Đặc điểm và tính năng 

  • Firewall/NAT/VPN/Router tất cả trong một
  • Đường hầm truy cập từ xa bảo mật với VPN
  • Bảo vệ các tài sản chính với firewall stateful
  • Kiểm tra giao thức công nghiệp với công nghệ PacketGuard
  • Thiết lập mạng dễ dàng với gói mạng dịch địa chỉ IP (NAT)
  • Giao diện dự phòng WAN kép thông qua các mạng công khai
  • Hỗ trợ cho VLAN trong các giao diện khác nhau
  • Dải nhiệt độ hoạt động rộng -40 đến 75°C (T model)
  • Tuân thủ ISA99 / IEC 62443 / NERC CIP

Giới thiệu

Dòng EDR-G903 là server VPN công nghiệp hiệu suất cao với một định tuyến bảo mật tất cả trong một firewall/NAT. Nó được thiết kế cho các ứng dụng bảo mật trường Ethernet trong các mạng giám sát và điều khiển từ xa nhạy cảm, nó cung cấp một phạm vi an toàn điện cho việc bảo vệ các tài sản quan trọng như là các trạm bơm, hệ thống DCS, PLC trên giàn khoan dầu, hệ thống xử lý nước. EDR-G903 bao gồm các đặc điểm an toàn mạng như sau:

  • Mạng riêng ảo (VPN) được thiết kế cung cấp cho người dùng với liên kết truyền thông an toàn khi truy cập một mạng riêng tư từ internet công khai. Nó dùng server IPSec (IP security) hoặc chế độ client để mã hóa và xác thực tất cả các gói IP ở lớp mạng đảm bảo bảo mật và xác thực người gửi.
  • Firewall: Kiểm soát lưu lượng mạng giữa các vùng tin cậy khác nhau. Gói dịch địa chỉ IP mạng (NAT), bao gồm bảo vệ mạng LAN nội bộ khỏi các hoạt động trái phép từ các host bên ngoài.

Chức năng Quick Automation Profile của EDR-G903 hỗ trợ hầu hết các trường giao thức phổ biến, bao gồm EtherCAT, Ethernet/IP, trường FOUNDATION, Modbus/TCP, PROFINET. Người dùng có thể dễ dàng tạo ra một mạng trường Ethernet bảo mật từ một trình duyệt web thân thiện chỉ bằng một click. Hơn nữa, công nghệ PacketGuard của Moxa (Kiểm tra gói sâu) giúp lọc các lệnh Modbus TCP ở OSI 7. Dải nhiệt độ hoạt động rộng -40 đến 75°C giúp nó hoạt động hiệu quả trong các môi trường khắc nghiệt.

