EDR-G9010 Series

Homepage > Moxa > Industrial Network Infrastructure > Network Security Appliance > EDR-G9010 Series

Features and Benefits

Developed according to the IEC 62443-4-1 and compliant with the IEC 62443-4-2 industrial cybersecurity standards
10-port Gigabit all-in-one firewall/NAT/VPN/router/switch
Industrial-grade Intrusion Prevention/Detection System (IPS/IDS)
Visualize OT security with the MXsecurity management software
Secure remote access tunnel with VPN
Examine industrial protocol data with Deep Packet Inspection (DPI) technology
Easy network setup with Network Address Translation (NAT)
RSTP/Turbo Ring redundant protocol enhances network redundancy
Supports secure boot for checking system integrity
-40 to 75°C operating temperature range (-T model)

Overview

The EDR-G9010 Series is a set of highly integrated industrial multi-port secure routers with firewall/NAT/VPN and managed Layer 2 switch functions. These devices are designed for Ethernet-based security applications in critical remote control or monitoring networks. These secure routers provide an electronic security perimeter to protect critical cyber assets including substations in power applications, pump-and-treat systems in water stations, distributed control systems in oil and gas applications, and PLC/SCADA systems in factory automation. Furthermore, with the addition of IDS/IPS, the EDR-G9010 Series is an industrial next-generation firewall, equipped with threat detection and prevention capabilities to further protect critical infrastructure from cybersecurity attacks.

MX-ROS Addresses Growing Cybersecurity Threats

Moxa’s MX-ROS (https://www.moxa.com/en/spotlight/portfolio/mx-ros/index) is a software platform for industrial security routers and firewalls. The platform supports the robust security and user-friendly operation of secure routers through simplified web and CLI interfaces. In addition to adhering to IEC 62443-4-2, MX-ROS devices offer a wealth of the latest cross-industry Operational Technology (OT) network management features with each release to safeguard hardware and software.

Defend Against Malicious Threats With Advanced Cybersecurity Features

The EDR-G9010 Series’ embedded firewall uses policy rules to control network traffic between trusted zones while Network Address Translation (NAT) shields the internal network from unauthorized access by outside hosts. The Virtual Private Networking (VPN) functionality further provides users with secure communication tunnels when accessing the private network from the public Internet. To help protect your OT assets from cyberattacks, the EDR-G9010 Series supports Deep Packet Inspection (DPI) to examine the data portion of network packets for various OT-specific protocols.

Simplify Configurations With the User-friendly Interface and Quick Settings

The EDR-G9010 Series’ Setup Wizard provides an easy way for users to set up WAN, LAN, and Bridge ports for routing functionality in just four steps. In addition, the object-based firewall management feature gives engineers a simple way to configure and maintain firewall filtering for IP addresses and subnets, network services, industrial application services, and user-defined services.

Industrial-grade Design to Ensure Uninterrupted Network Connectivity

The EDR-G9010 Series’ rugged hardware makes these secure routers ideal for harsh industrial environments, featuring wide-temperature models that are built to operate reliably in hazardous conditions and extreme temperatures of -40 up to 75°C. Moreover, the EDR-G9010 Series supports comprehensive Layer 2 and Layer 3 redundancy mechanisms to ensure that your network stays connected at all times.

Virtual Patching and Intelligent Threat Protection

Patching remains a major challenge in OT environments because OT applications cannot afford interrupting operations by shutting down systems to apply patches. Virtual patching technology can help complement existing patch management processes by shielding known and unknown vulnerabilities. In addition, the EDR-G9010 features intelligent IPS functionality for continuous protection against cyberthreats which uses pattern-based detection to identify and block known attacks.

Specifications

Input/Output Interface

Alarm Contact Channels

Resistive load: 1 A @ 24 VDC

Digital Inputs

+13 to +30 V for state 1
-30 to +3 V for state 0
Max. input current: 8 mA

Buttons

Reset button

Ethernet Interface

10/100/1000BaseT(X) Ports (RJ45 connector)

1000/2500BaseSFP Ports

Standards

IEEE 802.1Q for VLAN Tagging
IEEE 802.3 for 10BaseT
IEEE 802.3ab for 1000BaseT(X)
Static Port Trunk
IEEE 802.3u for 100BaseT(X)
IEEE 802.3x for flow control
IEEE 802.3z for 1000BaseSX/LX/LHX/ZX
IEEE 802.1X for authentication

DMZ

User-configurable DMZ ports

Ethernet Software Features

Broadcast Forwarding

IP directed broadcast, broadcast forwarding

Management

Back Pressure Flow Control
DDNS
DHCP Server/Client
Web Console (HTTP/HTTPS)
LLDP
SNMPv1/v2c/v3
Telnet
TFTP
HTTPS
SSH

Redundancy Protocols

RSTP
STP
Turbo Ring v2
Turbo Chain

Routing Throughput

Max. 350K packets per second / 2 Gbps (based on RFC 2544)

Routing Table

Max. 4K routing rules

Concurrent Connections

Max. 400K (based on RFC 3511)

Connections Per Second

Max. 20K (based on RFC 3511)

Routing Redundancy

VRRP

Security

Secure Boot
IPsec
L2TP (server)
RADIUS
Trust access control
TACACS+
SCP
SFTP
NTP authentication
Syslog Authentication

