The growing convergence of OT and IT environments improves efficiency and data availability in industrial automation — but at the same time it widens the attack surface in production networks, especially where OT systems that once ran air-gapped now need reliable, continuous connectivity. Moxa supports operators in securely segmenting industrial networks, transparently monitoring communication structures, and proactively limiting cyber risks in OT environments. The foundation is Security by Design, distributed OT intrusion prevention, and robust networking for a resilient Defense-in-Depth strategy. The products covered in this article — the EDR-G9010 Series and EDF-G1002-BP Series — are available at ipc2u.com.
Three Pillars of Industrial OT Network Security
Increase Network Visibility
Monitor networks and control systems in a targeted way and detect risks earlier.
Operate Networks Securely
A secure infrastructure supports stable, uninterrupted industrial operations.
Select Secure Devices
Security-hardened devices support the safe operation of existing industrial systems.
Moxa is an IEC 62443-4-1 certified developer of industrial connectivity and networking solutions, and aligns its product development with the security characteristics of IEC 62443-4-2. This means both the EDR-G9010 and EDF-G1002-BP are not only built for industrial operating conditions but are designed from the ground up to meet documented cybersecurity requirements — a critical factor for operators in regulated industries such as power, water, oil and gas, and transportation.
Quick Comparison
| Model | Type | Key Ports | Security Functions | Deployment Mode | Best For |
|---|---|---|---|---|---|
| EDF-G1002-BP Series | Industrial LAN Firewall / IPS | 2× GbE + 1× Mgmt | IPS/IDS, OT DPI, Gen3 LAN Bypass, Virtual Patching | Bump-in-the-wire (inline) | Per-asset IPS/IDS at OT device level |
| EDR-G9010 Series | Industrial Secure Router / Next-Gen Firewall | 8× GbE + 2× SFP | Firewall, NAT, VPN, IDS/IPS, OT DPI, L2 Switch | Zone perimeter / segmentation node | Zone-level segmentation and perimeter defense |
EDF-G1002-BP Series — Industrial Next-Generation LAN Firewall with IPS/IDS and Gen3 LAN Bypass
Moxa EDF-G1002-BP Series — Industrial Next-Generation LAN Firewall with IPS/IDS and Gen3 LAN Bypass
The EDF-G1002-BP Series is an industrial-grade LAN firewall built for bump-in-the-wire deployment directly in front of a critical OT asset — a PLC, HMI, or SCADA workstation — without requiring any change to the surrounding network topology. It provides two 10/100/1000BASE-T(X) inline data ports, one dedicated Ethernet management port, and IPS/IDS with OT-specific industrial Deep Packet Inspection. Throughput reaches up to 500 Mbps under RFC 2544 conditions. The wide-temperature EDF-G1002-BP variant is rated for −40°C to 75°C, covering the full range of industrial environments from outdoor cabinets to production floor enclosures.
The defining hardware feature of the EDF-G1002-BP is its patented Gen3 software-configurable LAN bypass. If the appliance loses power or experiences a software fault, the bypass automatically connects the two inline ports directly — passing traffic through without interruption and without introducing a new single point of failure into the production network. This is a fundamental requirement for inline security deployment in OT environments, where even a brief, unplanned loss of connectivity to a field device can trigger a plant shutdown or safety event.
The IPS/IDS engine supports two operating modes. In Monitor mode, the device analyses all network traffic passively, logging cyberthreat activity and giving administrators visibility of what is traversing the network without blocking anything — essential during the initial deployment phase in OT environments where the traffic baseline is not yet established. Once confidence in the ruleset is established, operators can switch to Protect mode, where the device actively blocks and contains detected malicious operations. The system supports up to 120,000 concurrent sessions with pattern-based signature matching updated through Moxa's MXsecurity centralized platform.
Virtual Patching addresses one of the most persistent OT security challenges: legacy systems running end-of-life operating systems that cannot be taken offline for patching. The EDF-G1002-BP intercepts and blocks known exploit attempts targeting unpatched vulnerabilities at the network layer — acting as an agentless emergency shield that requires no changes to the protected endpoint. Industrial DPI covers OT protocol content including Siemens S7 Comm and S7 Comm Plus, Modbus, EtherNet/IP, and additional protocols delivered through firmware updates.
