Data Sheet
RL1000GW
Small Form Factor Substation-Rated Secure Ethernet Layer 2 Switch/Layer 3 Router,
with Optional 2G/3G/4G LTE Cellular Radio Link, and 100/1000 Mbps SFP Uplink Port
Cyber-Physical Integration
Integrated within the enhanced-security RL1000GW, is a physical identity server system, allowing the use of external
authentication hardware, such as magnetic card readers, biometric identification sensors, facial recognition cameras, etc., to
create a two-factor authentication to the APA feature. This provides an additional level of validation of the user and his/her
credentials, prior to granting the user network access. Once the authentication is validated and approved, a set of defined
policies allow the authenticated technician to perform their task.
Enhanced SCADA-Aware Firewall
A whitelist-based firewall is provided for every Ethernet and serial data port, so full firewall protection is available at all remote
sites within the network. Every SCADA protocol packet (IEC 61850, DNP3 RTU/TCP, ModBus RTU/TCP, and IEC 101/104) is
scanned and validated by the firewall engine for its source and destination, as well as its protocol and packet content.
The structure of the distributed firewall allows the creation of a unique firewall at each access point to the network. This is
critical for securing against insider cyber-attacks, compromised field devices, man-in-the-middle attacks, and a myriad of
alternate attack vectors, by providing a secure baseline.
Two firewall states are included: Monitoring, and enforcing. The monitoring state provides an alarm at the control center for
any network violation, without blocking the network traffic. The enforcing state is extremely effective for blocking suspicious
traffic, while also triggering a violation alarm at the control center.
DPI (Deep Packet Inspection) SCADA Protocols Firewall
ComNet’s distributed DPI firewall ensures that the operator will have full control over the network, even when faced with a
sophisticated attempt at breaching the network. Monitoring SCADA commands, this highly robust whitelist-based firewall
analyses SCADA network traffic, and is provided for every Ethernet and serial data port, so full firewall protection is available at
all remote sites within the network, as well as all IEDs, RTUs, PLCs, or any other device connected to the network. Every SCADA
protocol packet (IEC 61850, DNP3 RTU/TCP, ModBus RTU/TCP, and IEC 101/104) is scanned and validated by the firewall
engine for its source and destination, as well as its protocol and its specific packet
Any detected abnormal traffic behavioral patterns are blocked, any affected subnets are isolated, and alerts are automatically
generated.
Ease of Installation and Network Integration
High levels of cyber-security experience are not required to successfully deploy the RL1000GW. It is fully supported by
ComNet’s Reliance Product Configuration Utility and CLI, allowing the secure switch/router to be easily configured, and to
diagnose network and security functions.
Configuration of the secure firewall is also simple. Once connected to the user’s network, the RL1000GW immediately
begins to collect and analyse information across the network, including from other connected devices, traffic behavior, etc.
Recommended firewall rules are then suggested to the user; the implementation of these rules is optional, and they can be
easily edited using the Configuration Utility.
OAM (IEEE 802.3-2005 & IEEE 802.1ag) and QoS are also supported. Strict priority, Weighted Round Robin (WRR), ingress
policing, and egress traffic shaping are included for traffic management.
Serial Data Interface
The 2-port serial interface is available for applications including terminal server with protocol gateway and serial tunnelling
functionality, and provides direct connectivity to legacy RS-232 or 4-wire RS-485 serial data IEDs, RTUs, PLCs, and other devices.
PRODUCT OPTIONS
Cellular Radio Option
An internal 2G/3G/4G LTE GPRS/UMTS cellular radio modem, with 2 SIM card slots for maximum network reliability and
availability. All world-wide cellular radio frequency bands are supported.
100/1000 Mbps SFP Uplink Option
Provides one high-speed 100/1000 Mbps SFP uplink port for direct connection to fiber, via ComNet-furnished SFPs
PRODUCT DESCRIPTION (Cont’d)
LIFETIME WARRANTY WWW.COMNET.NET TECH SUPPORT: 1.888.678.9427