EDR-G903 Series

Industrial secure routers with firewall/NAT/VPN

Larger Image

Evaluation units available for online purchase
>> Buy now (USA only)


Features and Benefits Moxa industrial firewalls

  • Firewall/NAT/VPN/Router all-in-one
  • Secure remote access tunnel with VPN
  • Protect critical assets with stateful firewall
  • Inspect industrial protocol with PacketGuard technology
  • Easy network setup with address translation (NAT)
  • Dual WAN redundant interfaces through public networks
  • Support for VLANs in different interfaces
  • -40 to 75°C operating temperature range (T model)
  • ISA99 / IEC 62443 / NERC CIP compliance

Introduction

The EDR-G903 series is a high-performance, industrial VPN server with a firewall/NAT all-in-one secure router. It is designed for Ethernet-based security applications in sensitive remote control or monitoring networks, and it provides an Electronic Security Perimeter for the protection of critical cyber assets such as pumping stations, DCS, PLC systems on oil rigs, and water treatment systems. The EDR-G903 series includes the following cybersecurity features:

  • Virtual Private Network (VPN): VPNs are designed to provide users with secure communication links when accessing a private network from the public Internet. They use IPSec (IP Security) server or client mode for encryption and authentication of all IP packets at the network layer to ensure confidentiality and sender authentication.
  • Firewall: Controls network traffic between different trust zones. Network Address Translation (NAT), which shields the internal LAN from unauthorized activity from outside hosts, is included.

The EDR-G903’s Quick Automation Profile function supports most common fieldbus protocols, including EtherCAT, EtherNet/IP, FOUNDATION Fieldbus, Modbus/TCP, and PROFINET. Users can easily create a secure Ethernet Fieldbus network from a user-friendly web UI with a single click. In addition, Moxa’s PacketGuard technology (Deep Packet Inspection) helps to filter Modbus TCP commands at OSI layer 7. The wide temperature range models that are available operate reliably in hazardous, -40 to 75°C environments.

Whitepaper

The right industrial firewall can strengthen the safety and reliability of control systems

    

In this paper, we present important considerations for implementing network security and network security risk management. We also include information on how to develop mitigation strategies for specific problems and provide directions on how to choose the right industrial firewall to ensure safety and reliability for industrial networks........more

Firewall

---------------------------------------------------------------------------------------------------------------------------------------------------------

White Paper

Protecting Industrial Control Systems with Gigabit Cybersecurity

 

An Industrial Control System (ICS) needs the type of network security that takes into consideration its central role in industrial applications. Problems that arise in ICS operations can result in losses on many different levels, including costs incurred from equipment damage, and even loss of life. Although ICS networks may use some of the same technology and devices as enterprise IT systems, from a hands-on practical point of view, ICS network security differs in three aspects: protecting devices, content for filtering, and operating environment...........more

Gigabit

 

---------------------------------------------------------------------------------------------------------------------------------------------------------

FAQ

Is Your Network Infrastructure Ready for the IIoT?

    

The Industrial Internet of Things (IIoT) trend aims to improve efficiency and productivity by connecting different devices together as well as collecting and analyzing large volumes of data to offer accurate information. However, before reaping the benefits of the IIoT, users need to ensure that the correct infrastructure is in place. To make sure your network is ready for the IIoT, check out five of the most frequently mentioned questions........more

