Cyrus

Industrial Firewall

CYRUS industrial firewall has an integrated engine for deep inspection of industrial communication traffic, industrial VPN, industrial IPS (intrusion prevention/prevention system) and vulnerability signatures and comprehensively protects the industrial control system network. Control networks require trust and reliability, but these networks are very vulnerable to everyday security issues. Poor network topology, unprotected network entry points, unpatched PCs and vulnerable PLCs and human errors can lead to significant production losses and even safety issues. CYRUS industrial firewall is a distributed security solution that implements cyber security protection in your control network quickly and at the lowest cost. The flexible structure of CYRUS allows you to increase the security of critical points in the industrial network and to manage and protect critical system components throughout the control network. CYRUS industrial firewall helps you meet NERC CIP requirements and ISA / IEC 62443 standards.

Product features

  • Firewall/NAT/VPN/Router all in one device
  • Remote access with secure VPN and high-speed hardware encryption
  • DPI capability on industrial protocols including Modbus TCP/RTU, OPC Classic, OPCUA, DNP3, IEC104, Siemens S7 and Ethernet/IP
  • The ability to add required industrial protocols in the next firmwares 
  • Intelligent detection of industrial protocols from the passing traffic and creating simple policies on them 
  • Port Aggregation and Port Linkage capabilities
  • Support for High Availability
  • Support for all kinds of predefined and general industrial protocols to create policies
  • Powerful IDS/IPS
  • Detailed and in-depth inspection of industrial protocols
  • Easy setup (NAT)
  • With Port bypass technology (when the firewall is off, two ports are connected like a switch and the firewall is easily removed from the circuit.)
  • VLAN support
  • Working temperature range from 40 up to 75 degrees Celsius

Product features
Compatible with industrial environments and with military grade CYRUS industrial firewall include two types of Track mounted and Rack mounted. Rack mounted industrial firewalls are low in terms of temperature and humidity and resistance to dust and generally have fans, for this reason they are placed in places such as monitoring and control rooms or places with suitable temperature and humidity conditions. They are installed inside the rack. Track mounted industrial firewalls usually have high resistance to temperature, humidity and dust and are fanless and have the ability to be placed and installed directly in ZONE 0 on the production line or inside the electrical panel. CYRUS industrial firewall has the following outstanding environmental features:

Protection against environmental conditions:
CYRUS industrial firewall can work in very hot and cold environments. The operating temperature of the industrial firewall is from -40°C to +75°C and the storage temperature is -40°C to +80°C and the humidity is 5% to 95% without condensation.

Protection against intrusion:
CYRUS industrial firewall has an all-metal shell that acts as both shock protection and cooling, and objects with a diameter larger than 1 mm cannot penetrate inside it, it has the IP40 standard and is completely .It is in accordance with the conditions of industrial environments. Reliability: CYRUS industrial firewalls have two redundant power supplies, and the Bypass port makes it possible to turn off the firewall when necessary. Device operation as Stateful Failover increases operational reliability.

Three-way defense in depth:

  • CYRUS industrial firewall supports Ethernet and Serial connections. Therefore, it can be installed in various industrial zones.
  • CYRUS industrial firewall supports 3 layers of industrial network and key nodes. This firewall can protect the management network, monitoring network and production line network against Cyberattacks. It can also isolate different lines of the industrial network layer by layer according to the region and location. CYRUS industrial firewall can also be placed between PLC and engineering stations. Therefore, based on the design of the industrial network and the defined defense structure, the capabilities of the industrial firewall can be used in different industrial sectors. 

Flexible combination and customization of security functions
Industrial production lines usually have a variety of control and monitoring products from different brands and naturally use different protocols, IPs and ports. Setting up and configuring their security requires spending time and has a lot of complexity. CYRUS industrial firewall has different filters based on IP, Port and industrial protocols and identifies products with different brands. This feature will reduce the configuration and setup time of the industrial firewall. Due to the powerful user interface designed on the web, creating filters based on existing protocols is easily possible.

Protection of industrial protocols 

  • CYRUS industrial firewall identifies industrial protocols based on layer 2 EtherType ID, which can be defined in the firewall and the required policies can be easily set, created and applied based on it. Also, CYRUS industrial firewall is able to identify more than 10 types of industrial protocols (IPDS) that are already defined in the firewall and by choosing each one, you can easily identify different transit protocols and log their performance.
  • The industrial firewall has modules for deep analysis and filtering of industrial protocols such as Modbus TCP/RTU, OPCDA, OPCUA, Ethernet IP, DNP3, IEC104, Siemens s7.

Input/Output Interface

Alarm Contact Channels 1 relay output with current carrying capacity of 1 A @ 24 VDC
Relay Channels 1

Ethernet Interface

Combo Ports (10/100/1000 BaseT(X) or 100/1000 Base SFP+) 5
Standards IEEE 802.1Q for VLAN Tagging IEEE 802.3 for 10BaseT IEEE 802.3ab for 1000BaseT(X) IEEE 802.3u for 100BaseT(X) and 100BaseFX IEEE 802.3x for flow control IEEE 802.3z for 1000BaseSX/LX/LHX/ZX

Ethernet Software Features

Management Back Pressure Flow Control,  DHCP, HTTPS, SMTP, SNMPv1/v2c/v3,
Routing Throughput: 40,000 packets per second (max. 500 Mbps)
Routing Redundancy VRRP
Security HTTPS/SSL, SSH, IPsec
Time Management NTP, SNTP

Switch Properties

Max. No. of VLANs 100

DoS and DDoS Protection

Technology ARP-Flood, FIN Scan, ICMP-Death, NEWWithout-SYN Scan, NMAP-ID Scan, NMAPXmas Scan, Null Scan, SYN/FIN Scan, SYN/RST Scan, SYN-Flood, Xmas Scan

Firewall

Deep Packet Inspection Modbus TCP/RTU , OPCDA , OPCUA , Ethernet IP , DNP3 , IEC104
Filter DDoS, Ethernet protocols, ICMP, IP address, MAC address, Ports
Quick Automation Profiles DNP, EtherCAT, EtherNet/IP, FOUNDATION Fieldbus, FTP, HTTP, IEC 60870-104, IPsec, L2TP, LonWorks, Modbus TCP, PPTP, PROFINET, RADIUS, SSH, Telnet
Stateful Inspection Router firewall , Transparent (bridge) firewall
Throughput Max. 40000 packets per second (max. 500 Mbps)

IPsec VPN

Authentication MD5 and SHA (SHA-256) | RSA (key size: 1024-bit, 2048-bit) | X.509 v3 certificate
Concurrent VPN Tunnels Max. 100 IPsec VPN tunnels
Encryption 3DES, AES-128, AES-192, AES-256, DES
Protocols IPsec
Throughput Max. 150 Mbps (Conditions: AES-256, SHA-256)

NAT

Features 1-to-1, N-to-1, Port forwarding

Real-Time Firewall / VPN Event Log

Event Type Management log, System log, Security protection, Firewall, High Availability
Media Local storage, SNMP Trap, Syslog server

Serial Interface

Console Port Web /SSH/CLI, and RS-232 serial console

Sign up for news