ViPNet Industrial Gateway
-
Category:
- Firewalls, Virtual Private Networks (VPN)
-
MODIFICATION:
- Hardware
ViPNet Coordinator IG is an industrial VPN gateway, which allows you to organize secure channels in industrial systems and segment them to protection domains. ViPNet Coordinator IG offers efficient protection against network attacks and against unauthorized access by establishing secure ViPNet channels.
The appliance can be easily integrated into an existing infrastructure. With ViPNet Coordinator IG, you establish secure channels in any telecommunication infrastructure, including public networks.
Use Cases
ViPNet Coordinator IG appliance works as a part of ViPNet Network Security solution and is particularly useful in the following cases:
- Securing industrial network and industrial wireless network (WLAN).
- Secure remote monitoring.
- In-depth defense (using the appliance to secure channels along with application-layer data-protection tools).
- Network segmentation and perimeter defense, access restriction.
- Secure controlled access to the Internet.
- Secure remote access to the industrial network, operator’s or engineer’s desktop, and equipment, including mobile remote access.
- A gateway for communication with industrial equipment via serial interfaces.
Advantages
- Protection of distributed automated process control systems by VPN and traffic filtering (firewall).
- Protection of both wire (Ethernet) and wireless (Wi-Fi, 3G, 4G) control channels of distributed automated process control systems.
- Support of industrial devices using RS-232/422/485 protocols; the appliance can function as a Modbus TCP - Modbus RTU gateway.
- Highly energy-efficient.
- Operating temperature from -20 to +60 °С.
- Industrial form factor.
- VLAN support.
- ViPNet Administrator 4.6 as the encryption key generation authority.
Secure channel establishment
- L3 VPN gateway: Protection of OSI network layer connections with encryption and authentication.
- L2 VPN gateway: Protection of OSI channel layer connections with encryption and authentication.
- Traffic masking due to encapsulating the traffic to UDP and TCP.
Traffic filtering (firewall)
- A stateful firewall with application protocol inspection. Separate traffic filtering rules for unencrypted and encrypted IP traffic.
- NAT/PAT.
- Anti-spoofing.
- Proxy server.
Network functions
- Static routing.
- Dynamic routing.
- VLAN support.
Service functions
- DNS server.
- NTP server.
- DHCP server.
- DHCP–Relay.
- Failover cluster: a failsafe coordinator.
Support for industrial protocols
- Modbus TCP
- PROFINET
- EtherCAT
- EtherNet/IP
- DNP, IEC 60870-104, MMS
- OPC
- PTP
- LonWorks, Bacnet
- KNX, ZigBee, Z-Wave
Configuration and Management
- Remote configuring via ViPNet Administrator and Web Access. Remote management over the SSH protocol and the system console.
- Local management via system console.
- Remote monitoring via ViPNet StateWatcher and the SNMP protocol.
| Hardware specifications |
|
| Form factor |
DIN-rail mountable appliance |
| Operating system |
Adapted Linux OS |
| Dimensions (W × H × D) |
120 х 50 х 100 mm |
| Weight |
0.6 kg |
| Power supply |
DC 10 - 30 V |
| Operating temperature |
-20° to +60° C |
| Input-output ports |
2x USB |
| Network equipment specifications |
|
| Network ports |
3x RJ45, 10/100/1000 Mbps |
| Industrial interfaces |
RS-232, RS-422, RS-485 Modbus TCP - Modbus RTU gateway |
| Wireless interfaces |
Wi-Fi, antenna (SMA) GSM/2G/3G antenna |
| Firewall performance |
|
| Firewall throughput |
10 Mbps |
| Max number of concurrent sessions |
1,000 |
| New connections |
200 per second |
| Encrypted channel performance |
|
| VPN throughput |
10 Mbps |
| L2 VPN throughput |
10 Mbps |
| Maximal number of tunneled hosts |
5 |
| Integrated services |
|
| DNS, NTP, DHCP server |
Yes |
| DHCP-relay |
Yes |
| Availability and reliability |
|
| Failover cluster |
Yes |
| Unattended operation 24x7 |
Yes |
| Protection in industrial conditions |
|
| IP protection class |
IP30 |
| Electromagnetic compatibility |
CISPR22, CISPR 24 |