Time Management

NTP Server/Client
SNTP

Unicast Routing

OSPF
RIPV1/V2
Static Route

Multicast Routing

Static Route

Filter

IGMP v1/v2/v3

Switch Properties

VLAN ID Range

VID 1 to 4094

IGMP Groups

Max. No. of VLANs

LED Interface

LED Indicators

PWR1, PWR2, STATE, MSTR/H.TC, CPLR/T.TC, VRRP/HA, VPN, USB

DoS and DDoS Protection

Technology

ARP-Flood
FIN Scan
ICMP Flood
TCP Sessions Without SYN
NMAP-ID Scan
NMAP-Xmas Scan
Null Scan
SYN/FIN Scan
SYN/RST Scan
SYN-Flood
Xmas Scan

Firewall

Filter

DDoS
Ethernet protocols
ICMP
IP address
MAC address
Ports

Stateful Inspection

Router firewall
Transparent (bridge) firewall

Deep Packet Inspection

DNP3
EtherNet/IP
IEC 60870-5-104
IEC 61850 MMS
MELSEC
Modbus TCP
Modbus UDP
Omron FINS
OPC UA
Siemens S7 Comm.
Siemens S7 Comm. Plus

Additional protocols will be supported through future firmware updates.

Intrusion Prevention System

Requires an additional license.

Throughput

Firewall:
Max. 350K packets per second / 2 Gbps (based on RFC 2544)
IPS:
Max. 200K packets per second / 2 Gbps (based on RFC 2544)

IPsec VPN

Authentication

MD5 and SHA (SHA-512)
RSA (key size: 1024-bit, 2048-bit)
X.509 v3 certificate

Concurrent VPN Tunnels

Max. 250 IPsec VPN tunnels

Encryption

DES
3DES
AES-128
AES-192
AES-256
AES-256-GCM

Protocols

IPsec
L2TP (server)
PPTP (client)

Throughput

Conditions: AES-256, SHA-256
Max. 100K packets per second / 800 Mbps (based on RFC 2544)

NAT

Features

1-to-1
N-to-1
NAT loopback
Port forwarding

Real-time Firewall Event Log

Event Type

Firewall event
VPN event

Media

Local storage
SNMP Trap
Syslog server

Serial Interface

Console Port

RS-232 (TxD, RxD, GND)
3-pin (115200, n, 8, 1)

Connector

USB Type-C

Power Parameters

Connection

Removable terminal block

Input Voltage

EDR-G9010-VPN-2MGSFP(-T) models:
12/24/48 VDC, redundant dual inputs (DNV-certified for 24 VDC)
EDR-G9010-VPN-2MGSFP-HV(-T) models:
120/240 VDC/VAC, redundant dual inputs

Operating Voltage

non-HV(-T) models:
9.6 to 60 VDC
-HV(-T) models:
88 to 300 VDC, 90 to 264 VAC

Input Current

EDR-G9010-VPN-2MGSFP(-T) models:

1.51 A @ 12 VDC
0.70 A @ 24 VDC
0.35 A @ 48 VDC

EDR-G9010-VPN-2MGSFP-HV(-T) models:

0.28 A @ 120 VAC
0.18 A @ 240 VAC
0.15 A @ 120 VDC
0.08 A @ 240 VDC

Reverse Polarity Protection

Supported

Physical Characteristic

Housing

Metal

IP Rating

IP40

Dimensions

EDR-G9010-VPN-2MGSFP(-T) models:
58 x 135 x 105 mm (2.28 x 5.31 x 4.13 in)
EDR-G9010-VPN-2MGSFP-HV(-T) models:
64 x 135 x 105 mm (2.52 x 5.31 x 4.13 in)

Weight

EDR-G9010-VPN-2MGSFP(-T) models:
1030 g (2.27 lb)
EDR-G9010-VPN-2MGSFP-HV(-T) models:
1150 g (2.54 lb)

Installation

DIN-rail mounting (DNV-certified)
Wall mounting (with optional kit)

Environmental Limits

Operating Temperature

Standard Models: -10 to 60°C (14 to 140°F)
Wide Temp. Models: -40 to 75°C (-40 to 167°F)
EDR-G9010-VPN-2MGSFP(-T) models: DNV-certified for -25 to 70°C (-13 to 158°F)

Storage Temperature (package included)

-40 to 85°C (-40 to 185°F)

Ambient Relative Humidity

5 to 95% (non-condensing)

Standard and Certifications

Safety

IEC 62368-1
UL 62368-1
IEC 60950-1
UL 60950-1

EMC

EN 55032/35

EMI

CISPR 32, FCC Part 15B Class A

EMS

IEC 61000-4-2 ESD: Contact: 8 kV; Air: 15 kV
IEC 61000-4-3 RS: 80 MHz to 1 GHz: 20 V/m
IEC 61000-4-4 EFT: Power: 4 kV; Signal: 4 kV
IEC 61000-4-5 Surge: Power: 2 kV; Signal: 4 kV
IEC 61000-4-6 CS: 10 V
IEC 61000-4-8 PFMF

Industrial Cybersecurity

IEC 62443-4-1
IEC 62443-4-2

Railway

EDR-G9010-VPN-2MGSFP(-T) models: EN 50121-4

Traffic Control

EDR-G9010-VPN-2MGSFP(-T) models: NEMA TS2

Maritime

EDR-G9010-VPN-2MGSFP(-T) models: IEC 60945, DNV

Power Substation

IEEE 1613
IEC 61850-3 Edition 2.0

Hazardous Locations

EDR-G9010-VPN-2MGSFP(-T) models: ATEX, Class I Division 2

Shock

IEC 60068-2-27

Freefall

IEC 60068-2-32

Vibration

IEC 60068-2-6

MTBF

Time

EDR-G9010-VPN-2MGSFP(-T) models:
1,080,807 hrs
EDR-G9010-VPN-2MGSFP-HV(-T) models:
509,714 hrs