FAQ_cover

Technology
Standards IEEE 802.3 for 10BaseT
IEEE 802.3u for 100BaseT(X) and 100BaseFX
IEEE 802.3ab for 1000BaseT(X)
IEEE 802.3z for 1000BaseX
Protocols SNMPv1/v2c/v3, DHCP Server/Client, TFTP, NTP/SNTP server and client, HTTP, HTTPS, Telnet, SSH, Syslog, SMTP, LLDP, PPPoE, PPTP, Dynamic DNS, traffic prioritization
Routing Static routing, RIP V1/V2, OSPFThroughput:
• Max. 40000 packets per second (or 500 Mbps)
Routing Redundancy VRRP
VLAN 5 VLANs per interfaces (VLAN ID: 1 to 4094)
Flow Control IEEE 802.3x flow control, back pressure flow control
Security Functions
Firewall Features:
• Stateful inspection
• Router firewall and transparent (bridge) firewall
• Filter: IP and MAC address, ports, ICMP, Ethernet protocols
• Deep Packet Inspection: Modbus TCP/UDP
• Quick Automation Profiles: EtherCAT, EtherNet/IP, FOUNDAT
DoS and DDoS Protection Null Scan, Xmas Scan, NMAP-Xmas Scan, SYN/FIN Scan, FIN Scan, NMAP-ID Scan, SYN/RST Scan, NEW-Without-SYN Scan, ICMP-Death, SYN-Flood, ARP-Flood
NAT N-to-1, 1-to-1, bidirectional 1-to-1, and port forwarding
IPSec VPN Protocols:
• IPSec
• L2TP (server)
• PPTP (client)
Encryption:
• DES, 3DES, AES-128, AES-192, AES-256
Authentication:
• RSA (key size: 1024-bit, 2048-bit)
• X.509 v3 certificate
• MD5 and SHA (SHA-256)
Throughput:
• 100 IPSec VPN Tunnels (Max. 30 start in initial mode)
OpenVPN Protocols:
• OpenVPN (client and server), UDP and TCP
• Tunnel mode (routing) and TAP mode (bridge)
Encryption:
• Blowfish CBC, DES CBC, DES-EDE3 CBC, AES-128/192/256 CBC
Authentication:
• User password by MD5 and SHA1
Concurrent VPN Tunnels:
• Server mode: max. 5 external clients
• Client mode: max. 2 external servers
Real-Time Firewall / VPN Event Log • Event Type: Firewall Event, VPN Event, System Security Event
• Media: Local storage, Syslog server, and SNMP trap
Interface
WAN/WAN1 1 RJ45/Fiber combo port
WAN2/DMZ 1 RJ45/Fiber combo port
LAN RJ45/SFP combo port
RJ45 Ports 10/100/1000BaseT(X) auto negotiation speed
Fiber Ports 100/1000BaseSFP slot
LED Indicators PWR1, PWR2, FAULT, 10/100/1000M
Alarm Contact One relay output with current-carrying capacity of 1 A @ 24 VDC
Digital Inputs 1 input
• +13 to +30 V for state “1”
• -30 to +3 V for state “0”
• Max. input current: 8 mA
Power Requirements
Input Voltage 12/24/48 VDC, redundant dual inputs
Input Current 0.45 A @ 24 V
Overload Current Protection Present
Connection Removable terminal block
Reverse Polarity Protection Present
Physical Characteristics
Housing Metal, IP 30 protection
Dimensions 51 x 152 x 131.1 mm (2.01 x 5.98 x 5.16 in)
Weight 1250 g (2.82 lb)
Installation DIN-rail mounting, wall mounting (with optional kit)
Environmental Limits
Operating Temperature Standard Models: 0 to 60°C (32 to 140°F)
Wide Temp. Models: -40 to 75°C (-40 to 167°F)
Storage Temperature -40 to 85°C (-40 to 185°F)
Ambient Relative Humidity 5 to 95 % (non-condensing)
Standards and Certifications
Safety UL 508
EMC EN 55022/24
EMI CISPR 22, FCC Part 15B Class A
EMS IEC 61000-4-2 ESD: Contact: 6 kV; Air: 8 kV
IEC 61000-4-3 RS: 80 MHz to 1 GHz: 10 V/m
IEC 61000-4-4 EFT: Power: 4 kV; Signal: 4 kV
IEC 61000-4-5 Surge: Power: 2 kV; Signal: 1 kV
IEC 61000-4-6 CS: Signal: 10 V
IEC 61000-4-8
Power Automation IEC 61850-3
Shock IEC 60068-2-27
Freefall IEC 60068-2-32
Vibration IEC 60068-2-6 
Note: Please check Moxa’s website for the most up-to-date certification status.
MTBF (mean time between failures)
Time 530,000 hrs
Standard Telcordia (Bellcore), GB
Warranty
Warranty Period 5 years
Details See www.moxa.com/warranty

To request a quote, indicate which items you are interested in below and click "Get a Quote".

