IntroductionIndustrial Ethernet Network Firewall.
FeaturesIndustrial Ethernet in the automation engineering assigns machine construction and plant engineering and construction as well as productive businesses new security issues. Viruses and worms do not stopp at the production and the dangers and effects are significantly larger as distinguished from an office environment. A malfunction from a robot for example or the malfunction of a control system causes besides of the actual exposure also significant outage losses. In order to exclude these dangers and to obtain more security at attacks from the outside a couple of additional safety functions had been intergrated in the Firewall. That way for example the uplink can be physically separated for the first time. This corresponds to the extraction of the ethernet cable.
Cut & Stop
During critical startup or production phases, the Ethernet uplink can be physically disconnected (at the hardware) through a 24 V input. This safely rules out intentional or unintentional external manipulation.The uplink is reconnected through the same input. This function makes integration into an automation concept very simple
Alarming
If a rule is violated, the alarm signal is reported to the control center through an output. Necessary measures can be automated directlyFor example, acoustic indicator lights can signal the alarm conditionE-mails can be sent out automatically to signal a rules violation
Event Logbook
A zero-voltage event logbook with retentive memory stores all events when the firewall is disconnected from the power supplyThe event logbook is password-protected and can be read out either locally or via a central Syslog server
Display/Keypad
The built-in display can be used to configure the primary functionsIt is possible to obtain a quick system analysis, e.g. of the network load, directly from the displayThe display and keys can be password-protected against unauthorized manipulation
Display/Keypad
The built-in display can be used to configure the primary functionsIt is possible to obtain a quick system analysis, e.g. of the network load, directly from the displayThe display and keys can be password-protected against unauthorized manipulation
Managed Switch
Network segments can be set up without any additional hardware using the managed switch integrated into the firewall. It is possible to connect multiple systems or terminals to one firewallEach port can be switched off individually to prevent unauthorized data traffic monitoring
Service
Service access via a secure service portConnecting the firewall to an analog, ISDN or GPRS modem for dial-in access allows affordable remote maintenance, even without an Internet connectionThe FDR (faulty device replacement) function ensures quick, automatic restoration of the firewall configuration when the device is replaced
Industrial Design with Fiber Optic Connection
The housing consists of a stable aluminum casting suitable for top hat rail or wall mountingUninterrupted Ethernet connection via fiber optics is provided especially for use in the critical industrial environmentThe 24 V DC voltage input features a redundant design and also ensures the availability of the firewall
Function
Configuration and parameterization can be carried out centrally through the network or directly from the firewall. For a quick and easy startup, individual devices or groups can be quickly organized by dragging and dropping them into a logical, hierarchical structure. Structures, devices, groupings and all individual settings are managed in a database, so firmware updates can be launched and run centrally with just one command.
The parameters can also be set directly from the firewall. The Quick Setup also supports a rapid startup, even for those lacking specialized knowledge of security mechanisms.
Data Filters for Layer 2 and Layer 3
In the router mode, the firewall assumes the role of a traditional IT firewall for 'stateful' filtering of data between two IP subnetsIn the transparent - Ethernet bridge mode,- the firewall initially remains invisible and filters at the ISO/OSI layerThe firewall provides pure Ethernet filter criteria according to 802.1q and for VLAN attributes or Ethernet MAC addressesPurely Ethernet-based control protocols such as PROFINET can be easily filtered at layer 2
Prioritization
Data traffic can be controlled with the help of prioritization and bandwidth managementLimiting the bandwidth, especially for uncritical data, makes it possible to prioritize control protocols for low latency independent of data loadReal-time Ethernet' applications can be easily implemented in combination with VLAN tagging
Simple Configuration
The predefined filter rules allow you to quickly and easily configure the firewall without IT expertiseFilter sets such as POP3, Modbus TCP and PROFINET are already stored as symbolic names and can be directly accessedA wide array of filter rules can be individually parameterized and defined via the Web interface
Secure Data Traffic
The firewall secures the data traffic during process communication, such as between two parts of the system, using a VPN (virtual private network) tunnelWith VPN secure communication of Ethernet protocols even across complex IP networks are enabled
Downloads Data Sheet
|
|
