperature | |
| SFP-1GLHXLC-T | SFP module with 1 1000BaseLHX port with LC connector for 40 km transmission, -40 to 85°C operating temperature | |
| SFP-1GLSXLC | SFP module with 1 1000BaseLSX port with LC connector for 2 km transmission, 0 to 60°C operating temperature | |
| SFP-1GLSXLC-T | SFP module with 1 1000BaseLSX port with LC connector for 2 km transmission, -40 to 85°C operating temperature | |
| SFP-1GLXLC | SFP module with 1 1000BaseLX port with LC connector for 10 km transmission, 0 to 60°C operating temperature | |
| SFP-1GLXLC-T | SFP module with 1 1000BaseLX port with LC connector for 10 km transmission, -40 to 85°C operating temperature | |
| SFP-1GSXLC | SFP module with 1 1000BaseSX port with LC connector for 0.5 km transmission, 0 to 60°C operating temperature | |
| SFP-1GSXLC-T | SFP module with 1 1000BaseSX port with LC connector for 0.5 km transmission, -20 to 75°C operating temperature | |
| SFP-1GZXLC | SFP module with 1 1000BaseZX port with LC connector for 80 km transmission, 0 to 60°C operating temperature | |
| SFP-1GZXLC-T | SFP module with 1 1000BaseZX port with LC connector for 80 km transmission, -40 to 85°C operating temperature |
SFP-1FE Series
| Model No. | Description | |
|---|---|---|
| SFP-1FELLC-T | SFP module with 100Base single-mode with LC connector for 80 km transmission, -40 to 85°C operating temperature | |
| SFP-1FEMLC-T | SFP module with 100Base multi-mode with LC connector for 4 km transmission, -40 to 85°C operating temperature | |
| SFP-1FESLC-T | SFP module with 100Base single-mode with LC connector for 40 km transmission, -40 to 85°C operating temperature |
Optional Accessories
Trial Software
| Model No. | Description | |
|---|---|---|
| MXview | Industrial network management software designed for converged automation networks |
In this paper, we present important considerations for implementing network security and network security risk management. We also include information on how to develop mitigation strategies for specific problems and provide directions on how to choose the right industrial firewall to ensure safety and reliability for industrial networks
White Paper: Protecting Industrial Control Systems with Gigabit Cybersecurity
An Industrial Control System (ICS) needs the type of network security that takes into consideration its central role in industrial applications. Problems that arise in ICS operations can result in losses on many different levels, including costs incurred from equipment damage, and even loss of life. Although ICS networks may use some of the same technology and devices as enterprise IT systems, from a hands-on practical point of view, ICS network security differs in three aspects: protecting devices, content for filtering, and operating environment
