Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Firewalls and Routers Maximum security for industrial networks
Issue 11 / 2019
Well coordinated communication Security for your network »Made in Germany«
The Internet is based on globally communication standards. This common language opens up
unimagined potential, but a significant amount of risk is also involved. With the ADS-TEC firewalls
of the IRF2000 series, you can communicate in a targeted way, monitor communication channels
and prevent unwanted contact requests – both within the company and remotely via the Internet.
Networks are protected in the best possible way using smartcard security. Trust in experience:
ADS-TEC has been developing IT products entirely in-house for 35 years, with long-term availa-
bility and 100% Made in Germany.
IRF2000 series Added values • High-quality die-cast aluminium case• Electronic disconnection of communication for service-
oriented operation• Secure authentication using smartcard technology• Extensive firewall functionality by
means of precise firewall rule settings• Optimal integration in the company-internal IT infrastructure
by means of detailed network-specific configurability • Can be functionally expanded with your own applications
(OSGiTM)• Devices are quickly and cost efficiently replaced
without using any specialists
IRF2000 series Areas of application • Hubs in the IT network for increased IT security• Secure end points for protecting machines and systems• Communication interfaces for secure remote service• As a secure interface for data collection and data
coordination • Optimal for remote maintenance solutions in combination
with the Big-LinX IIoT Service Platform• With DNV GL certificate for secure operation on
maritime plants and systems
Firewalls and Routers of the IRF2000 series
IRF2000 series Product benefits• Flexible configuration with two integrated Gbit switches
(2-port or 6-port IP router)• Integrated 4G/LTE mobile communications option enables
wireless Internet access worldwide• Java™/OSGi™ service platform allows you to put your own
applications on the devices• Quick and easy commissioning through intuitive setup
Endpoint security solution for systems and machines Excellent protection against attacks
and unauthorised access with ADS-TEC firewall systems
Simple and intuitive to operate, the firewall tackles complex security tasks and impresses
when used as a remote maintenance centre or high-speed router in the switch cabinet.
With the best-in-class equipment in CPU power and RAM memory, all models can be expanded
with the Java™/OSGi™ service platform and therefore serve as the ideal basis for applications
on the Internet of Things.
Big-LinX® IIoT Service Platform Basis for remote maintenance and much more
Big-LinX is a versatile and scalable IIoT Service Platform which provides high-performance
modular solutions for a wide variety of different IoT applications. The secure connection of
decentralised systems, the management of distributed gateways as well as comprehensive
services for data collection, forwarding and monitoring make a major contribution to the
implementation of complex Industry 4.0 architectures in local and global networks.
A cost-free test phase in Big-LinX enables a extensive test of your IIoT solution.
Big-LinX® Added value• Integrated VPN rendezvous server for secure connections
worldwide and access to corresponding terminals• Big-LinX Explorer in the form of a common web portal• Scalability – from stand-alone systems to inter-networked
systems and machines• Simple connection to higher-level IT systems and databases• Alarming, monitoring and administration of complex
architectures and multiple clients • Highest security based on software or hardware certificates• Secure data and condition communication via the WWH
service (World Wide Heartbeat)• Simple integration of customer programs and apps based
on the OSGI™/Java™ framework• Individual administration of users, privileges and firewall• Efficient deployment planning of service employees• Fully integrated Remote Service Access • Large number of operating modes, easy and intuitive to
operate • Free test phase for your IIoT solution
Big-LinX® Areas of application• Remote maintenance in machine, process and
plant engineering• Cloud platform for connecting distributed plants
and systems• Platform, e.g. for the smart grid of energy suppliers• User and user group administration• Data collection and remote access to plants• Interfaces for condition monitoring and data analytics• Device management for the distributed gateways• IoT dashboards – monitoring and analysis of system and
