M2M is now here!


                   has arrived!

Hirschmann Ethernet
       Hirschmann FAQ
IDEM Safety Switches
B&R Automation
Machine Builder / OEM 
  Top 5
Specials & Promotions
Hear a celebrity
endorsement of Daanet  

B&R Automation sponsor new PACE Zenith Awards 'Machine Builder' category
B&R Sponsored 2012 Zenith Awards 'Machine Builder' Finalists Announced

B&R Automation are pleased to announce the finalists in the Zenith Awards Inaugural 'Machine Builder' Cate..

Industrial Ethernet Network Design Training - Phuket July 2012

A 3 day event - everything you wanted to learn about Industrial Ethernet Design. Join us in Phuket Thailand fr..

Another new product - Daanet launches AUER Signalling Solutions

AUER Signalling Solutions - Industrial Tower Lights, Sounders and Beacons Continuing the promised roll..

Secomea at NMW 2012

Michael Ferdindansen from Denmark will represent Secomea at NMW from May 8 2012 in Sydney. ..

B&R Automation Sponsor 2012 PACE Zenith Awards

Introducing a new 'Machine Builder' category, B&R Automation have announced their sponsorship and supp..

RMIT announce delivery of Hirschmann certified industrial ethernet training.

Daanet has delivered quality Hirschmann Industrial Ethernet solutions to the Australian market for over 8 ..

B&R Automation - Motion Control Starter Pack

Features Servo Drive, Motor and Cables Available only in conjunction with the PP65 HMI/Controller Starter ..

B&R Automation - HMI Embedded Controller Starter Pack

Features HMI/Controller, I/O and Software For little more than the cost of a High-Resolution ..

B&R Automation - Modular I/O Starter Kit

This may be the last I/O you ever need! By combining the best features of distributed, rack-based and ..

Hirschmann Visio & ACAD Templates Available

Freely available upon request, Hirschmann provide AutoCAD templates of many common switches to bona fide custo..

openSAFETY from B&R Automation
Clarity about Voltage, Current and Frequency - B&R presents the X20AP Energy Measurement Module

Energy Measurement IO Module for X20 PLC The first step to improving energy efficiency is being able to me..

Precision Time Protocol - New PTP V2

The Precision Time Protocol makes extremely precise clock synchronisation possible in the sub-microsecond area..

openSAFETY - The world's first uniform safety standard now certified.

For a long time now, the automation industry has been demanding a uniform standard for safety systems because ..

Network Security - EAGLE20 Firewall

Hirschmann EAGLE20 is an industrial Industrial Ethernet Network Security - Hirschmann EAGLE20hardware firewall providing a customisable network gateway to control exactly which traffic is allowed to pass to the protected network. While standard Layer 2 switches employ a number of basic security features, filtering at the IP and Protocol layers requires a proper firewall to manage threats.

EAGLE20 is the 4th generation of the world's first high performance hardware firewall built for the industrial environment. Offering 99% line speed (100Mbps) throughput, it offers users a high performance yet straightforward means of protecting their network, tying down access to defined users. In addition, the presence of IPsec based VPN provides the ability to generate secure tunnels across both internal networks and the internet. Other EAGLE20 features include Network Address Translation (NAT) 1:1 and 1:many, Denial of Service (DoS) protection, and an unique Firewall Learning Mode that simplifies the development of firewall rules.

Firewall Concept

Like the firewall in a car which separates the occupants from the heat of the engine, a network firewall is generally a 2 port device, separating two LAN segments that can be of the same or different IP subnets. One LAN will be nominated as the protected or secure segment, the other is seen as the source of threats. Rules are placed in the firewall that are applied to every datagram entering both device ports. As the result of these rules, the datagram is either passed, dropped, or rejected; the latter case meaning the sender is notified.
The rules are in effect filters, and a simple GUI allows the filter criteria to include any combination of MAC address, IP address, TCP/UDP port, or from a list of transport layer protocols such as ICMP and IGMP for example. For specific automation application layer protocol filtering, or deploying security to a large network, the new EAGLE20 Tofino is recommended - a distributed network security system with centralised configuration and management.

