EDR-G903 Series
Industrial secure routers with firewall/NAT/VPN
- Mô tả Specs Details Overview Components Packages Resources Additional Modules Complementary products Architecture Tools Benefits Features Customer Ordering
- Thông số Specs Details Overview Components Packages Resources Additional Modules Complementary products Architecture Tools Benefits Features Customer Ordering
- Ordering Specs Details Overview Components Packages Resources Additional Modules Complementary products Architecture Tools Benefits Features Customer Ordering
- Tài liệu Specs Details Overview Components Packages Resources Additional Modules Complementary products Architecture Tools Benefits Features Customer Ordering
Đặc điểm và tính năng
- Firewall/NAT/VPN/Router tất cả trong một
- Đường hầm truy cập từ xa bảo mật với VPN
- Bảo vệ các tài sản chính với firewall stateful
- Kiểm tra giao thức công nghiệp với công nghệ PacketGuard
- Thiết lập mạng dễ dàng với gói mạng dịch địa chỉ IP (NAT)
- Giao diện dự phòng WAN kép thông qua các mạng công khai
- Hỗ trợ cho VLAN trong các giao diện khác nhau
- Dải nhiệt độ hoạt động rộng -40 đến 75°C (T model)
- Tuân thủ ISA99 / IEC 62443 / NERC CIP
Giới thiệu
Dòng EDR-G903 là server VPN công nghiệp hiệu suất cao với một định tuyến bảo mật tất cả trong một firewall/NAT. Nó được thiết kế cho các ứng dụng bảo mật trường Ethernet trong các mạng giám sát và điều khiển từ xa nhạy cảm, nó cung cấp một phạm vi an toàn điện cho việc bảo vệ các tài sản quan trọng như là các trạm bơm, hệ thống DCS, PLC trên giàn khoan dầu, hệ thống xử lý nước. EDR-G903 bao gồm các đặc điểm an toàn mạng như sau:
- Mạng riêng ảo (VPN) được thiết kế cung cấp cho người dùng với liên kết truyền thông an toàn khi truy cập một mạng riêng tư từ internet công khai. Nó dùng server IPSec (IP security) hoặc chế độ client để mã hóa và xác thực tất cả các gói IP ở lớp mạng đảm bảo bảo mật và xác thực người gửi.
- Firewall: Kiểm soát lưu lượng mạng giữa các vùng tin cậy khác nhau. Gói dịch địa chỉ IP mạng (NAT), bao gồm bảo vệ mạng LAN nội bộ khỏi các hoạt động trái phép từ các host bên ngoài.
Chức năng Quick Automation Profile của EDR-G903 hỗ trợ hầu hết các trường giao thức phổ biến, bao gồm EtherCAT, Ethernet/IP, trường FOUNDATION, Modbus/TCP, PROFINET. Người dùng có thể dễ dàng tạo ra một mạng trường Ethernet bảo mật từ một trình duyệt web thân thiện chỉ bằng một click. Hơn nữa, công nghệ PacketGuard của Moxa (Kiểm tra gói sâu) giúp lọc các lệnh Modbus TCP ở OSI 7. Dải nhiệt độ hoạt động rộng -40 đến 75°C giúp nó hoạt động hiệu quả trong các môi trường khắc nghiệt.
