Secure Industrial Cellular Routers Typical Applications: • NetworkingWindTurbinesandSolarCollectors • ElectricityNetworkControl • TankFarmMonitoring • WaterDistributionNetwork • Environmental Monitoring A Netwo rk CDM Plant Data Network Data Collection Internet GS Remote Pump Station M N et w ork Primary Carrier Secondary Carrier Features Benefits 5BandMulticarrierCellularModem Speedsofupto21Mbps ReceiverAntennaDiversity WeakSignalStrengthislessofanissue IntegratedVPNCapability Monitoring&ControlofCommunications IPsec&GRETunneling Ensures Secure Transmission Built-inDHCPServer&PortForwarding SimplifiesNetworking DualEthernetports Addsflexibility OvertheAirNetworkDiagnostics&Configuration OptimizesOperationalPerformance Connection of Communications Networks Maximum security with the Industrial Ethernet Router Cellular – Routers Applications for cellular routers are not designed for just one vertical market Control Center Data Collection Two controls connected via Ethernet Weidmuller 4G Router Communicationnetworksusedforoffice applicationsandforautomationareconverging.The advantagesthatresultfromthisprocessareputinto practicemoreandmorefrequentlybecausethey makeproceduresmoretransparentandfacilitate dataexchangesubstantially. Cellular to operations center through the Internet Weidmuller’s Industrial Ethernet Router ensures that differentnetworksinteroperateinunisonandwith top-level security. Application example: Well maintenance and real time data collection. Cellulartomainoffice;WiFiconnectionlocally betweenwells. RTU via serial and electronic valve control via WiFi with Weidmuller modems. Both are cellular to tower RTU via serial and electronic valve control via WiFi with Weidmuller modems. Both are cellular to tower 55 Cellular – Routers Secure Industrial Cellular and LAN Routers Intelligent firewall: Stateful packet inspection Ourroutersshipwithafirewallwithconfigurablefilter functionsthatadaptautomaticallytothenetworktrafficthey see(statefulpackageinspection).Thisfirewallrecognizesthe messagesthatarestateful,i.e.legitimizedandletthempass. Unidentifiedpacketsarekeptoutofyourindustrialnetworks. Application example: DeviceMonitoringofOEMequipment Machine builder selling equipment around the world. Access through Internet. Mobile Bands Worldwide Machine control by OEM for maintenance through secure VPN connection through cellular NOT affecting factory network or operations. Wanttobeabletocommunicatewithmachineryand systemssecurely,reliablyandfromanywhere? Theroutercantranslatebetweentheaddressesofvarious networkswithprotocolslikeportforwardingand1:1NAT masquerading. Thesefunctionsconcealallofthemachine’sIPaddress downstreamoftherouter. Communicationbetweennetworksisdonesecurelyviathe twoGigabitportsontheLAN/WANinterface. TheintegratedVPNisalsoideallysuitedtosecureremote accesstotheLAN,viaeitherawiredorwireless3G/UMTS Internet connection. 