Category:
Firewalls, Virtual Private Networks (VPN), Encryption
Modification:
Hardware

ViPNet Coordinator IG is an industrial VPN gateway, which allows you to organize secure channels in industrial systems and segment them to protection domains. ViPNet Coordinator IG offers efficient protection against network attacks and against unauthorized access by establishing secure ViPNet channels.

The appliance can be easily integrated into an existing infrastructure. With ViPNet Coordinator IG, you establish secure channels in any telecommunication infrastructure, including public networks.


Use Cases

ViPNet Coordinator IG appliance works as a part of ViPNet Network Security solution and is particularly useful in the following cases:

  • Securing industrial network and industrial wireless network (WLAN).
  • Secure remote monitoring.
  • In-depth defense (using the appliance to secure channels along with application-layer data-protection tools).
  • Network segmentation and perimeter defense, access restriction.
  • Secure controlled access to the Internet.
  • Secure remote access to the industrial network, operator’s or engineer’s desktop, and equipment, including mobile remote access.
  • A gateway for communication with industrial equipment via serial interfaces.

Advantages

  • Protection of distributed automated process control systems by VPN and traffic filtering (firewall).
  • Protection of both wire (Ethernet) and wireless (Wi-Fi, 3G, 4G) control channels of distributed automated process control systems.
  • Support of industrial devices using RS-232/422/485 protocols; the appliance can function as a Modbus TCP - Modbus RTU gateway.
  • Highly energy-efficient.  
  • Operating temperature from -20 to +60 °С.
  • Industrial form factor.
  • VLAN support.
  • ViPNet Administrator 4.6 as the encryption key generation authority.

Secure channel establishment

  • L3 VPN gateway: Protection of OSI network layer connections with encryption and authentication.
  • L2 VPN gateway: Protection of OSI channel layer connections with encryption and authentication.
  • Traffic masking due to encapsulating the traffic to UDP and TCP.

Traffic filtering (firewall)

  • A stateful firewall with application protocol inspection. Separate traffic filtering rules for unencrypted and encrypted IP traffic.
  • NAT/PAT.
  • Anti-spoofing.
  • Proxy server. 

Network functions

  • Static routing.
  • Dynamic routing.
  • VLAN support.

Service functions

  • DNS server.
  • NTP server.
  • DHCP server.
  • DHCP–Relay.
  • Failover cluster: a failsafe coordinator. 

Support for industrial protocols

  • Modbus TCP
  • PROFINET
  • EtherCAT 
  • EtherNet/IP
  • DNP, IEC 60870-104, MMS
  • OPC 
  • PTP 
  • LonWorks, Bacnet 
  • KNX, ZigBee, Z-Wave

Configuration and Management

  • Remote configuring via ViPNet Administrator and Web Access. Remote management over the SSH protocol and the system console. 
  • Local management via system console.
  • Remote monitoring via ViPNet StateWatcher and the SNMP protocol.

Hardware specifications

Form factor

DIN-rail mountable appliance

Operating system

Adapted Linux OS

Dimensions (W × H × D)

120 х 50 х 100 mm

Weight

0.6 kg

Power supply

DC 10 - 30 V

Operating temperature

-20° to +60° C

Input-output ports

2x USB

Network equipment specifications

Network ports

3x RJ45, 10/100/1000 Mbps

Industrial interfaces

RS-232, RS-422, RS-485

Modbus TCP - Modbus RTU gateway

Wireless interfaces

Wi-Fi, antenna (SMA)

GSM/2G/3G antenna   

Firewall performance

Firewall throughput

10 Mbps

Max number of concurrent sessions

1,000

New connections

200 per second

Encrypted channel performance

VPN throughput

10 Mbps

L2 VPN throughput

10 Mbps

Maximal number of tunneled hosts

5

Integrated services

DNS, NTP, DHCP server

Yes

DHCP-relay

Yes

Availability and reliability

 

Failover cluster

Yes

Unattended operation 24x7

Yes

Protection in industrial conditions

IP protection class

IP30

Electromagnetic compatibility

CISPR22,  CISPR 24