Техническое Руководство для Moxa EDR-810-2GSFP-T Router (Open Item)
1
w w w. m o x a . c o m
i n f o @ m o x a . c o m
Industrial Network Security and Management
FINALISTS
EDR-810 Series
The EDR-810 is a highly integrated industrial multiport secure router
with Firewall/NAT/VPN and managed Layer 2 switch functions. It is
designed for Ethernet security applications in sensitive remote control
or monitoring networks, and provides an electronic security perimeter
for the protection of critical cyber assets such as pumping/treatment
systems in water stations, DCS systems in oil and gas applications,
and PLC/SCADA systems in factory automation. The EDS-810 series
includes the following cyber security features:
with Firewall/NAT/VPN and managed Layer 2 switch functions. It is
designed for Ethernet security applications in sensitive remote control
or monitoring networks, and provides an electronic security perimeter
for the protection of critical cyber assets such as pumping/treatment
systems in water stations, DCS systems in oil and gas applications,
and PLC/SCADA systems in factory automation. The EDS-810 series
includes the following cyber security features:
• Firewall/NAT: Firewall policies control network traffic between
different trust zones, and Network Address Translation (NAT)
shields the internal LAN from unauthorized activity from outside
hosts.
shields the internal LAN from unauthorized activity from outside
hosts.
8+2G multiport industrial secure router with switch/firewall/NAT/VPN
Specifications
Introduction
Technology
Standards:
IEEE 802.3 for 10BaseT
IEEE 802.3u for 100BaseT(X)
IEEE 802.3ab for 1000BaseT(X)
IEEE 802.3z for 1000BaseX
IEEE 802.1Q for VLAN tagging
IEEE 802.3ad for port trunk
Protocols: SNMP v1/v2c/v3, DHCP server/client, TFTP, NTP/SNTP
server/client, HTTP, HTTPS, Telnet, SSH, IPSec, L2TP, IGMP v1/v2/v3,
QoS/CoS/ToS, Radius, RSTP/STP, LLDP, DDNS
Routing: Static routing, RIP V1/V2, OSPF
Routing Redundancy: VRRP
Multicast Routing: Static, DVMRP, PIM-SM/SSM
Broadcast: IP directed broadcast, broadcast forwarding
Redundancy: STP/RSTP, Turbo Ring V2
Flow Control: IEEE 802.3x flow control, back pressure flow control
IEEE 802.3 for 10BaseT
IEEE 802.3u for 100BaseT(X)
IEEE 802.3ab for 1000BaseT(X)
IEEE 802.3z for 1000BaseX
IEEE 802.1Q for VLAN tagging
IEEE 802.3ad for port trunk
Protocols: SNMP v1/v2c/v3, DHCP server/client, TFTP, NTP/SNTP
server/client, HTTP, HTTPS, Telnet, SSH, IPSec, L2TP, IGMP v1/v2/v3,
QoS/CoS/ToS, Radius, RSTP/STP, LLDP, DDNS
Routing: Static routing, RIP V1/V2, OSPF
Routing Redundancy: VRRP
Multicast Routing: Static, DVMRP, PIM-SM/SSM
Broadcast: IP directed broadcast, broadcast forwarding
Redundancy: STP/RSTP, Turbo Ring V2
Flow Control: IEEE 802.3x flow control, back pressure flow control
Interface
RJ45 Ports: 10/100BaseT(X) auto negotiation speed
Fiber Ports: 1000BaseSFP slot
Console Port: Web/telnet/SSH/CLI, and RS-232 serial console
Fiber Ports: 1000BaseSFP slot
Console Port: Web/telnet/SSH/CLI, and RS-232 serial console
RESET button: Reset to default settings
LED Indicators: STATE, PWR1, PWR2, FAULT, 10/100/1000M
Alarm Contact: One relay output with current carrying capacity of 1 A
@ 24 VDC
Digital Inputs: 1 2-contact terminal block
• +13 to +30 V for state “1”
• -30 to +3 V for state “0”
• Max. input current: 8 mA
LED Indicators: STATE, PWR1, PWR2, FAULT, 10/100/1000M
Alarm Contact: One relay output with current carrying capacity of 1 A
@ 24 VDC
Digital Inputs: 1 2-contact terminal block
• +13 to +30 V for state “1”
• -30 to +3 V for state “0”