EDR-G9010 Series — Industrial Multi-Port Secure Router with Firewall / NAT / VPN / IDS/IPS
Moxa EDR-G9010 Series — Industrial Secure Router with Firewall / NAT / VPN and IDS/IPS
The EDR-G9010 Series is a highly integrated industrial secure router that consolidates Firewall, NAT, VPN, managed Layer 2 switching, and — with IDS/IPS activated — full next-generation firewall capabilities in a single DIN-rail device. It provides 8 × 10/100/1000BASE-T(X) copper ports and 2 × 1/2.5GbE SFP slots, supports 12/24/48 VDC redundant power inputs, and is certified to IEC 62443-4-2 Security Level 2. Wide-temperature models operate from −40°C to 75°C. The combination of routing, switching, and security functions in one device reduces the hardware footprint in space-constrained industrial cabinets and eliminates the inter-device cabling and compatibility issues that arise when these functions are handled by separate appliances.
The EDR-G9010 is designed as a zone security perimeter device in IEC 62443 compliant network architectures. Its stateful firewall enforces policy-based traffic control between security zones, while NAT shields internal OT addressing from external exposure and VPN tunnels provide encrypted remote access paths for maintenance and monitoring personnel. The object-based firewall management interface allows administrators to define reusable network objects — IP addresses, address ranges, services, and protocol groups — and reference them across multiple rules, substantially reducing the complexity of managing large firewall rulesets across a distributed OT infrastructure.
OT Deep Packet Inspection enables command-level control over industrial protocol traffic. Rather than treating all Modbus TCP or EtherNet/IP traffic as a single allowed or denied stream, the EDR-G9010 can permit read function codes while blocking write commands to a specific PLC — enforcing the principle of least privilege at the protocol level without requiring separate protocol filtering hardware. When IDS/IPS is activated, the device adds active threat detection and prevention: it identifies known attack patterns, alerts administrators through pattern-matching alarms, and can contain the spread of a detected intrusion to the affected zone without disrupting other parts of the network. The Quick Automation Profile feature allows engineers to configure firewall rules for common automation protocols — including EtherNet/IP, Modbus TCP, EtherCAT, PROFINET, and FOUNDATION Fieldbus — in a few guided steps rather than from scratch.
Real-Time Network Visibility with MXview One & MXsecurity
Moxa MXview One — Real-time topology visualization and security status monitoring for industrial networks
Moxa's MXview One network management software automatically discovers devices, visualizes network topology, and makes configuration changes immediately visible. It provides a centralized view of device security status, helping administrators verify whether Moxa network devices are configured according to defined security policies and compliance levels. Load distribution, communication nodes, and data paths are made transparent for targeted network state monitoring.
Moxa MXsecurity — Centralized security management platform for industrial routers and firewalls
MXsecurity is Moxa's centralized security management platform for industrial networks. It provides unified management and monitoring of Moxa routers and firewalls, consolidating real-time network activity and threat intelligence into a single security status dashboard. Firewall policies, firmware upgrades, and IPS signature updates are deployed simultaneously to all registered devices — reducing administrative overhead significantly in large distributed OT installations. Automatic collection of security logs and immediate dispatch of threat alerts support faster incident response.
Choosing the Right Model: Common Deployment Scenarios
Protecting a Single Critical Asset (PLC / HMI)
A PLC or HMI that cannot be patched or taken offline requires inline IPS/IDS protection at the device level. Gen3 LAN bypass ensures the firewall can be inserted without network changes and without creating a new single point of failure.
Virtual Patching for Legacy Windows Systems
SCADA and HMI workstations running end-of-life operating systems are shielded at the network layer against known exploits — no agent installation, no system downtime, no endpoint changes required.
Zone Segmentation per IEC 62443
Defining security zones in a compliant Defense-in-Depth architecture requires a multi-port device combining firewall, NAT, VPN, OT DPI, and L2 switching — configurable with automation protocol quick profiles and object-based policy rules.
Secure Remote Access to OT Infrastructure
Maintenance personnel accessing remote substations, pump stations, or distributed control systems over public networks require encrypted VPN tunnels alongside rigorous local firewall policy enforcement on all OT traffic.
Products in This Article — Available on ipc2u.com
-
EDF-G1002-BP Series — Industrial LAN Firewall, IPS/IDS, OT DPI, Gen3 LAN Bypass, Virtual Patching, 2× GbE + Mgmt, 500 Mbps, −40°C~75°C
-
EDR-G9010 Series — Industrial Secure Router, Firewall/NAT/VPN, IDS/IPS, OT DPI, 8× GbE + 2× SFP, L2 Switch, IEC 62443-4-2, −40°C~75°C
