Tofino Xenon – The Ideal Firewall for Industrial Networks

Tofino - Award winning firewall for industrial networks

Designed to withstand the harshest industrial conditions, the Tofino Xenon security appliance is ideal for industries, such as oil and gas, power and transportation.

This firewall complies with global standards and is easy to integrate into existing networks. Its unique “test mode” reduces installation risks, such as network interruptions or configuration errors.

Loadable Security Modules (LSMs) allow the Tofino Xenon to be highly customized to meet the security needs of different protocols, industries, and environments.

The Tofino Xenon security appliance is the latest addition to the Tofino family of security devices purpose built to meet the needs of industry. This device, which ensures maximum data security for production networks, is a combination of the proven Tofino software with state-of-the-art hardware.

Thanks to its reduced power consumption, it also offers significantly lower operating costs. In addition, the extended operating temperature range of the Tofino Xenon means that it can often be used without supplementary air conditioning equipment. A further plus is its support for redundant power supplies operating at any voltage from
12 to 48 V DC (or even 24 V AC).

Industrial firewall protecting the secure zone

Applications

The robust design of the Tofino Xenon enables it to withstand the harshest environmental conditions and it can be used wherever maximum data security is called for. This makes it the ideal industrial security appliance for mechanical and plant engineering and industrial automation. Other areas for its versatile use include the transportation sector, with applications ranging from road and rail transport right through to shipping. Indeed, the Tofino Xenon has been certified by Germanischer Lloyd for this very purpose. Since this security appliance is also approved for substations (IEC 61850-3) and for explosive environments (ATEX and ISA 12.12.01 HazLoc), it can also be used in the oil and gas sector as well as in power transmission and distribution systems and renewable energy applications such as wind farms.

Tofino Xenon benefits for industrial firewalls

The Tofino Xenon security appliance is the ideal solution for segmenting a control network
into security zones. It can be installed into an existing control system with no changes to the network, forming, conduits‘ of communications between the zones. The control engineer defines rules that specify which network devices are allowed to communicate and what protocols they may use. Deep Packet Inspection (DPI) options allow detailed filters to enforce security policy such as only allowing read commands to be sent to a PLC.

Tofino’s flexible architecture allows you to create security zones – Zone Level Security –
throughout your control network to protect critical system components. Tofino helps you
meet and exceed NERC CIP requirements and ISA/IEC-62443 Standards. And best of all,
it helps you avoid expensive down time and achieve optimal performance in your plant.

Tofino Xenon Security Appliance

The free Tofino Configurator software makes it easy for the control technician to define rules that specify exactly which devices are allowed to communicate, what protocols they may use, and what actions those protocols perform. Any network traffic that does not fit the rules is automatically blocked by the Tofino Xenon and reported as a security alert.

The standard Tofino Xenon includes a stateful firewall with layer 2, 3 and 4 filtering. Adding
Enforcer LSMs provides stateful DPI to manage traffic based on high level message content, such as the commands/services being used or the registers/objects being accessed. There are multiple
Enforcers available – each one providing inspection for a different protocol. The LSMs can be preloaded onto the Tofino Xenon at the factory, or purchased and installed at a later date as your needs change. Other features of this security appliance include extensive management facilities and diagnostic tools, a robust metal housing for DIN rail mounting, and a redundant power supply for both DC and AC.
The Tofino Xenon allows for operating temperature ranges from 0°C to +60°C or from -40°C to +70°C. In addition, there are variants for twisted-pair cables or multimode fibers, as well as with a variety of certifications and approvals including ATEX, IEC 61850-3 and EN 50121-4.

Benefits of the Tofino Xenon Firewall for industrial networks

  • All-around protection of automation networks with an optimal price-performance ratio
  • Stateful firewall with 2, 3 and 4 filtering for all Ethernet-based protocols
  • Additional application layer filtering for SCADA and ICS protocols using flexible LSMs
  • Prevention of Denial of Service (DoS) attacks with rate limit controls
  • Simple configuration over the network or with ACA21-USB using the Tofino Configurator
    software
  • Test mode for verifying firewall rules without risk to your operation
  • LSMs pre-installed at factory or purchased separately
  • Simultaneous event logging to remote syslog servers and local nonvolatile memory
  • Audit capabilities for tracking configuration changes
  • Safe installation in live networks without shutdown
  • Tested for use with all major control system products
  • Optional extended operating temperature range from -40°C to +70°C (standard is 0°C to +60°C)
  • Variants for twisted-pair cables (RJ45) and multimode fibers (SC)
  • Robust metal housing for DIN rail mounting
  • Meets principal standards and approvals:
    • Energy sector: IEC 61850-3, IEEE 1613
    • Hazardous areas: ATEX, ISA-12.12.01 Class 1 Div. 2
    • Transport sector: EN 50121-4
    • Shipping: Germanischer Lloyd
  • Perfectly tailored for use with all Ethernet products from Hirschmann.

For more information contact Fons de Leeuw, Profitek, +27 (0)12 345 6544

benefits of firewall for industrial networks

Click on image to enlarge