• Max. input current: 8 mA
Security Function
Firewall:
• Stateful inspection
• Filter: IP and MAC address, ports, ICMP, DDoS, Ethernet Protocols
• Deep Packet Inspection on Modbus TCP
Quick Automation Profile: EtherCAT, EtherNet/IP, FOUNDATION
Fieldbus, LonWorks, Modbus/TCP, PROFINET, IEC 60870-104, DNP,
FTP, SSH, Telnet, HTTP, IPSec, L2TP, PPTP, RADIUS
NAT: N-to-1, 1-to-1, bidirectional 1-to-1, and port forwarding
VPN: IPSec (client/server), L2TP (server), PPTP (client), Max. 10 VPN
tunnels (VPN model)
Encryption: DES, 3DES, AES-128/192/256 (VPN model)
Authentication: Pre-shared key (PSK), X.509v3 certificates, MD5, SHA
• Stateful inspection
• Filter: IP and MAC address, ports, ICMP, DDoS, Ethernet Protocols
• Deep Packet Inspection on Modbus TCP
Quick Automation Profile: EtherCAT, EtherNet/IP, FOUNDATION
Fieldbus, LonWorks, Modbus/TCP, PROFINET, IEC 60870-104, DNP,
FTP, SSH, Telnet, HTTP, IPSec, L2TP, PPTP, RADIUS
NAT: N-to-1, 1-to-1, bidirectional 1-to-1, and port forwarding
VPN: IPSec (client/server), L2TP (server), PPTP (client), Max. 10 VPN
tunnels (VPN model)
Encryption: DES, 3DES, AES-128/192/256 (VPN model)
Authentication: Pre-shared key (PSK), X.509v3 certificates, MD5, SHA
›
8+2G all-in-one Firewall/NAT/VPN/Router/Switch
›
Build up secure remote access tunnel with VPN
›
Protect critical assets by stateful firewall
›
Inspect industrial protocol with PacketGuard technology
›
Setup network easily by network address translation (NAT)
›
RSTP/Turbo Ring redundant protocol enhances network
redundancy
›
-40 to 75°C operating temperature range (T model)
›
ISA99 / IEC 62443 / NERC CIP compliance
›
Check firewall settings with intelligent SettingCheck feature
• VPN: Virtual Private Networking (VPN) is designed to provide
users with secure communication tunnels when accessing a
private network from the public Internet. Uses IPSec (IP Security)
server or client mode for encryption and authentication of all IP
packets at the network layer to ensure confidentiality and sender
authentication.
private network from the public Internet. Uses IPSec (IP Security)
server or client mode for encryption and authentication of all IP
packets at the network layer to ensure confidentiality and sender
authentication.
The EDR-810’s “WAN Routing Quick Setting” provides an easy way
for users to set up WAN and LAN ports to create a routing function in
4 steps. In addition, the EDR-810’s “Quick Automation Profile” gives
engineers a simple way to configure the firewall filtering function with
general automation protocols, including EtherNet/IP, Modbus TCP,
EtherCAT, FOUNDATION Fieldbus, and PROFINET. Users can easily
create a secure Ethernet network from a user-friendly web UI with a
single click, and the EDR-810 is capable of performing deep Modbus
TCP packet inspection. Wide temperature models that operate reliably
in hazardous, -40 to 75°C environments, are also available.
for users to set up WAN and LAN ports to create a routing function in
4 steps. In addition, the EDR-810’s “Quick Automation Profile” gives
engineers a simple way to configure the firewall filtering function with
general automation protocols, including EtherNet/IP, Modbus TCP,
EtherCAT, FOUNDATION Fieldbus, and PROFINET. Users can easily
create a secure Ethernet network from a user-friendly web UI with a
single click, and the EDR-810 is capable of performing deep Modbus
TCP packet inspection. Wide temperature models that operate reliably
in hazardous, -40 to 75°C environments, are also available.
Award-winning Product