| • Technology | |
| Standards | IEEE 802.3 for 10BaseT IEEE 802.3u for 100BaseT(X) and 100BaseFX IEEE 802.3ab for 1000BaseT(X) IEEE 802.3z for 1000BaseX |
| Protocols | SNMPv1/v2c/v3, DHCP Server/Client, TFTP, NTP/SNTP server and client, HTTP, HTTPS, Telnet, SSH, Syslog, SMTP, LLDP, PPPoE, PPTP, Dynamic DNS, traffic prioritization |
| Routing | Static routing, RIP V1/V2, OSPFThroughput: • Max. 40000 packets per second (or 500 Mbps) |
| Routing Redundancy | VRRP |
| VLAN | 5 VLANs per interfaces (VLAN ID: 1 to 4094) |
| Flow Control | IEEE 802.3x flow control, back pressure flow control |
| • Security Functions | |
| Firewall | Features: • Stateful inspection • Router firewall and transparent (bridge) firewall • Filter: IP and MAC address, ports, ICMP, Ethernet protocols • Deep Packet Inspection: Modbus TCP/UDP • Quick Automation Profiles: EtherCAT, EtherNet/IP, FOUNDAT |
| DoS and DDoS Protection | Null Scan, Xmas Scan, NMAP-Xmas Scan, SYN/FIN Scan, FIN Scan, NMAP-ID Scan, SYN/RST Scan, NEW-Without-SYN Scan, ICMP-Death, SYN-Flood, ARP-Flood |
| NAT | N-to-1, 1-to-1, bidirectional 1-to-1, and port forwarding |
| IPSec VPN | Protocols: • IPSec • L2TP (server) • PPTP (client) Encryption: • DES, 3DES, AES-128, AES-192, AES-256 Authentication: • RSA (key size: 1024-bit, 2048-bit) • X.509 v3 certificate • MD5 and SHA (SHA-256) Throughput: • 100 IPSec VPN Tunnels (Max. 30 start in initial mode) |
| OpenVPN | Protocols: • OpenVPN (client and server), UDP and TCP • Tunnel mode (routing) and TAP mode (bridge) Encryption: • Blowfish CBC, DES CBC, DES-EDE3 CBC, AES-128/192/256 CBC Authentication: • User password by MD5 and SHA1 Concurrent VPN Tunnels: • Server mode: max. 5 external clients • Client mode: max. 2 external servers |
| Real-Time Firewall / VPN Event Log | • Event Type: Firewall Event, VPN Event, System Security Event • Media: Local storage, Syslog server, and SNMP trap |
| • Interface | |
| WAN/WAN1 | 1 RJ45/Fiber combo port |
| WAN2/DMZ | 1 RJ45/Fiber combo port |
| LAN | RJ45/SFP combo port |
| RJ45 Ports | 10/100/1000BaseT(X) auto negotiation speed |
| Fiber Ports | 100/1000BaseSFP slot |
| LED Indicators | PWR1, PWR2, FAULT, 10/100/1000M |
| Alarm Contact | One relay output with current-carrying capacity of 1 A @ 24 VDC |
| Digital Inputs | 1 input • +13 to +30 V for state “1” • -30 to +3 V for state “0” • Max. input current: 8 mA |
| • Power Requirements | |
| Input Voltage | 12/24/48 VDC, redundant dual inputs |
| Input Current | 0.45 A @ 24 V |
| Overload Current Protection | Present |
| Connection | Removable terminal block |
| Reverse Polarity Protection | Present |
| • Physical Characteristics | |
| Housing | Metal, IP 30 protection |
| Dimensions | 51 x 152 x 131.1 mm (2.01 x 5.98 x 5.16 in) |
| Weight | 1250 g (2.82 lb) |
| Installation | DIN-rail mounting, wall mounting (with optional kit) |
| • Environmental Limits | |
| Operating Temperature | Standard Models: 0 to 60°C (32 to 140°F) Wide Temp. Models: -40 to 75°C (-40 to 167°F) |
| Storage Temperature | -40 to 85°C (-40 to 185°F) |
| Ambient Relative Humidity | 5 to 95 % (non-condensing) |
| • Standards and Certifications | |
| Safety | UL 508 |
| EMC | EN 55032/24 |
| EMI | CISPR 32, FCC Part 15B Class A |
| EMS | IEC 61000-4-2 ESD: Contact: 6 kV; Air: 8 kV IEC 61000-4-3 RS: 80 MHz to 1 GHz: 10 V/m IEC 61000-4-4 EFT: Power: 4 kV; Signal: 4 kV IEC 61000-4-5 Surge: Power: 2 kV; Signal: 1 kV IEC 61000-4-6 CS: Signal: 10 V IEC 61000-4-8 |
| Power Automation | IEC 61850-3 |
| Shock | IEC 60068-2-27 |
| Freefall | IEC 60068-2-32 |
| Vibration | IEC 60068-2-6 |
| • MTBF (mean time between failures) | |
| Time | 530,000 hrs |
| Standard | Telcordia (Bellcore), GB |
Available Models
| Model No. | Description |
|---|---|
| EDR-G903 | Industrial Gigabit Firewall/NAT secure router with 2 WAN/1 DMZ ports, 100 VPN Tunnels, 0 to 60°C operating temperature |
| EDR-G903-T | Industrial Gigabit Firewall/NAT secure router with 2 WAN/1 DMZ ports, 100 VPN Tunnels, -40 to 75°C operating temperature |
Compatible Modules
SFP-1G Series
| Model No. | Description |
|---|---|
| SFP-1G10ALC | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1310 nm, RX 1550 nm, 0 to 60°C operating temperature |
| SFP-1G10ALC-T | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1310 nm, RX 1550 nm, -40 to 85°C operating temperature |
| SFP-1G10BLC | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1550 nm, RX 1310 nm, 0 to 60°C operating temperature |
