EDR-G9010 Series

Introduction
The EDR-G9010 Series is a set of highly integrated industrial multi-port secure routers with firewall/NAT/VPN and managed Layer 2 switch functions. These devices are designed for Ethernet-based security applications in critical remote control or monitoring networks. These secure routers provide an electronic security perimeter to protect critical cyber assets including substations in power applications, pump-and-treat systems in water stations, distributed control systems in oil and gas applications, and PLC/SCADA systems in factory automation.

 

Defend Against Malicious Threats With Advanced Cybersecurity Features
The EDR-G9010 Series’ embedded firewall uses policy rules to control network traffic between trusted zones while Network Address Translation (NAT) shields the internal network from unauthorized access by outside hosts. The Virtual Private Networking (VPN) functionality further provides users with secure communication tunnels when accessing the private network from the public Internet. To help protect your OT assets from cyberattacks, the EDR-G9010 Series supports Deep Packet Inspection (DPI) to examine the data portion of network packets for various OT-specific protocols.

 

Simplify Configurations With the User-friendly Interface and Quick Settings
The EDR-G9010 Series’ “Interface Type Quick Settings” provide an easy way for users to set up WAN, LAN, and Bridge ports for routing functionality in just four steps. In addition, the “Quick Automation Profile” feature gives engineers a simple way to configure the firewall filtering function for general automation protocols, including EtherNet/IP, Modbus TCP, EtherCAT, FOUNDATION Fieldbus, and PROFINET.

 

Industrial-grade Design to Ensure Uninterrupted Network Connectivity
The EDR-G9010 Series’ rugged hardware makes these secure routers ideal for harsh industrial environments, featuring wide-temperature models that are built to operate reliably in hazardous conditions and extreme temperatures of -40 up to 75°C. Moreover, the EDR-G9010 Series supports comprehensive Layer 2 and Layer 3 redundancy mechanisms to ensure that your network stays connected at all times.

EDR-G9010 Series

Category:

Features and Benefits

  • All-in-one firewall/NAT/VPN/router/switch with 10 GbE ports
  • Secure remote access tunnel with VPN
  • Stateful firewall protects critical assets
  • Examine industrial protocol data with Deep Packet Inspection (DPI) technology
  • Easy network setup with Network Address Translation (NAT)
  • RSTP/Turbo Ring redundant protocol enhances network redundancy
  • Security features based on IEC 62443/NERC CIP
  • Supports secure boot for checking system integrity
  • Check firewall settings with the intelligent SettingCheck feature
  • -40 to 75°C operating temperature range (-T model)

Certifications

Download Datasheet

View List

Description

Introduction
The EDR-G9010 Series is a set of highly integrated industrial multi-port secure routers with firewall/NAT/VPN and managed Layer 2 switch functions. These devices are designed for Ethernet-based security applications in critical remote control or monitoring networks. These secure routers provide an electronic security perimeter to protect critical cyber assets including substations in power applications, pump-and-treat systems in water stations, distributed control systems in oil and gas applications, and PLC/SCADA systems in factory automation.

 

Defend Against Malicious Threats With Advanced Cybersecurity Features
The EDR-G9010 Series’ embedded firewall uses policy rules to control network traffic between trusted zones while Network Address Translation (NAT) shields the internal network from unauthorized access by outside hosts. The Virtual Private Networking (VPN) functionality further provides users with secure communication tunnels when accessing the private network from the public Internet. To help protect your OT assets from cyberattacks, the EDR-G9010 Series supports Deep Packet Inspection (DPI) to examine the data portion of network packets for various OT-specific protocols.

 

Simplify Configurations With the User-friendly Interface and Quick Settings
The EDR-G9010 Series’ “Interface Type Quick Settings” provide an easy way for users to set up WAN, LAN, and Bridge ports for routing functionality in just four steps. In addition, the “Quick Automation Profile” feature gives engineers a simple way to configure the firewall filtering function for general automation protocols, including EtherNet/IP, Modbus TCP, EtherCAT, FOUNDATION Fieldbus, and PROFINET.

 

Industrial-grade Design to Ensure Uninterrupted Network Connectivity
The EDR-G9010 Series’ rugged hardware makes these secure routers ideal for harsh industrial environments, featuring wide-temperature models that are built to operate reliably in hazardous conditions and extreme temperatures of -40 up to 75°C. Moreover, the EDR-G9010 Series supports comprehensive Layer 2 and Layer 3 redundancy mechanisms to ensure that your network stays connected at all times.

