VCL-5010

Firewall and Security:

• Ruggedized, IEC-61850-3 compliant firewall
• Fanless, High-reliability hardware
• Suitable for installation in sub-stations, SCADA and industrial networks / harsh environments
• Secure Boot
• Firewall Security:
• Inclusion Policy - Access Control based upon White List IP addresses, MAC address and IP Domain
• Exclusion Policy - Access Control based on Black-List Continuous monitoring of the TLS connection to nullify MitM attacks.
• Non-volatile Access Log with capability to "fingerprint" all successful and failed log-in attempts and keep a log of the IP addresses of all successful and failed logins / login attempts.
• Resistance to Denial of Service (DoS) Attack
• SSH (Secure Access Control) with encrypted password protection.
• VCL-5010-F offers a wide range of VPN technologies ranging from modern SSL VPN's to IPsec. Site-to-Site and road warrior setups are possible and with the integrated OpenVPN client exporter, the client can be configured within minutes.

Firewall - Features and Capabilities:

• Deep Packet Inspection (DPI)
• Point-to-Point Data encryption between two terminals
• Point-to-Multipoint - Data encryption / VPNs between multiple RTU Terminals and the IEC 60870-5-104, DNP server(s), MODBUS and C37.118 PMU data between substations & Load Dispatch Centres / SCADA Management and Rail Traffic Control Centres.
• Per-frame/packet authentication
• Firewall
• Port based, MAC based, IP Address based
• IP Domain based
• Whitelist and blacklist options
• Allows traffic based on user configured rules
• Traffic Shaper
• Two-factor Authentication with time-based OTP for secure access
• Forward Caching Proxy (transparent) with Blacklist support
• Virtual Private Network (OpenVPN site to site and remote VPN client support)
• IPSec Site to Site Tunnels
• Encryption Algorithms: AES-128, AES-256
• Auth Digest Algorithm: SHA512 (512 bit)
• High Availability & Hardware Ethernet Failover using VCL-Safecomm-E
• Intrusion Detection and Prevention
• Built-in reporting and monitoring tools including real-time graphs
• Network Flow Monitoring
• DNS Server, DNS Forwarder, Dynamic DNS
• DHCP Server and Relay
• Stateful inspection firewall
• Granular control over state table
• 802.1Q VLAN support
• Infrastructure neutral
• Transparent to network and applications
• Easy installation and management
• LDAP user authentication support
• Export logs locally or on a server.

Typical VCL-5010-F Deployments:

• Utilities - Power, Oil and Gas, SCADA Installations.
• Industrial Applications.
• Campus IP Networks, for all types of data, voice and video over IP applications
• MPLS meshed-networks
• Metro Ethernet and VPLS networks
• Cloud applications