5-4 www. m oxa. com EDR-G902/G903 Series 5 Industrial Network Security and Management Industrial Network Security and Management > EDR-G902/G903 Series The EDR-G903/G902 series is a high-performance, industrial VPN server with a firewall/NAT all-in-one secure router. It is designed for Ethernet-based security applications in sensitive remote control or monitoring networks, and it provides an Electronic Security Perimeter for the protection of critical cyber assets such as pumping stations, DCS, PLC systems on oil rigs, and water treatment systems. The EDR-G902/G903 series includes the following cybersecurity features: • Virtual Private Network (VPN): VPNs are designed to provide users with secure communication links when accessing a private network from the public Internet. They use IPSec (IP Security) server or client mode for encryption and authentication of all IP packets at the network layer to ensure confidentiality and sender authentica- tion. Industrial secure routers with firewall/NAT/VPN • Firewall: Controls network traffic between different trust zones. Network Address Translation (NAT), which shields the internal LAN from unauthorized activity from outside hosts, is included. The EDR-G902/G903’s Quick Automation Profile function supports most common fieldbus protocols, including EtherCAT, EtherNet/IP, FOUNDATION Fieldbus, Modbus/TCP, and PROFINET. Users can easily create a secure Ethernet Fieldbus network from a user-friendly web UI with a single click. In addition, Moxa’s PacketGuard technology (Deep Packet Inspection) helps to filter Modbus TCP commands at OSI layer 7. The wide temperature range models that are available operate reliably in hazardous, -40 to 75°C environments. Specifications Introduction (EDR-G902) (EDR-G903) › ›Firewall/NAT/VPN/Router all-in-one › ›Secure remote access tunnel with VPN › ›Protect critical assets with stateful firewall › ›Inspect industrial protocol with PacketGuard technology › ›Easy network setup with address translation (NAT) › ›Dual WAN redundant interfaces through public networks › ›Support for VLANs in different interfaces › ›-40 to 75°C operating temperature range (T model) › ›ISA99 / IEC 62443 / NERC CIP compliance Technology Standards: IEEE 802.3 for 10BaseT IEEE 802.3u for 100BaseT(X) and 100BaseFX IEEE 802.3ab for 1000BaseT(X) IEEE 802.3z for 1000BaseX Protocols: SNMPv1/v2c/v3, DHCP Server/Client, TFTP, NTP/SNTP server and client, HTTP, HTTPS, Telnet, SSH, Syslog, SMTP, LLDP, PPPoE, PPTP, Dynamic DNS, traffic prioritization Routing: Static routing, RIP V1/V2, OSPF Throughput: • EDR-G902: Max. 25000 packets per second (or 300 Mbps) • EDR-G903: Max. 40000 packets per second (or 500 Mbps) Routing Redundancy: VRRP VLAN: 5 VLANs per interfaces (VLAN ID: 1 to 4094) Flow Control: IEEE 802.3x flow control, back pressure flow control Security Functions Firewall: Features: • Stateful inspection • Router firewall and transparent (bridge) firewall • Filter: IP and MAC address, ports, ICMP, Ethernet protocols • Deep Packet Inspection: Modbus TCP/UDP • Quick Automation Profiles: EtherCAT, EtherNet/IP, FOUNDATION Fieldbus, LonWorks, Modbus/TCP, PROFINET, IEC 60870-104, DNP, FTP, SSH, Telnet, HTTP, IPSec, L2TP, PPTP, RADIUS Throughput: • EDR-G902: Max. 25000 packet per second (or 300 Mbps) • EDR-G903: Max. 40000 packet per second (or 500 Mbps) DoS and DDoS Protection: Null Scan, Xmas Scan, NMAP-Xmas Scan, SYN/FIN Scan, FIN Scan, NMAP-ID Scan, SYN/RST Scan, NEW- Without-SYN Scan, ICMP-Death, SYN-Flood, ARP-Flood NAT: N-to-1, 1-to-1, bidirectional 1-to-1, and port forwarding Award-winning Product