SecFlow®-4 Modular Ruggedized SCADA-Aware Ethernet Switch/Router from RAD
The SecFlow-4 industrial Ethernet switch/router combines ruggedized Ethernet platform with unique SCADA-aware processing engine to fit the mission-critical industrial applications.
SecFlow-4 is a modular device with 7 interface slots. Each interface slot can house either an Ethernet module or a serial RS-232 module, enabling a flexible network configuration.
The system overall capacity can scale up to 28xGbE full-duplex throughput, with wire-speed switching for both Ethernet and IP.
SecFlow-4 is designed for installation under harsh environmental conditions. It features DIN-rail mount, IP30 protection level, wide temperature operating range (-0°C to +75°C) without fans, EMI immunity (IEC 61850-3, IEEE 1613, and EN 50121-4).
RAD SecFlow-4 Multi-Service Gateway
SecFlow-4 utilizes Ethernet ports for new IEC 61850 compliance IEDs for automation and teleprotection applications in substations. Additionally, SecFlow-4 is equipped with the serial interfaces for connectivity of legacy RTUs with new IP based IEDs. SecFlow-4 gateway converts legacy IEC-101 protocol to IP-based IEC-104, enabling seamless communication from the IP SCADA to both the old and new RTUs. This provides a single box solution for multi-service applications and smooth migration to all-IP networks.
Market Segments and Applications where the SecFlow-4 is commonly used:
SecFlow-4 addresses the following markets:
SecFlow-4 ( SF-4) from RAD is a SCADA aware firewll
SecFlow-4 supports an integrated firewall per port, providing a network-based distributed security designed especially for SCADA applications (IEC 104, Modbus TCP, and DNP3 DCP). The device monitors SCADA commands, using deep packet inspection, to validate if they fit the intended application purpose. Additionally, the device features a VPN gateway with two operation modes:
Inter-site VPN based on GRE tunnels over an IPSec encrypted link ensures L2/L3 transparent connection of the Ethernet networks sites.
For remote access, the switch uses an SSH-encrypted tunnel, with user authentication and specific access authorizations.
SecFlow-4 Ethernet Quality of Service ( QOS )
Flexible QoS techniques ensure differentiated service delivery end-to-end. SecFlow-4 utilizes the following traffic management methods: strict priority, Weighted Round Robin (WRR), MDDR, and egress traffic shaping. SecFlow-4 IP address might be private behind NAT, or public.
OAM of the RAD SecFlow-4
SecFlow-4 provides these types of Ethernet OAM:
Resiliency of the RAD SecFlow-4 Modular Ruggedized SCADA-Aware Ethernet Switch / Router
SecFlow-4 supports Ethernet protection ring according to G.8032, enabling fast failure detection and switchover. Traditional resiliency protocols such as RSTP (Rapid Spanning Tree Protocol) and MSTP (Multiple Spanning Tree Protocol) per IEEE 802.1D are also supported. Link aggregation is performed according to IEEE 802.3ad with LACP allowing aggregation of point-to-point links operating at the same data rate. This enables the switches to take advantage of increased bandwidth.
RAD SecFlow-4 Interoperability
SecFlow-4 is compatible with SecFlow-2. In addition, it operates with RAD’s Airmux broadband wireless radios, providing PoE feeding to the Airmux outdoor units (see Ordering).
SecFlow-4 ( SF-4 ) Management
The device can be managed via RADview, RAD’s carrier-class NMS for Windows and Unix, and SecFlow Network Manager that provides end-to-end management for SecFlow devices. SecFlow-4 also supports a variety of access protocols, including CLI, Telnet, Web, SNMPv3, and TFTP
SecFlow-4 recommended configurations
Chassis Switch Configuration
SF4/SP/48DCR SecFlow-4 chassis, L-2 switch functionalities, central processing and management module, dual 48 VDC power supply
SF4/SP/24DCR SecFlow-4 chassis, L-2 switch functionalities, central processing and management module, dual 24 VDC power supply
Router/ Switch Configuration
SF4/RP/48DCR SecFlow-4 chassis, L-2/3 router/switch functionalities, central processing and management module, dual 48 VDC power supply
SF4/RP/24DCR SecFlow-4 chassis, L-2/3 router/switch functionalities, central processing and management module, dual 24 VDC power supply
SF4-PS-24VDC 24 VDC power supply
SF4-PS-48VDC 48 VDC power supply
SF4-M-4GBE-U SecFlow-4 module with four 100/1000BasteT UTP Ethernet ports
SF4-M-4GBE-POE SecFlow-4 module with four 100/1000BasteT UTP Ethernet ports and 30W PoE
SF4-M-4GBE-S SecFlow-4 module with four 10/100/1000BasteFx SFP Ethernet ports
SF4-M-4RS232 SecFlow-4 module with four RS-232 serial ports
SF4-M-2RS232-1RS485 SecFlow-4 module with two RS-232 serial ports and one RS-485 serial port
SF4-M-Service Service module with firewall, serial tunneling, VPN functionalities and discrete input/output interfaces
SF4-M-MNG Central processing and management module with local terminal and out-ofband management ports
Accesories supplied with the RAD SecFlow-4 switch / router
CBL-SF-RJ45-CONSOLE Console cable (delivered with SF4-M-MNG)
SF4/RM1 Kit for mounting SecFlow-4 into a 19-inch rack
CBL-RJ45-DB9/null Serial cable, DCE wiring