Available Models

  Model No. Description
EDR-G903 Industrial Gigabit Firewall/NAT secure router with 2 WAN/1 DMZ ports, 100 VPN Tunnels, 0 to 60°C operating temperature
EDR-G903-T Industrial Gigabit Firewall/NAT secure router with 2 WAN/1 DMZ ports, 100 VPN Tunnels, -40 to 75°C operating temperature

Compatible Modules

SFP-1G Series
  Model No. Description
SFP-1G10ALC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1310 nm, RX 1550 nm, 0 to 60°C operating temperature
SFP-1G10ALC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1310 nm, RX 1550 nm, -40 to 85°C operating temperature
SFP-1G10BLC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1550 nm, RX 1310 nm, 0 to 60°C operating temperature
SFP-1G10BLC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX 1550 nm, RX 1310 nm, -40 to 85°C operating temperature
SFP-1G20ALC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1310 nm, RX 1550 nm, 0 to 60°C operating temperature
SFP-1G20ALC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1310 nm, RX 1550 nm, -40 to 85°C operating temperature
SFP-1G20BLC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1550 nm, RX 1310 nm, 0 to 60°C operating temperature
SFP-1G20BLC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX 1550 nm, RX 1310 nm, -40 to 85°C operating temperature
SFP-1G40ALC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1310 nm, RX 1550 nm, 0 to 60°C operating temperature
SFP-1G40ALC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1310 nm, RX 1550 nm, -40 to 85°C operating temperature
SFP-1G40BLC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1550 nm, RX 1310 nm, 0 to 60°C operating temperature
SFP-1G40BLC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX 1550 nm, RX 1310 nm, -40 to 85°C operating temperature
SFP-1GEZXLC SFP module with 1 1000BaseEZX port with LC connector for 110 km transmission, 0 to 60°C operating temperature
SFP-1GEZXLC-120 SFP module with 1 1000BaseEZX port with LC connector for 120 km transmission, 0 to 60°C operating temperature
SFP-1GLHLC SFP module with 1 1000BaseLH port with LC connector for 30 km transmission, 0 to 60°C operating temperature
SFP-1GLHLC-T SFP module with 1 1000BaseLH port with LC connector for 30 km transmission, -40 to 85°C operating temperature
SFP-1GLHXLC SFP module with 1 1000BaseLHX port with LC connector for 40 km transmission, 0 to 60°C operating temperature
SFP-1GLHXLC-T SFP module with 1 1000BaseLHX port with LC connector for 40 km transmission, -40 to 85°C operating temperature
SFP-1GLSXLC SFP module with 1 1000BaseLSX port with LC connector for 2 km transmission, 0 to 60°C operating temperature
SFP-1GLSXLC-T SFP module with 1 1000BaseLSX port with LC connector for 2 km transmission, -40 to 85°C operating temperature
SFP-1GLXLC SFP module with 1 1000BaseLX port with LC connector for 10 km transmission, 0 to 60°C operating temperature
SFP-1GLXLC-T SFP module with 1 1000BaseLX port with LC connector for 10 km transmission, -40 to 85°C operating temperature
SFP-1GSXLC SFP module with 1 1000BaseSX port with LC connector for 0.5 km transmission, 0 to 60°C operating temperature
SFP-1GSXLC-T SFP module with 1 1000BaseSX port with LC connector for 0.5 km transmission, -20 to 75°C operating temperature
SFP-1GZXLC SFP module with 1 1000BaseZX port with LC connector for 80 km transmission, 0 to 60°C operating temperature
SFP-1GZXLC-T SFP module with 1 1000BaseZX port with LC connector for 80 km transmission, -40 to 85°C operating temperature
SFP-1FE Series
  Model No. Description
SFP-1FELLC-T SFP module with 100Base single-mode with LC connector for 80 km transmission, -40 to 85°C operating temperature
SFP-1FEMLC-T SFP module with 100Base multi-mode with LC connector for 4 km transmission, -40 to 85°C operating temperature
SFP-1FESLC-T SFP module with 100Base single-mode with LC connector for 40 km transmission, -40 to 85°C operating temperature

Optional Accessories

Trial Software
  Model No. Description
MXview Industrial network management software designed for converged automation networks

PacketGuard for Modbus TCP Packet Inspection

Animation: How Does PacketGuard Stop Unsafe Modbus Packets


     


Next Step