1. Home
  2. Productos
  3. Ciberseguridad
  4. Herramienta de seguridad de red
  5. VCL-2243

VCL-2243

RTU Firewall IEC-104 Modbus Firewall

VCL-2243 is a high-security, high-reliability, ruggedized, failsafe transparent RTU Firewall that is designed to be installed between the RTU and the SCADA server without having to reconfigure any element of the network.

VCL-2243 firewall supports IEC 60870-5-104 (IEC 104), MODBUS protocol options with extremely advanced features that may be installed to secure and protect RTUs (Remote Terminal Units) in critical infrastructure such as Sub-Stations, Smart Grid Distribution Systems, Oil and Gas Infrastructure and Railway Signaling Networks from being compromised, attacked, or accessed by hostile elements. 

Ultra-Resilient and Failsafe – VCL-2243 RTU Firewall never itself becomes a point of failure. In the event of equipment or power failure, an external, dry-contact alarm is triggered and the incoming Ethernet link from the network is automatically bypassed from the firewall section and directly connected to the RTU. This ensures that the RTU always remains in service in any event. It is the only such firewall solution available in the industry that never, itself, becomes a point of failure.

The VCL-2243 secures RTU Terminals and corresponding central server(s) located in Load Dispatch Centre(s) / SCADA Management Centre(s) and Rail Traffic Control Room(s).

Versions and Technology Deployment

  • High-Security, High-Reliability, Ruggedized RTU Firewall
  • Failsafe – Never itself becomes a point of failure, even in a power down condition.
  • Transparent Firewall – No modification required in the existing network.
  • Does not add any measurable latency. The latency added under full load conditions is less than 1ms.
  • Installed in sub-stations to protect RTUs from network side intrusion and hostile access.
  • MAC based lock. Allows user to lock to specified MAC addresses of known network devices in the utility network such as SCADA servers, and network management devices, computers etc. The RTU shall only accept or transmit data to known network devices in the MAC white-list.
  • IP Address based lock. Allows lock to user specified IP address. The RTU shall only accept or transmit data to known network devices in the IP address white-list.
  • Port based lock. Allows transmission only on user selected ports. Blocks communication and access on all other ports.
  • Deep Packet Inspection. Allows only SCADA (-104/MODBUS) packets to pass through. Blocks all other packets.
  • Comprehensive logging of all -104/MODBUS packets. Finger- prints and logs all unauthorized traffic and access attempts.
  • Time keeping: Fetches time from NTP Server to maintain millisecond accuracy.

Protocols supported

  • IEC 60870-5-104 (IEC 104): 10/100BaseT Ethernet Port
  • MODBUS TCP/IP: 10/100BaseT Ethernet Port
  • Access to the VCL-2243 RTU Firewall is password protected that meet and exceed NERC requirements. VCL-2243 RTU Firewall can optionally be managed, centrally, from a RADIUS Server to provide enhanced levels of access security and centralized password authentication, management and control


  • Utilities: Electric generation, transmission and distribution
  • May be installed to Firewall RTU Terminals and server(s) located in Load Dispatch Centres / SCADA Management Centres and Rail Traffic Control.
  • Smart Grid Distribution Systems
  • Oil & Gas production, pipelines
  • Railway Signalling Infrastructure: Rail Traffic Control Room(s)
  • All distributed data networks consisting of a central server and multiple edge locations.

 

 

Interfaces – Terminal

  • Total Number of Ethernet Interfaces: 2
  • One, 10/100  RJ45  equipment  interface  for  the  local (trusted) RTU side
  • One 10/100   RJ45   network   interface   to   the   WAN (untrusted) network side
  • Auto MDI/X (straight or crossover Ethernet cable correction)
  • Management interfaces:
  • Ethernet, RS-232, RS-485, USB

Monitoring and Access Control

  • Password Strength Monitor
  • Device Management and Alarm Monitoring
  • Command Line Interface – Telnet, SSH
  • SNMPv2 Alarm Monitoring
  • Alarm condition detection and reporting (traps and SNMP alarm table)
  • Syslog

Firewall - Features and Capabilities

  • Protocols supported:
  • IEC 60870-5-104 (IEC 104)
  • MODBUS TCP/IP
  • Lock to user specified MAC addresses.
  • Lock to user specified IP address.
  • Allows transmission of only -104, MODBUS packets.
  • Port based lock. Allows transmission only on user selected ports. Blocks access on all other ports.
  • Deep Packet Inspection. Allows only SCADA (-104/MODBUS) packets to pass through. Blocks all other packets.
  • Per-frame/packet authentication
  • Firewall
  • Port (Soft) based
  • MAC based
  • IP Address based
  • IP Domain based
  • White-List and Black-List options
  • White-List Exception allowed and blocks all other traffic by default (system default mode)
  • Black-List Exception blocked and allows all other traffic
  • Seamless scalability
  • Infrastructure neutral:  maybe  used  with  SDH,  IP/MPLS, MPLS-TP networks
  • Transparent to network and applications
  • Easy installation and management

VCL-2243-DIN

VCL-2243 RTU Firewall

IEC 60870-5-104; MODBUS;

  • DIN Rail Mount Version
  • Power Supply: 15V to 60V DC
  • Protocol options are required to be ordered separately
  • Only one protocol option may be order with each unit

VCL-2243-C

VCL-2243 RTU Firewall

IEC 60870-5-104; MODBUS;

  • 19 Inch Rack Mount Version
  • **Power Supply Options (add power supply option, as provided below)
  • Protocol options are required to be ordered separately
  • Only one protocol option may be order with each unit

 

Reference

Description

LVDC

15VDC to 60VDC

HVDC

85VDC to 290VDC

ACV

90VAC~240VAC, 50/60Hz