IFW

Basic functions

firewall including integrated access control based on traditional quintuples, protocols, assets, and time; support transparent, routing, and hybrid deployment; provide built-in multiple industrial protection models and custom protection rules.

Industrial DPI

support in-depth analysis of a variety of industrial protocols, including OPC, Modbus/TCP, Modbus/RTU, Ethernet/IP, IEC104 and EIP protocols, which can achieve instruction-level access control.

Private protocol custom control

support custom filtering policy of bit-level, fully guaranteeing the security of private protocol definitions; extensible rule engine based on natural language for custom message resolution.

Traffic self-learning

intelligent traffic learning and automatic recommendation of security policy to easily operate and manage. Flow visualization to gain insight into industrial network.

Industrial VPN

integrate the professional VPN module of Venustech, which can provide encryption protection for industrial protocols.

Industrial IPS

built-in industrial intrusion prevention engine, which can protect private protocols or specific attacks of industrial systems. Relying on the research results of Venustech ADLab, the incident library is faster, more accurate, and more suitable for integration IT/OT.

Product environment adaptability

industrial production requires high environmental adaptability of network security equipment, and many industrial sites are even in unattended environments. Therefore, industrial firewalls must have predictable performance to the environment and a good level of interference under extreme conditions. IFW-3000 can well meet the mechanical requirements (such as shock, vibration, stretching, etc.), climate protection requirements (such as working temperature, storage temperature, humidity, ultraviolet light), and intrusion protection requirements (such as protection level, pollution level), and electromagnetic radiation and immunity requirements (emission, immunity); at the same time, it has high availability at the network level and equipment level.

Multi-working mode

Industrial networks have the highest requirements for availability. Users need to fully grasp the operating conditions of the industrial network before making appropriate and effective security strategies based on actual conditions.

Centralized management

support for large-scale deployment of industrial firewalls, unified distribution of policies across the entire network, unified display of equipment performances, and centralized display of log alerts.

CRRC subway vehicle firewall project

Background: CRRC supplies subway which requires vehicle industrial firewall to isolate and protect the control network; it will be used as standard supply for CRRC subway or high-speed train.

Solution: special customization, support M12 interface\plug-in hardware\70℃ high temperature operation\5V or 24V power supply; other hardware indicators, such as earthquake resistance, electromagnetic design, meet GB/T25119-2010&GB/T21563-2008 and other standards. Deploy at the boundary of the vehicle control system at the front of the vehicle, which serves to isolate the vehicle control system from the passenger information system (PIS) and the public WIFI.

Longyan Tobacco Factory Workshop

Background: the tobacco is the first industry in China that clearly requires the division of security domains and provides security protection. The establishment of the "Tobacco Industry Industrial Control Network Security Baseline Specification" is used as a standard pilot for construction.

Solution: deployed in the silk processing workshop. The rack equipment is to filter the OPC protocol; Rail-type firewall is deployed at the front of the PLC equipment to filter and protect the PLC group.