56 Secure Cellular and LAN Routers Cellular – Routers Gigabit Industrial Security Router • 2Gigabitports(LAN/WAN) • Integratedfirewall • NATmasquerading,1:1networkmappingandport forwarding • RemoteaccessviaVPN(OpenVPN,IPsec,L2TP) • Keyswitchfunctionforactivation/deactivationofWAN/ VPNconnection • Variantwithintegrated3G/UMTSmodemforrapid, Internet-basedwirelessaccess • Back-upandrecoveryofdeviceconfigurationusing SIM card • FullLayer2/3Router Technical data Modes IP-Router TransparentBridge Network Services Interfaces (continued) Staticordynamicrouting,supportingRIPv2/OSPF 2-portswitchwithadditionallayer-2filter •DHCPserver/DHCPrelay •DNSrelay •NTPclient •DynDNS(DHCPclientbyRFC2136) Firewall •IPv4StatefulinspectionFirewall(incoming/outgoing) •NAT-Masquerading,1:1NAT,Portforwarding •Layer-2/3-Filter(VLANID,VLAN,QoStag, MACaddress,Ethertypeframe) •“Autolearning”featuretocreatepacketfilterrules (analysisofnetworktraffic) •Layer2/3-basedpacketprioritization (Ethernetframe,IPheader,VLANtag) VPN OpenVPN IPsec •ConfigurableasOpenVPNserverorclient (Layer2andLayer3) •AuthenticationwithX.509Certificates •TunnelsupportviaHTTPproxy •Maximumof10differentclientorserverconfigurations •Unlimitednumberofclientconnectionsinservermode •CanbeconfiguredasanIPsecserverorclient •PSKauthentication(userID,password) orX.509certificates •Hardware-basedencryptionforfasterdatathroughput •Amaximumof64simultaneousconnections (subnettosubnetorasanIPsecserver) • Encryption algorithms DES-56,3DES-168,AES128,AES192,AES-256 Management •ConfigurationviaWEBinterface(HTTP/HTTPS) •WebinterfaceinGermanorEnglish •Configurationsupportthroughdetailedhelp information(tooltip) •Configurablemulti-useraccesswithdefinablerightsmask •SupportofSNMPv1/v2/v3,eventlog/syslog Other Modbus/TCP Diagnosis Monitoring Interfaces RJ45 ports USBport SCM card reader LEDindicators Digitaloutputs IntegratedModbusTCPServerforstatusqueries,and software-basedactivation/de-activationofVPNconnections “RemoteCapture”featurefornetworkdiagnosticsviaa connectedPC(Wireshark) ClientMonitoring(viaICMP)withalarmfunction incaseoferror Digitalinputs • “Cut” —>Disconnectsphysically(linkdown)theWAN port (24 V) •“VPN-initiate”—>Enablesapre-configuredVPN connection (24 V) Restoringthefactorydefault Resetbutton Power requirements Input Voltage 1x24VDC(7to36volts) Current consumption max.600mA@24VDC Technical data (housing) Housing Metal,IP30protection 35x159x134mm(withoutantenna) Dimensions(WxHxD) 35x255x134mm(withUMTSSMAfemaleantenna) Installation TS35 Environmental Limits Operating temperature –20°Cto+70°C Storage Temperature –20°Cto+85°C Ambienthumidity 6 to 90 % not condensing DSL and UMTS/HSPA ConnectiontotheDSLmodemviaLANorWANport DSL FreeconfigurationofthePPPoElogin DynDNS Support automatic registration •Built-inquad-bandUMTS/HSPAmodem (onlyvariantIE-SR-2GT-UMTS/3G) •21.1Mbpspeakdownlink,uplink5.8Mbpspeak UMTS/3G •W CDMA850/1900/2100MHz GSM/GPRS/EDGE850/900/1800/1900MHz •FCC,IC,CE,GCF,PTCRB,A-Tick,AT&T,Telstra,NTT, DoCoMo,Softbank,Bell Approvals Security cULus Listed FCCPart15ClassA,EN55022ClassA,EN61000-4-2 EMC (ESD),EN61000-4-3(RS)EN61000-4-4(EFT),EN61000-45(Surge),EN61000-4-6(CS) Shock DINEN60068-2-27 Vibration DINEN60068-2-6 Warranty WarrantyPeriod 3years Ordering data Models LAN/WANrouter LAN/WANrouterwithintegrated UMTS/3Gmodem Type IE-SR-2GT-LAN Part No. 1345270000 IE-SR-2GT-UMTS/3G 1345250000 2x10/100/1000BaseT(X) Optionforfutureexpansion Saveandrestoreoftheconfigurationusingasmartcard (memory chip) Signalingstatesforpower,status,cut,alert,activeVPN connection and an active UMTS connection •“Alarm”—>Indicatesaconfigurablenetworkstatusor error (24 V