Comprehensive protection of the network

The IIoT trend has increased the need for better production transparency and control, leading to higher demands on access security. Phoenix Contact offers a Secure Edge Box to address these challenges. Data acquisition solutions often have different interfaces and communication protocols, making them confusing and difficult to administer. In addition, the diversity of solutions requires a high level of expertise, which may require external help. For this purpose, a standardized and secure remote connection to the peer must be set up. At best, a secure edge interface is established between manufacturing and other networks. To support users, Phoenix Contact offers a Secure Edge Box that solves the challenges listed..

Signal light for checking VPN connections

The Secure Edge Box is a tool used to protect production from attacks and sabotage by controlling data traffic and dividing the network into small areas. It uses an industrial firewall router, the mGuard firewall, to separate the lower-level network from manufacturing. In addition, firewall rules can be entered or managed centrally using the mGuard Device Manager tool. The box also allows remote VPN access, allowing employees to monitor the VPN connection status.

Additional security settings via a managed switch

The box features a second switch controlling the DMZ port of the firewall router, allowing service technicians to access specific devices in the area via this port. The mGuard firewall records the configuration through digital inputs. Additionally, if the control cabinet door is opened and there is a potential risk of tampering on site, the mGuard firewall can send an alert to a configurable receiver. A managed switch with 16 ports from the FL mGuard 2000 series is used for networking. Additional security settings can be made when configuring the switches, including user administration and authentication on RADIUS or LDAP servers.

Edge PC for data acquisition and forwarding to a cloud

The edge PC with PLCnext Runtime in the Secure Edge Box can be upgraded via the PLCnext Store, a digital marketplace for PLCnext Technology. It can implement local data acquisition with visualization and anomaly detection. In this way, for example, energy data or analog sensor data is transmitted to the edge PC via MQTT or OPC UA. With the second approach, the data is forwarded to an online hosted cloud. The edge PC normalizes, compresses, and stores data temporarily, ensuring compatibility with almost all systems. Both approaches can be used in parallel to increase data availability, and additional apps for data anomaly detection can be installed. Regulatory intervention in the process is also possible.

Ready-made, functionally extendable control cabinet solution

Additionally, the Secure Edge Box can be ordered as a ready-made control cabinet solution. In addition to CE-marked it compiles with the UL 508A standard. It can be extended with additional switches or othr components. The box features a main switch, VPN tunnel, and DMZ port control, and a signal tower. Moreover, it can accommodate up to 60 cables using a cable entry system. The box protects against cyberattacks by controlling incoming and outgoing data traffic, allowing local and cloud data processing.

Learn more about Digital Factory.