SecFlow-1 Ver. 4.0 - RAD Data Communications
Contents
1. The cellular modem echo quality tests are not supported LI Management and Security Description Status The Host Name parameter is not configurable Lr The Welcome banner is not configurable fr Only the default su user is available Po SFTP client can be used with fixed line only Workaround Use TFTP for cellular connection Telnet server cannot be enabled by user Le Proxy authentication is not supported Po DPI Firewall operates with TCP protocols IEC104 or Modbus only Modbus firewall is not supported when the both link sides are connected through the different SecFlow 1 routers Firewall and VPN cannot be used simultaneously Po Software Upgrade Description Status While using the tftp action to download a new software OS file Workaround Use the correct and the tftp CLI command is not accurately placed the command as detailed in the operation may fail resulting in the router losing its running user manual or use the EMS image Device allows activation of corupped version Workaround Verify the OS image was downloaded successfully If not or the tftp action was interrupted do not reboot the unit In this case download the file again 611 400 11 15 Full Version 4 0 02 67 Page 8 Release Note SecFlow 1 Version 4 0 02 RAD Solved Limitations Networking Description Status DM VPN co existence with dpi firewall over fixed network connection is supported RS485 4w support is2. Layer 3 VPN with encryption Support for large scale networks Filtering user traffic according to variety of criteria Better security and control of authorized traffic Variety of management tools Page 4 Release Note SecFlow 1 Version 4 0 02 Gi Your Network s Edge Compatibility SW Compatibility The SecFlow 1 version is released as a single compressed file SecFlow 1_4 0 02 67 tar Do not uncompress before installing and activating on the unit OS files available on the switch can be seen using the following command OS image show list The boot version is shown by the following command show system information Management Compatibility SecFlow 1 is managed by RADview version 4 2 and up Interoperability SecFlow 1 can operate with SecFlow 2 and SecFlow 4 Limitations Ethernet Description Status Total eth1 and eth2 ports throughput should be limited to e 1200 pps duplex with VPN e 5000 pps duplex without VPN Exceeding this limit may interrupt the management connection X 509 certificate authentication method is not supported Workaround Use pre shared keys When IP interfaces are not configured L2 traffic may be Workaround Set at least one switched between ethl and eth2 ports IP interface to avoid this behavior LED link indication may not be accurate when used in no autoneg mode 611 400 11 15 Full Version 4 0 02 67 Page 5 Release Note SecFlow 1 Version 4 0 02 Gi
3. Your Network s Edge Discrete Channels Description Discrete input and output channels are not supported a Serial Description Status Serial tunneling frame mode is not supported Workaround Use Byte mode Serial tunneling TCP mode is not supported Workaround Use UDP mode 9600 or 19200 Bd rate should be used for serial channel normal operation The serial channel control signals are not supported The serial channel bitstream mode is not supported 101 104 gateway operates in balanced mode only Modbus and TG809 gateways are not supported Po Terminal server operates in point to point topology and in TCP mode only QOS is not supported for serial services Timing and Synchronization Description Status System reload erases local the time settings Po Ports Description Status To complete SFP port configuration the user must e extract an SFP module and reinsert it e disable and enable the port using the CLI RAD SFP types SFP 9F copper 100 and Miric are not supported SFP 6 Fiber 1000 when autoneg OFF Led stays off when link Be is up 611 400 11 15 Full Version 4 0 02 67 Page 6 Release Note SecFlow 1 Version 4 0 02 RAD Description Status SFP 6 Fiber 1000 when a link is not connected to the SFP Led status is Green instead of OFF SecFlow 1 lt gt Cisco 3550 SFP 30 10 100 1000 Autoneg OFF Changing SecFlow 1 speed result Link up SecFlow 1 Li