Specification

10/100BaseT(X) Ports (RJ45 connector)8
100/1000BaseSFP Slots2
StandardsIEEE 802.1Q for VLAN Tagging
IEEE 802.3 for 10BaseT
IEEE 802.3ab for 1000BaseT(X)
Static Port Trunk
IEEE 802.3u for 100BaseT(X)
IEEE 802.3x for flow control
IEEE 802.3z for 1000BaseSX/LX/LHX/ZX

Broadcast ForwardingIP directed broadcast, broadcast forwarding
ManagementBack Pressure Flow Control, DDNS, DHCP Server/Client, Web Console (HTTP/HTTPS), LLDP, QoS/CoS/ToS, SNMPv1/v2c/v3, Telnet, TFTP, HTTPS, SSH
Multicast RoutingStatic Route
Routing TableMax. 4K routing rules
Concurrent ConnectionsMax. 400K
Connections Per SecondMax. 20K
Redundancy ProtocolsRSTP, STP, Turbo Ring v2
RoutingThroughput: 350K packets per second (max. 1500 Mbps)
Routing RedundancyVRRP
SecuritySecure Boot, IPsec, L2TP (server), RADIUS, Trust access control
Time ManagementNTP Server/Client, SNTP
Unicast RoutingOSPF, RIPV1/V2, Static Route
FilterIGMP v1/v2/v3

VLAN ID RangeVID 1 to 4094
IGMP Groups256
Max. No. of VLANs16

LED IndicatorsPWR1, PWR2, STATE, MSTR/H.TC, CPLR/T.TC, VRRP/HA, VPN, USB

TechnologyARP-Flood, FIN Scan, ICMP-Death, NEWWithout-SYN Scan, NMAP-ID Scan, NMAP-Xmas Scan, Null Scan, SYN/FIN Scan, SYN/RST Scan, SYN-Flood, Xmas Scan

Deep Packet InspectionModbus TCP
Modbus UDP
DNP3
Additional protocols will be supported through future firmware updates.
FilterDDoS, Ethernet protocols, ICMP, IP address, MAC address, Ports
Quick Automation ProfilesDNP, EtherCAT, EtherNet/IP, FOUNDATION Fieldbus, FTP, HTTP, IEC 60870-104, IPsec, L2TP, LonWorks, Modbus TCP, PPTP, PROFINET, RADIUS, SSH, Telnet
Stateful InspectionRouter firewall
Transparent (bridge) firewall
ThroughputMax. 350K packets per second (max. 1500 Mbps)

AuthenticationMD5 and SHA (SHA-256)
RSA (key size: 1024-bit, 2048-bit)
X.509 v3 certificate
Concurrent VPN TunnelsMax. 250 IPsec VPN tunnels
EncryptionDES, 3DES, AES-128, AES-192, AES-256
ProtocolsIPsec, L2TP (server), PPTP (client)
ThroughputMax. 300 Mbps (Conditions: AES-256, SHA-256)

Features1-to-1, N-to-1, Port forwarding

Event TypeFirewall event, VPN event
MediaLocal storage, SNMP Trap, Syslog server

Console PortRS-232 (TxD, RxD, GND), 3-pin (115200, n, 8, 1)
ConnectorUSB Type-C

ConnectionRemovable terminal block
Input Voltage12/24/48 VDC (DNV-certified for 24 VDC)
Input Current1.51 A @ 12 VDC
0.70 A @ 24 VDC
0.35 A @ 48 VDC
Reverse Polarity ProtectionSupported

HousingMetal
Dimensions58 x 135 x 105 mm (2.28 x 5.31 x 4.13 in)
Weight1030 g (2.27 lb)
InstallationDIN-rail mounting (DNV-certified), Wall mounting (with optional kit)

Operating TemperatureStandard Models: -10 to 60°C (14 to 140°F)
Wide Temp. Models: -40 to 75°C (-40 to 167°F), DNV-certified for -25 to 70°C (-13 to 158°F)
Storage Temperature (package included)-40 to 85°C (-40 to 185°F)
Ambient Relative Humidity5 to 95% (non-condensing)

EMCEN55032/24
EMICISPR 32, FCC Part 15B Class A
EMSIEC 61000-4-2 ESD: Contact: 6 kV; Air: 8 kV
IEC 61000-4-3 RS: 80 MHz to 1 GHz: 10 V/m
IEC 61000-4-4 EFT: Power: 2 kV; Signal: 2 kV
IEC 61000-4-5 Surge: Power: 2 kV; Signal: 2 kV
IEC 61000-4-6 CS: 10 V
IEC 61000-4-8 PFMF
Hazardous LocationsATEX, Class I Division 2
MaritimeIEC 60945, DNV
Power SubstationIEEE 1613, IEC 61850-3 Edition 2.0
RailwayEN 50121-4
Traffic ControlNEMA TS2
SafetyUL 62368-1
ShockIEC 60068-2-27
FreefallIEC 60068-2-32
VibrationIEC 60068-2-6

Time1,080,807 hrs
StandardsTelcordia (Bellcore), GB

Warranty Period5 years
DetailsSee www.moxa.com/warranty

Models