• Technology
StandardsIEEE 802.3 for 10BaseT
IEEE 802.3u for 100BaseT(X) and 100BaseFX
IEEE 802.3ab for 1000BaseT(X)
IEEE 802.3z for 1000BaseX
ProtocolsSNMPv1/v2c/v3, DHCP Server/Client, TFTP, NTP/SNTP server and client, HTTP, HTTPS, Telnet, SSH, Syslog, SMTP, LLDP, PPPoE, PPTP, Dynamic DNS, traffic prioritization
RoutingStatic routing, RIP V1/V2, OSPFThroughput:
• Max. 40000 packets per second (or 500 Mbps)
Routing RedundancyVRRP
VLAN5 VLANs per interfaces (VLAN ID: 1 to 4094)
Flow ControlIEEE 802.3x flow control, back pressure flow control
• Security Functions
FirewallFeatures:
• Stateful inspection
• Router firewall and transparent (bridge) firewall
• Filter: IP and MAC address, ports, ICMP, Ethernet protocols
• Deep Packet Inspection: Modbus TCP/UDP
• Quick Automation Profiles: EtherCAT, EtherNet/IP, FOUNDAT
DoS and DDoS ProtectionNull Scan, Xmas Scan, NMAP-Xmas Scan, SYN/FIN Scan, FIN Scan, NMAP-ID Scan, SYN/RST Scan, NEW-Without-SYN Scan, ICMP-Death, SYN-Flood, ARP-Flood
NATN-to-1, 1-to-1, bidirectional 1-to-1, and port forwarding
IPSec VPNProtocols:
• IPSec
• L2TP (server)
• PPTP (client)
Encryption:
• DES, 3DES, AES-128, AES-192, AES-256
Authentication:
• RSA (key size: 1024-bit, 2048-bit)
• X.509 v3 certificate
• MD5 and SHA (SHA-256)
Throughput:
• 100 IPSec VPN Tunnels (Max. 30 start in initial mode)
OpenVPNProtocols:
• OpenVPN (client and server), UDP and TCP
• Tunnel mode (routing) and TAP mode (bridge)
Encryption:
• Blowfish CBC, DES CBC, DES-EDE3 CBC, AES-128/192/256 CBC
Authentication:
• User password by MD5 and SHA1
Concurrent VPN Tunnels:
• Server mode: max. 5 external clients
• Client mode: max. 2 external servers
Real-Time Firewall / VPN Event Log• Event Type: Firewall Event, VPN Event, System Security Event
• Media: Local storage, Syslog server, and SNMP trap
• Interface
WAN/WAN11 RJ45/Fiber combo port
WAN2/DMZ1 RJ45/Fiber combo port
LANRJ45/SFP combo port
RJ45 Ports10/100/1000BaseT(X) auto negotiation speed
Fiber Ports100/1000BaseSFP slot
LED IndicatorsPWR1, PWR2, FAULT, 10/100/1000M
Alarm ContactOne relay output with current-carrying capacity of 1 A @ 24 VDC
Digital Inputs1 input
• +13 to +30 V for state “1”
• -30 to +3 V for state “0”
• Max. input current: 8 mA
• Power Requirements
Input Voltage12/24/48 VDC, redundant dual inputs
Input Current0.45 A @ 24 V
Overload Current ProtectionPresent
ConnectionRemovable terminal block
Reverse Polarity ProtectionPresent
• Physical Characteristics
HousingMetal, IP 30 protection
Dimensions51 x 152 x 131.1 mm (2.01 x 5.98 x 5.16 in)
Weight1250 g (2.82 lb)
InstallationDIN-rail mounting, wall mounting (with optional kit)
• Environmental Limits
Operating TemperatureStandard Models: 0 to 60°C (32 to 140°F)
Wide Temp. Models: -40 to 75°C (-40 to 167°F)
Storage Temperature-40 to 85°C (-40 to 185°F)
Ambient Relative Humidity5 to 95 % (non-condensing)
• Standards and Certifications
SafetyUL 508
EMCEN 55032/24
EMICISPR 32, FCC Part 15B Class A
EMSIEC 61000-4-2 ESD: Contact: 6 kV; Air: 8 kV
IEC 61000-4-3 RS: 80 MHz to 1 GHz: 10 V/m
IEC 61000-4-4 EFT: Power: 4 kV; Signal: 4 kV
IEC 61000-4-5 Surge: Power: 2 kV; Signal: 1 kV
IEC 61000-4-6 CS: Signal: 10 V
IEC 61000-4-8
Power AutomationIEC 61850-3
ShockIEC 60068-2-27
FreefallIEC 60068-2-32
VibrationIEC 60068-2-6
• MTBF (mean time between failures)
Time530,000 hrs
StandardTelcordia (Bellcore), GB

Available Models

Model No.Description
EDR-G903Industrial Gigabit Firewall/NAT secure router with 2 WAN/1 DMZ ports, 100 VPN Tunnels, 0 to 60°C operating temperature
EDR-G903-TIndustrial Gigabit Firewall/NAT secure router with 2 WAN/1 DMZ ports, 100 VPN Tunnels, -40 to 75°C operating temperature