| SFP-1G10BLC-T | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1550 nm, RX 1310 nm, -40 to 85°C operating temperature |
| SFP-1G20ALC | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1310 nm, RX 1550 nm, 0 to 60°C operating temperature |
| SFP-1G20ALC-T | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1310 nm, RX 1550 nm, -40 to 85°C operating temperature |
| SFP-1G20BLC | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1550 nm, RX 1310 nm, 0 to 60°C operating temperature |
| SFP-1G20BLC-T | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1550 nm, RX 1310 nm, -40 to 85°C operating temperature |
| SFP-1G40ALC | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1310 nm, RX 1550 nm, 0 to 60°C operating temperature |
| SFP-1G40ALC-T | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1310 nm, RX 1550 nm, -40 to 85°C operating temperature |
| SFP-1G40BLC | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1550 nm, RX 1310 nm, 0 to 60°C operating temperature |
| SFP-1G40BLC-T | WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1550 nm, RX 1310 nm, -40 to 85°C operating temperature |
| SFP-1GEZXLC | SFP module with 1 1000BaseEZX port with LC connector for 110 km transmission, 0 to 60°C operating temperature |
| SFP-1GEZXLC-120 | SFP module with 1 1000BaseEZX port with LC connector for 120 km transmission, 0 to 60°C operating temperature |
| SFP-1GLHLC | SFP module with 1 1000BaseLH port with LC connector for 30 km transmission, 0 to 60°C operating temperature |
| SFP-1GLHLC-T | SFP module with 1 1000BaseLH port with LC connector for 30 km transmission, -40 to 85°C operating temperature |
| SFP-1GLHXLC | SFP module with 1 1000BaseLHX port with LC connector for 40 km transmission, 0 to 60°C operating temperature |
| SFP-1GLHXLC-T | SFP module with 1 1000BaseLHX port with LC connector for 40 km transmission, -40 to 85°C operating temperature |
| SFP-1GLSXLC | SFP module with 1 1000BaseLSX port with LC connector for 2 km transmission, 0 to 60°C operating temperature |
| SFP-1GLSXLC-T | SFP module with 1 1000BaseLSX port with LC connector for 2 km transmission, -40 to 85°C operating temperature |
| SFP-1GLXLC | SFP module with 1 1000BaseLX port with LC connector for 10 km transmission, 0 to 60°C operating temperature |
| SFP-1GLXLC-T | SFP module with 1 1000BaseLX port with LC connector for 10 km transmission, -40 to 85°C operating temperature |
| SFP-1GSXLC | SFP module with 1 1000BaseSX port with LC connector for 0.5 km transmission, 0 to 60°C operating temperature |
| SFP-1GSXLC-T | SFP module with 1 1000BaseSX port with LC connector for 0.5 km transmission, -20 to 75°C operating temperature |
| SFP-1GZXLC | SFP module with 1 1000BaseZX port with LC connector for 80 km transmission, 0 to 60°C operating temperature |
| SFP-1GZXLC-T | SFP module with 1 1000BaseZX port with LC connector for 80 km transmission, -40 to 85°C operating temperature |
SFP-1FE Series
| Model No. | Description | |
|---|---|---|
| SFP-1FELLC-T | SFP module with 100Base single-mode with LC connector for 80 km transmission, -40 to 85°C operating temperature | |
| SFP-1FEMLC-T | SFP module with 100Base multi-mode with LC connector for 4 km transmission, -40 to 85°C operating temperature | |
| SFP-1FESLC-T | SFP module with 100Base single-mode with LC connector for 40 km transmission, -40 to 85°C operating temperature |
Optional Accessories
Trial Software
| Model No. | Description |
|---|---|
| MXview | Industrial network management software designed for converged automation networks |
In this paper, we present important considerations for implementing network security and network security risk management. We also include information on how to develop mitigation strategies for specific problems and provide directions on how to choose the right industrial firewall to ensure safety and reliability for industrial networks
White Paper: Protecting Industrial Control Systems with Gigabit Cybersecurity
An Industrial Control System (ICS) needs the type of network security that takes into consideration its central role in industrial applications. Problems that arise in ICS operations can result in losses on many different levels, including costs incurred from equipment damage, and even loss of life. Although ICS networks may use some of the same technology and devices as enterprise IT systems, from a hands-on practical point of view, ICS network security differs in three aspects: protecting devices, content for filtering, and operating environment