out) •“VPN-active”—>IndicatesanactiveVPNconnection (24 V out) 57 Cellular – Routers Secure Cellular Routers Multi-Service Provider Cellular Modem and Router The615M-1isapowerfulMulti-ServiceProviderCellular BroadbandRouterthatdeliverswirelessdataconnectivityfor uptotwoLANconnectionsandoneserialportthroughpublic cellularnetworksat3Gnetworkspeeds. • HighSpeeds-Speedsupto14.4Mbpswithbackward compatibility • MulticarrierCompatibilityandCarrierRedundancy- GPRS/EDGE,UMTS/HSPA;EVDORev0/A,1xRTT • VPNFunctionality-InternalPPTPVPNServerandClient • SupportsIndustrialNetworkingProtocols • MeetsKeyCertificationsandCompliance-ULListed, ClassIDivision2,FCCPart15,IndustryCanada,CE, A-Tick,IEC60950-1,PTCRB • CarrierSpecificApprovals:AT&T,Verizon,Sprint,Rogers, Telstra,Optus,Vodaphone • DIN-railmountorpanelmount,Simpleandfastinstallation C1D2 Technical data Transceiver/Receiver Quad-band850/900/1900/2100MHz/AWS(1,2) Quad-band850/900/1800/1900MHz(3,4) Frequency 800MHzCellular/1900MHzPCS/2100MHz(5) 800MHzCellular/1900MHzPCS/2100MHz(6) 800MHzCellular/1900MHzPCS(7) TransmitPower(Max) 250mW(1,2);2W(3,4);250mW(5,6,7) UMTS,HSPA,EDGE,GPRS,EVDORevA(IS-856-A), Transmission 1xEVDORev0(IS-856),1xRTT(IS-2000) Modulation UMTS,HSPA,EDGE,GPRS,EVDORevA(IS-856-A), 1xEVDORev0(IS-856),1xRTT(IS-2000) Receive Sensitivity Channel Spacing -109dBm(1);-109dBm(2);-105dBm(3,4);-107dBm(5,6,7) 5MHz(1,2);10MHz(2);1.25MHz(5,6,7) Downlinkupto384kbps;Uplinkupto384kbps(1) Downlinkupto14.4Mbps;Uplinkupto5.76Mbps(2) Downlinkupto236kbps;Uplinkupto236kbps(3) Downlinkupto115kbps;Uplinkupto115kbps(4) Downlinkupto3.1Mbps;Uplinkupto1.8Mbps(5) Downlinkupto2.4Mbps;Uplinkupto153.6kbps(6) Downlinkupto153.6kbps;Uplinkupto153.6kbps(7) CellularDependsonServiceProvider 2xFemaleSMAStandardPolarity(1,2,3,4,5,6,7) DataRate Range (LoS) AntennaConnector Input/Output DiscreteInput DiscreteOutput Relay Outputs AnalogInputs Interfaces EthernetPort LinkActivity Serial Port RS232 ON2.3VDC,OFF0.7VDC,5.5VDCmax(8) NPNTransistorClosetoDigitalGround,PullDown 100ohm(8) MaxVoltage30VDC,MaxCurrent1A(8) VoltageInputRange0–30VDC,Accuracy+/-0.2VDC(8) 10/100baseT;RJ45Connector–2xIEEE802.3 (AutoMDIX) ActivityLED DB9FemaleDCE 1200,2400,4800,9600,14400,19200,38400,57600, 76800,115200 Serial Settings 8DataBits;NoStop/1Start/Parity(Configurable) Protocols and Configuration TCP/IP,UDP,ARP,ICMP,FTP,TFTP,TELNET,PING,GPSNMEA(optional),DHCP;MACFiltering(Whitelist),IP ProtocolsSupported Filtering(Blacklist),DMZ,DynamicRADIUS/802.1xDNS, PortForwarding;SNMP,HTTPEmbeddedWebServer;IPsec, GRETunneling,PPTP,VPN, Protocols and Configuration (continued) ConfigurationandFirmwareUpgradesviaHTTP/OTA UserConfiguration (Over-The-Air) Configurable Client/Router,SerialClientServer Parameters SimultaneousRS232Connection Security VPN,SIMCardPIN,RADIUS,IPsec MACAddress–Whitelist/Blacklist,IPFiltering– Bandwidth ProtectionWhitelist/BlacklistNetworkManagement SNMPV2c,V3 Approvals EMC FCCPart15;IndustryCanada;CE;A-Tick RF (Radio) EN300328;FCCPart15 HazardousArea ClassI,Division2;cULus Safety IEC 60950-1 UL cULus Listed Environmental MIL-STD-810F Approvals PTCRB,CarrierSpecificApprovals General Dimensions 109x153x45mm(4.3”x6”x1.8”) Housing Powder-coatedAluminum Mounting DIN-rail,PanelMount(Optional) I/O:RemovableTerminalBlock,Screwless-PushinWire, TerminalBlocks 