Compatible Modules

SFP-1G Series

Model No.Description
SFP-1G10ALCWDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1310 nm, RX 1550 nm, 0 to 60°C operating temperature
SFP-1G10ALC-TWDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1310 nm, RX 1550 nm, -40 to 85°C operating temperature
SFP-1G10BLCWDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1550 nm, RX 1310 nm, 0 to 60°C operating temperature
SFP-1G10BLC-TWDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1550 nm, RX 1310 nm, -40 to 85°C operating temperature
SFP-1G20ALCWDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1310 nm, RX 1550 nm, 0 to 60°C operating temperature
SFP-1G20ALC-TWDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1310 nm, RX 1550 nm, -40 to 85°C operating temperature
SFP-1G20BLCWDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1550 nm, RX 1310 nm, 0 to 60°C operating temperature
SFP-1G20BLC-TWDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1550 nm, RX 1310 nm, -40 to 85°C operating temperature
SFP-1G40ALCWDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1310 nm, RX 1550 nm, 0 to 60°C operating temperature
SFP-1G40ALC-TWDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1310 nm, RX 1550 nm, -40 to 85°C operating temperature
SFP-1G40BLCWDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1550 nm, RX 1310 nm, 0 to 60°C operating temperature
SFP-1G40BLC-TWDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1550 nm, RX 1310 nm, -40 to 85°C operating temperature
SFP-1GEZXLCSFP module with 1 1000BaseEZX port with LC connector for 110 km transmission, 0 to 60°C operating temperature
SFP-1GEZXLC-120SFP module with 1 1000BaseEZX port with LC connector for 120 km transmission, 0 to 60°C operating temperature
SFP-1GLHLCSFP module with 1 1000BaseLH port with LC connector for 30 km transmission, 0 to 60°C operating temperature
SFP-1GLHLC-TSFP module with 1 1000BaseLH port with LC connector for 30 km transmission, -40 to 85°C operating temperature
SFP-1GLHXLCSFP module with 1 1000BaseLHX port with LC connector for 40 km transmission, 0 to 60°C operating temperature
SFP-1GLHXLC-TSFP module with 1 1000BaseLHX port with LC connector for 40 km transmission, -40 to 85°C operating temperature
SFP-1GLSXLCSFP module with 1 1000BaseLSX port with LC connector for 2 km transmission, 0 to 60°C operating temperature
SFP-1GLSXLC-TSFP module with 1 1000BaseLSX port with LC connector for 2 km transmission, -40 to 85°C operating temperature
SFP-1GLXLCSFP module with 1 1000BaseLX port with LC connector for 10 km transmission, 0 to 60°C operating temperature
SFP-1GLXLC-TSFP module with 1 1000BaseLX port with LC connector for 10 km transmission, -40 to 85°C operating temperature
SFP-1GSXLCSFP module with 1 1000BaseSX port with LC connector for 0.5 km transmission, 0 to 60°C operating temperature
SFP-1GSXLC-TSFP module with 1 1000BaseSX port with LC connector for 0.5 km transmission, -20 to 75°C operating temperature
SFP-1GZXLCSFP module with 1 1000BaseZX port with LC connector for 80 km transmission, 0 to 60°C operating temperature
SFP-1GZXLC-TSFP module with 1 1000BaseZX port with LC connector for 80 km transmission, -40 to 85°C operating temperature

SFP-1FE Series

 Model No.Description
SFP-1FELLC-TSFP module with 100Base single-mode with LC connector for 80 km transmission, -40 to 85°C operating temperature
SFP-1FEMLC-TSFP module with 100Base multi-mode with LC connector for 4 km transmission, -40 to 85°C operating temperature
SFP-1FESLC-TSFP module with 100Base single-mode with LC connector for 40 km transmission, -40 to 85°C operating temperature

Optional Accessories

Trial Software

Model No.Description
MXviewIndustrial network management software designed for converged automation networks

Whitepaper: The right industrial firewall can strengthen the safety and reliability of control systems

In this paper, we present important considerations for implementing network security and network security risk management. We also include information on how to develop mitigation strategies for specific problems and provide directions on how to choose the right industrial firewall to ensure safety and reliability for industrial networks

White Paper: Protecting Industrial Control Systems with Gigabit Cybersecurity

An Industrial Control System (ICS) needs the type of network security that takes into consideration its central role in industrial applications. Problems that arise in ICS operations can result in losses on many different levels, including costs incurred from equipment damage, and even loss of life. Although ICS networks may use some of the same technology and devices as enterprise IT systems, from a hands-on practical point of view, ICS network security differs in three aspects: protecting devices, content for filtering, and operating environment

PacketGuard for Modbus TCP Packet Inspection

Animation: How Does PacketGuard Stop Unsafe Modbus Packets

backtotop
nh-tuyn-bo-mt-cng-nghip-vi-firewall-nat-vpn-edr-g903