4. available with relevant ordering option of hardware IEC 101 104 gateway supports SQ bit Cellular Description Status Fixed loop bug at the modem code resulting in the modem not transmitting traffic although it seems to be up and connected Bad initialization of the socket to the modem Fix bug related Sierra LTE 3 5G modem not allowing roaming i rts Ports Description Status SFP port configuration doesn t take effect automatically Types Workaround of 1000mbps only are supported 1 Take the SFP out and replace it in the port 2 Disable and enable the port via the CLI RAD SFP e SFP 9G and SFP 9F are not supported CopperSFPS SFPs Copper SFP state shows as down after system power loss SFP state shows as down after system power loss Fixed issue with Copper 10 100 1000 when Fixed Speed amp i aS are selected For non RAD SFP auto negotiation may not be supported Use fixed eee Eth2 is Eth2 is down after reload after reload 611 400 11 15 Full Version 4 0 02 67 Page 9 Release Note SecFlow 1 Version 4 0 02 Gi Description Status Rj45 LOO When connecting a device which supports 10 100 1000 at the eth1 port it must be set to a fixed speed of 100 or 10 with no auto negotiate Attempting to work in auto negotiation with such devices may cause CLI management to be interrupted Fix issue with Copper 10 100 1000 no Link after plug unplug when ETH2 port is set to fixed
5. Release Note SecFlow 1 Version 4 0 02 Gi Your Network s Edge November 4 2015 Status General Availability SEecFlow Ruggedized SCADA Aware Router Gateway SecFlow 1 is an Ethernet router gateway a member of RAD s SecFlow suite of ruggedized Ethernet family With a unique built in packet processing SCADA aware engine SecFlow 1 fits mission critical industrial applications It is most suitable for infrastructure used by utility companies with remote sites connected to a SCADA control center SecFlow 1 is installed at remote locations forwarding Ethernet or serial traffic over fiber optic or cellular links Main Features Ethernet Features Description Customer Benefits Ethernet 10 100 1000T SFP based port e Resilient redundant networking over interface 10 100BaseT RJ 45 port various WAN infrastructures Auto crossing Autonegotiation per IEEE 802 3ab Routing Up to 60 routing paths e Layer 2 and Layer 3 routing ina IPv4 single box Static routing OSPF v2 NAT Networking DHCP client e Additional MAC based pool allocation Serial Features Description Customer Benefits Serial Two RS 232 RJ 45 ports e Multiservice support in a compact interfaces One RS 232 and One RS 485 single device Serial RJ 45 ports 611 400 11 15 Full Version 4 0 02 67 Page 1 Release Note SecFlow 1 Version 4 0 02 RAD Features Description Customer Benefits Serial gateway Serial tunneling for byte oriented e Se
6. amless communication between IP streams SCADA equipment and both legacy Serial tunneling for frame streams and new RTUs featuring a single box Terminal server supporting for multiservice application and smooth migration to all IP networks Byte and frame modes TCP Configurable NULL_CR IEC 101 104 gateway Modbus RTU TCP gateway Cellular Features Description Customer Benefits Cellular GPRS UMTS or LTE US and e Utilizing cellular network for main link modem European banda e Improved link resiliency and service HSPA continuity using cellular backup links Two SIM cards Cellular band manual auto selection CLI reading of IMEI identifier Power control SIM redundancy based on RSSI Optional preference of preferred SIM VPN support IPSec support Operation as main network link Operation as backup link of fixed line 611 400 11 15 Full Version 4 0 02 67 Page 2 Release Note SecFlow 1 Version 4 0 02 Gi Your Network s Edge Resiliency Features Description Customer Benefits Cellular link Protection switching between the e Improved link redundancy Switch protection cellular ISPs SIM cards backup over between two cellular links based on ICMP according to predefined cellular signal strength threshold System reload System automatically reloads e Increased system reliability and when the cellular ISP is availability inaccessible Dynamic Dynamic routing protection using e Increased relia
7. bility of network routing OSPF connections Timing and Synchronization Features Description Customer Benefits Timing Local time setting e Flexible clock distribution and network synchronization Monitoring and Diagnostics Features Description Customer Benefits Port statistics Counters and statistics per port e Extensive diagnostic tools for fault monitorin LED indicators Power system and main ae s interfaces status indication Monitoring SFP parameters such as optical output power optical input RMON v1 Remote network monitoring power temperature etc IMEI reading CLI enables reading the Guaranteed SLA Service Level International Mobile Station Agreement of contracted Ethernet Equipment Identity service DDM reading SFP operation Digital Diagnostics Nemwork fauli manian Monitoring performance measurement and gathering of statistic data Trace route Displaying the route path and Monitoring and troubleshooting measuring transit delays of packets across an IP network Tcpdump Common packet analyzer Serial Set of tools for serial applications applications debugging and monitoring monitoring failures quickly using the Ethernet sniffer and debug serial link tools 611 400 11 15 Full Version 4 0 02 67 Page 3 SecFlow 1 Version 4 0 02 Management and Security Features Description Serial console Direct ASCII terminal connection port Inband Embedded terminal server ma