system states, customised visualisations and alarming
Secured connection
Virus, Trojan cyber attacks
ServiceMachine
Machine
Machine with battery storage system
Battery storage system
Stable access to machines / systems in China
Big-LinX®
server
Cut, filter and alarm 100% security in critical phases• External input (e.g., key switch or from PLC) for
influencing packet filter rules or for completely disconnecting the device from the network
• Digital output for alarms in the event of pre-defined rules violations
• The machine can quickly be disconnected from the network in critical situations, or the other way round, be connected to the network for remote maintenance
Compact design Tried-and-tested and robust• Robust die-cast aluminium case• Slim housing design for minimum space requirement
in the cabinet• DIN rail or VESA75 installation
Smartcard Hardware certificate and Plug+Play configuration• Optional crypto smartcard with the function of a secure
hardware certificate for PKI structures• The smartcard enables simple and secure handling of the
firewalls in the field without the need for specialist IT knowledge
• Recognised security standards thanks to crypto smartcard technology with signature and certificate safe
SIM card Mobile communications worldwideThe integrated 4G option allows connection to local high-speed mobile communications networks anywhere in the world. The product is rounded off by extensive software support such as redundant fallback operation of Ethernet links. In two different versions depending on requirements:• LTE with MIMO for EU/Australia• LTE with MIMO for North America
For energy suppliers The IRF2000 series as a flexible feed-in management routerWith serial interface and IOs, direct access is possible, which can be realised seamlessly and securely via mobile communication networks. Thanks to Java™ integration, software interfaces can be implemented with existing controls. Regardless of whether OPC UA, Modbus/TCP, IEC60870-5-104 or 61850 – the protocol converters operate as pure software on the devices of the IRF2000 series.
IRF2000 series with LTE /4G option Integration of current OSGi™ technology Crypto smartcard technology DNV GL certification for maritime use
HIGH LIGHTS
ADS-TEC Remote Service on all of the world's seasFirewalls with DNV GL certificate• Secure operation of communication networks on all
maritime plants and systems• Use in national and international shipping, shipbuilding,
maritime constructions and offshore wind turbines• IEC 60945 tested – suitable for applications on the bridge
IRF2000 series features at a glance
IT network
Service Administration
Filter function
Internet
Cut signal
Alarm signal
Remote maintenance via Big-LinX®
Event logbook
Electronic disconnection Uplink!
Production
Rollout service Customised factory defaults• Creation of a customer-specific »factory default«
configuration file, stored on a smartcard• Thus, standard settings are preconfigured for running
operation and offer your defined fallback solution in the event of a reset
Rollout service Individual configuration and direct shipment• Configuration of individual firewalls and routers
at ADS-TEC prior to delivery with customer-specific parameters – device startup at the customer directly via »Plug+Play«
• On request, delivery directly to the desired destination address
ADS-TEC Service – More security
ADS-TEC service packages Extended Warranty in Basic, Silver and Gold
In order to cover technical malfunctions it is possible, beyond the statutory warranty,
to purchase an ADS-TEC industrial IT product for an extended service.
withoutservice package
Protection against technical malfunctions
– *
Contract term – * 36 /60 months 36 /60 months 36 /60 months
Processing time of the industrial IT product in the event of service
20 AT 10 AT 5 AT 3 AT
Protection against mechanical damages
– * – – –
ADS-TEC Services The packages at a glanceWith the Basic, Silver and Gold packages, defined reaction times of 36 or 60 months can be specified for repair, in order to keep the downtime as short as possible. These are calculated in working days (AT) from arrival of the Service Article at ADS-TEC until once again returned to the transport provider after successful repair, exclusive of any possible period subject to a cost estimate (for a repair outside of the guarantee service).
*warranty period of 12 or 24 months
We create your service package, tailored to your needs. Please get in touch with us to learn more.