Applications

  • The most common application is forming a connection between the corporate and production networks. Usually built on different IP subnets, the IP routing capability of EAGLE20 comes into play. The firewall rules then are used to ensure that only the required traffic is passed between the networks. This may be web traffic via the corporate DSL connection to certain authorised production users, or it may be to deliver real-time production data to view clients located in the corporate network.
  • The extension of this corporate/production connection is the DMZ Firewall - Hirschmann EAGLE20Demilitarised Zone (DMZ) - see right. Using two back to back EAGLE20s creates a LAN Segment which both networks can access, while prohibiting a direct transfer between the networks. The DMZ commonly holds shared resources like web or historian servers
  • Also common is the 'safe maintenance port'. This is used to ensure that visiting technicians have access restricted to a specific range of network devices. The ability of the EAGLE20 to contain multiple stored profiles makes it a simple process to activate a particular named configuration. Some organisations take this further, having a dedicated workstation loaded with all development software to ensure not only restricted access, but also to quarantine the network from virus infection.
  • On occasions, an existing LAN requires separation and the installation of a gateway to control access to resources. One method is the use of VLANs. Another is the EAGLE20, set in transparent mode and configured to restrict traffic as required.
  • Many sites operate multiple identical production cells. Having the ability to have the programs and configurations identical, while still connecting them to a common network is desirable. Network Address Translation (NAT) found in the EAGLE20 creates an unique identity for each cell from the perspective of the external network. Common pre-configured spares may then be kept, and installed in a cell quickly without modification.
  • Need an economical Layer 3 IP Router? EAGLE20 can quickly be configured to route between two different IP subnets, including providing static routes, router redundancy and NAT. As a simple industrial 2 Port Router, EAGLE20 is unsurpassed.
 Network Address Translation (NAT) - Hirschmann EAGLE20 Firewall

Operation Modes

  • Out of the box without any configuration, EAGLE20 provides 'Stateful Inspection' to restrict traffic to that initiated from the protected network only. Coupled with the default DoS (Denial of Service) protection, this mode alone provides peace of mind that access from an untrusted network is denied.
  • 'Transparent Bridge' mode is used to create a gateway between two LAN segments on the same IP subnet, with the custom firewall used to control the traffic passing between the segments.
  • 'Router Mode' - connect two existing different subnets (for example, the control and IT networks) while controlling the traffic to satisfy concerns of both parties.
  • 'Demilitarised Zone (DMZ)' - provide secure shared access to resources like email and web servers.
  • VPN - advanced IPsec authentication and encryption (PSK or certificate) to achieve the highest level of security. 

Why a hardware firewall, won't Windows do?

  • Windows' firewall will protect your PC, but it doesn't act as a gateway to control traffic between non-PC devices. EAGLE20 can be placed anywhere in the network.
  • Unlike PC based firewall systems, there is no need with EAGLE20 to install additional drivers or software.
  • As all security functions are integrated into the self-contained EAGLE20 platform, there is no need to reconfigure the system being protected. 
  • EAGLE20 is considerably faster, avoiding bottlenecks.

    Industrial Security Firewall - Hirschmann EAGLE20

Why Hirschmann EAGLE20?

  • A hardware firewall with any combination of fibre and copper ports.
  • 'Firewall Learning Mode' to identify and categorise traffic, then test configuration prior to deployment.
  • Maximum data throughput via encrypted high speed VPN (16 tunnels)
  • Individual firewall within each VPN
  • NAT and 1:1 NAT
  • USB port for Auto Configuration Adapter
  • Industrial credentials - DIN Rail mount, metal case, redundant power supply, fault contact, compatible with industrial redundancy topologies such as HiPER-Ring, Link/Ring Coupling and Router Redundancy.
  • Remote administration via internet or dial-up, RJ11 port for Telnet connection.
When you need point control of network traffic, nothing compares to Hirschmann EAGLE20 Network Security.

Manuals

Hirschmann Manual - EAGLE20 User Manual Hirschmann Manual - EAGLE20 User Manual (3970 KB)

- General Configuration Information

Hirschmann Manual - EAGLE20 Reference Manual Hirschmann Manual - EAGLE20 Reference Manual (3344 KB)

- Detailed Web GUI Instruction

Hirschmann Manual - EAGLE Migration Instruction Hirschmann Manual - EAGLE Migration Instruction (274 KB)

- EAGLE and EAGLE mGuard Migration Instructions

Hirschmann EAGLE20 Firewall with VPN - industrial network security made easy and affordable.

Like to know more?
Call us on 1300 DAANET (1300 322 638), or send an enquiry below.
Please note that Daanet only supplies to Australian & NZ customers.


Enquiry Form
Company  :
First Name  :
Surname  :
Email  :
Phone  :
Mobile  :
Post Code  :
Country  :
Details of Enquiry  :