18-28AWG Temperature Rating -30to+70°C;-22to+158°F HumidityRating 5–95%RHNon-condensing Weight 1.13kg(2.5lb) LEDIndication RSSI;SVC;NET;GPS;AUX ReportedDiagnostics DiagnosticsAvailableThroughWebPages Power Supply 9to28VDC;Under/OverVoltageProtection&Reverse NominalSupply PolarityMolex43025-04004-PinLockingConnector AverageCurrentDraw [email protected](Idle) TransmitCurrentDraw [email protected] DataRate(Bps) 58 Ordering data Type 3GMODEMRS2322DI2DO2AI2AO Notes Part No. 615M-1 (1)UMTS,(2)HSPA,(3)EDGE,(4)GPRS, (5)EVDORevA(IS-856-A),(6)1xEVDORev0(IS-856), (7)1xRTT(IS-2000),(8)AccessviaSNMPonly Secure LAN Routers Cellular – Routers Gigabit Industrial Security Router • 2Gigabitports(LAN/WAN) • Integratedfirewall • NATmasquerading,1:1networkmappingand portforwarding • Keyswitchfunctionforactivation/deactivationof WAN/VPNconnection • Back-upandrecoveryofdeviceconfigurationusing SIM card • FullLayer2/3Router Technical data Modes IP-Router TransparentBridge Network Services Staticordynamicrouting,supportingRIPv2/OSPF 2-portswitchwithadditionallayer-2filter •DHCPserver/DHCPrelay •DNSrelay •NTPclient •DynDNS(DHCPclientbyRFC2136) Firewall •IPv4StatefulinspectionFirewall(incoming/outgoing) •NAT-Masquerading,1:1NAT,Portforwarding •Layer-2/3-Filter(VLANID,VLAN,QoStag, MACaddress,Ethertypeframe) •“Autolearning”featuretocreatepacketfilterrules (analysisofnetworktraffic) •Layer2/3-basedpacketprioritization (Ethernetframe,IPheader,VLANtag) Management •ConfigurationviaWEBinterface(HTTP/HTTPS) •WebinterfaceinGermanorEnglish •Configurationsupportthroughdetailedhelpinformation (tooltip) •Configurablemulti-useraccesswithdefinablerightsmask •SupportofSNMPv1/v2/v3,eventlog/syslog Other Modbus/TCP Diagnosis Monitoring Interfaces RJ45 ports USBport SCM card reader LEDindicators Digitaloutputs Digitalinputs Resetbutton IntegratedModbusTCPServerforstatusqueries “RemoteCapture”featurefornetworkdiagnosticsviaa connectedPC(Wireshark) ClientMonitoring(viaICMP)withalarmfunction incaseoferror 2x10/100/1000BaseT(X) Optionforfutureexpansion Saveandrestoreoftheconfigurationusingasmartcard (memory chip) Signalingstatesforpower,status,cut,alert,activeVPN connection and an active UMTS connection “Alarm”—>Indicatesaconfigurablenetworkstatusor error (24 V out) “Cut” —>Disconnectsphysically(linkdown)the WANport(24V) Restoringthefactorydefault Power requirements Input Voltage 1x24VDC(7to36volts) Current consumption max.600mA@24VDC Technical data (housing) Housing Metal,IP30protection 35x159x134mm(withoutantenna) Dimensions(WxHxD) 35x255x134mm(withUMTSantenna) Installation TS35 Physical Dimensions Housing Metal,IP30protection Dimensions(WxHxD) 35x159x134mm Installation TS35 Environmental Limits Operating Temperature –20°Cto+70°C Storage Temperature –20°Cto+85°C AmbientHumidity 6 to 90 % not condensing ConnectiontotheDSLmodemviaLANorWANport DSL FreeconfigurationofthePPPoElogin DynDNS Support automatic registration Approvals Security cULus Listed FCCPart15ClassA,EN55022ClassA, EMC EN61000-4-2(ESD),EN61000-4-3(RS)EN61000-4-4 (EFT),EN61000-4-5(Surge),EN61000-4-6(CS) Shock DINEN60068-2-27 Vibration DINEN60068-2-6 Warranty WarrantyPeriod 3years MTBF 135,270hrs Ordering data Models LAN/WANrouter (FirewallandNATOnly) Type IE-SR-2GT-FN Part No. 1489940000 59