IRF2000 Series Technical Data
Device data IRF2200 IRF2220 IRF2601 IRF2621
4G/LTE module x x
2 ports x x
6 ports x x
RS232 serial interface x x
Ethernet connections LAN + WAN as 2 x RJ45 1000BaseTx FD (IRF22xx), 6 x RJ45 1000BaseTx FD (IRF26xx)
Power supply 1 x 24 VDC (7 - 30 VDC) max. 800 mA (without additional external loads) at 24 VDC
SCM card slot For smartcards
USB 2.0 port External USB 2.0 connection for connecting serial RS232 or RS485 USB converters with FDTI, CP210x or PL2303 chipsets which can be controlled from Java/OSGi
Housing Robust aluminium die-cast case for VESA 75 top-hat rail mounting
VPN Supports two different VPN protocols: OpenVPN: Layer2 (Ethernet) and Layer3 (IP) transport with SSL encryption. Support for tunnelling via HTTP proxy and packet filtering. IPsec: Standard IPsec encryption with 1:1 NAT support and data filtering
Cut, filter and alarm The network access side (WAN) can be electronically disconnected, which is the equivalent of disconnecting the network cable 24 V input – for activating the cut (external) and alarm function as well as for influencing packet filter rules, e.g., with a PLC or using a key switch 24 V output – alarm output for status indication for a PLC or display (max. 1000 mA)
VPN Key & Up 24 V VPN key input signal – for triggering VPN connections (max. 10 mA) 24 V VPN output signal – for indicating a working VPN channel (max. 1000 mA)
Java™ / OSGi™ extension Software license enables the device for a rechargeable JavaVM according to Java specification 1.3, as well as large parts of Java 1.4, 1.5 and 1.6. incl. Equinox 3.8.2 OSGi framework. For Java™ environment and your own application / data, ~110 MB RAM and ~55 MB SLC NAND flash are available.
Configuration Via web interface (HTTP, HTTPS) and SNMP interface for central configuration of the device function
Operating temperature -20 °C to +70 °C
Storage temperature -40 °C to +85 °C
Humidity 5 to 90% non-condensing
Protection class IP20 for switching cabinet installation
Vibration DIN EN 60068-2-6
Shock resistance DIN EN 60068-2-29
Dimensions in mm (W x H x D) 140 x 163 x 35 / 57* 140 x 170 x 35 / 57* 140 x 163 x 57 140 x 170 x 57
4G/LTE mobile communication wireless module
Integrated 4G/LTE module for high-speed Internet access via radioCan be configured as redundant / fail-safe uplink
DynDNS Enables the automatic registration of a dynamic IP address with www.dyndns.org service via Internet dial-up
*as DNV GL variation
DZ
-HAN
D-9
3010
-1/K
Fi
rew
all b
roch
ure
E 1
1-20
19
The
cont
ent
of t
his
prod
uct
rang
e br
ochu
re w
as c
reat
ed w
ith
utm
ost
care
. How
ever
, we
shal
l not
be
held
liab
le f
or t
he a
ccur
acy,
com
plet
enes
s an
d to
pica
lity
of a
ny d
ata
and
figu
res
cont
aine
d in
thi
s pu
blic
atio
n. T
he c
onte
nts
are
subj
ect
to t
echn
ical
mod
ifica
tion
and
figu
res
may
diff
er f
rom
rea
lity.
All p
rodu
ct n
ames
are
tra
dem
arks
and
reg
iste
red
trad
emar
ks, a
nd a
s su
ch a
re t
he p
rope
rty
of t
he r
espe
ctiv
e co
mpa
ny o
wni
ng t
rade
mar
k ri
ghts
, in
each
cas
e.
ads-tec Industrial IT GmbHHeinrich-Hertz-Strasse 1D-72622 NuertingenPhone +49 70 22 25 22-200Fax +49 70 22 25 [email protected]
Company headquarters (above) in Nuertingen near Stuttgart, production site in Wilsdruff near Dresden
The ADS-TEC Group Technology for ProfessionalsFor decades, we follow the latest technologies for the best benefit of our customers. Depth of development and process „Made in Germany“ distinguish us, so that we remain able of acting over long periods of time. On this basis we are a strong and reliable partner in the fields of “Industrial IT” and “Energy”.
Added values For the success of our customers• Our products have been developed in-house for over 35 years• 100% depth of development as basis for long-term and individual solutions• Tailor-made solutions based on tried-and-tested standard products• Cloud-based IIoT solution kit for Industry 4.0 applications• Highest safety standards for worldwide data communication• Roll-out, asset and solution management services• References and applications in areas like automation, logistics, medical technology, food and beverage as well
as agricultural and construction machinery• Extensive range of service offerings• Intel® Technology Provider Platinum Partner and member of the Intel® Internet of Things Solutions Alliance