Moxa is always studying customer needs to advance and improve its products. The company develops robust security solutions that maintain network operability while protecting it from sophisticated threats. Moxa offers devices focused on industrial solutions for energy, transportation, oil and gas, and other industries.
MAIN PROTECTION MECHANISMS FOR INDUSTRIAL COMMUNICATION NETWORKS:
A firewall is a hardware and software component of a computer network that monitors and filters network traffic passing through it in accordance with established security rules and ensures the protection of information systems from unauthorized access.
The Network Address Translation (NAT) adds a layer of security by hiding the internal network structure from the outside world. Since devices on the local network only have internal IP addresses, external users cannot directly connect to them, protecting them from potential external attacks.
A VPN is a secure communication channel for transmitting data over public networks that ensures the confidentiality and integrity of information by encrypting traffic.
EDR series devices support Deep Packet Inspection (DPI) to help protect assets from cyberattacks. DPI verifies network data against various industrial protocol parameters, providing an additional layer of security.
Considering the growing demands on network security equipment, the devices discussed in the previous article are being replaced by new improved models of routers of the EDR-8010, EDR-G9010, EDR-G9004 series. These devices are designed in accordance with the IEC 62443-4-2 standard and meet the established requirements for use in industrial applications. They represent a comprehensive set of industrial communication network protection mechanisms, as described above.
Let us compare the new generation of EDR routers:
EDR-8010, EDR-G9010
These routers have the functionality of a managed switch, which allows you to create a fault-tolerant network based on redundancy protocols such as RSTP or Turbo Ring.
The new routers of the EDR-G9004 series feature Bypass support and come with two WAN ports Which can be configured in redundant mode to ensure a more stable connection to the external network. If the primary connection is lost, the router will automatically switch to the backup, ensuring a reliable connection to your system.
The routers in question enable the implementation of a demilitarized zone (DMZ) in a network architecture — an intermediate segment between the internal local and external unsecured networks, where public services are hosted and an additional layer of security is provided for the corporate infrastructure. Below is one possible network design scenario using this network security concept.
For a clearer understanding, let's look at the distinctive features of these models in a comparison table.
| Model name |
Interface |
Built-in switch |
Bandwidth |
VPN |
DPI |
Certificates of conformity | |
 |
EDR‑G9010 |
1G RJ45 x8 1/2 5G* SFP x2 |
RSTP/Turbo Ring | 350k pps |
250 IPSec Tunnels 300 Мбит/c |
Modbus TCP Modbus UDP DNP3 IEC 61850 |
IEC 61850-3 / IEEE 1613 NEMA TS2 EN 50121-4 DNV-GL ATEX / C1D2 EN 50121-4 |
 |
EDR‑G9004 |
2x Gbe Combo 2x Gbe Copper With Gen.3 Bypass |
- | 350k pps |
250 IPSec Tunnels 300 Мбит/c |
||
 |
EDR‑8010 |
8x FE Cooper 2 x Gbe SFP |
RSTP/Turbo Ring | 50K pps |
50 IPSec Tunnels 200 Мбит/c |
Built with reliable components, these next-generation routers are ideal for harsh industrial environments. In addition to the advantages already mentioned, they are certified for use in railway transport and comply with international standards. This makes them a versatile solution for creating secure industrial networks.