8. d in any way from such products Your undertaking in this paragraph shall survive perpetually RAD Data Communications Ltd http www rad com International Headquarters 24 Raoul Wallenberg Street Tel Aviv 69719 Israel Tel 972 3 6458181 Fax 972 3 6498250 Email market rad com North American Headquarters 900 Corporate Drive Mahwah NJ 07430 Tel 201 529 1100 Toll free 1 800 444 7234 Fax 201 529 5777 Email market radusa com
9. nagement CLI via Telnet or Remote CLI control via Telnet and SSH connection SSH TACACS Remote authentication for networked access control through a centralized server Syslog Severity Syslog for informational analysis and debugging levels messages Configuration Configuration file can be kept on external server database backup restore Remote software Software file download from the external server download System problems recovery tool Scheduled Preventive system reload according to a written system reload schedule EMS oo Element management system Port shutdown Disabling unoccupied ports Local User identification based on username and authentication password SSH server Secure Shell cryptographic network protocol support SFTP client SSH File Transfer Protocol support IPSec encryption using 3DEC or AES algorithm and IKEv1 Dynamic Kew Exchange L3 mMGRE DM VPN Dynamic Multipoint VPN based on Generic Routing Encapsulation VLAN stacking VLAN IEEE 802 1q double tagging Application Distributed application aware firewall per port for aware firewall ModBus TCP IEC104 DNP3 611 400 11 15 Full Version 4 0 02 67 Release Note Your Network s Edge Customer Benefits Key management system can negotiate a new secure access before the connection lifetime expires and avoid management disconnection Secured remote sites interconnected over public networks using Layer 2 or
10. nk down Cisco Changing Cisco speed result Link down SecFlow 1 Link down Cisco Auto negotiation may not be supported if a non RAD copper It is recommended to use RAD SFP is used copper SFP or RAD SFP 30 In this case use fixed speed SFP 9G 1000 Copper when autoneg is OFF LED stays off although link is up traffic is available and CLI state is up Support SGMII types of 10 100 1000 Ld Support type 1000mbps SERDES based with auto negotiation LF Rj45 SS The eth1 port is recommended to be used with auto negotiation mode default mode versus fix speed In a case where a SecFlow 1 router is connected to a second Workaround Disable Enable SecFlow 1 via their respective eth interfaces when changing the interfaces mode autoneg from off to on the speed is not changed In a case where a SecFlow 1 eth1 is connected to PC with Intel Workaround Disable Enable NIC and autoneg is OFF after reload the link is down the interfaces When using SFP 9G 1000 Copper the CLI show port output command indicates SFP type of 1000 Fiber Monitoring and Diagnostics Description Status Syslog e Cannot be enabled disabled e Cannot be saved to local file e Cannot be reset e Local and remote modes cannot function simultaneously 611 400 11 15 Full Version 4 0 02 67 Page 7 Release Note SecFlow 1 Version 4 0 02 Gi Your Network s Edge Description Status SFP port statistics counters cannot be reset Po
11. speed 10 or 100 with Autoneg OFF 611 400 11 15 Full Version 4 0 02 67 Page 10 Release Note SecFlow 1 Version 4 0 02 Marketing Contact eSupport Moshe Lavi Technical Information Center Product Line Manager Legal Notice This document contains information that is proprietary to RAD Data Communications Ltd RAD No part of this document may be reproduced or published or used in any form whatsoever without prior written approval by RAD Data Communications Right title and interest all information copyrights patents know how trade secrets and other intellectual property or other proprietary rights relating to this document and to the products described therein and any software components contained therein are proprietary products of RAD protected under international copyright law and shall be and remain solely with RAD The trade names mentioned in this document are owned by RAD No right license or interest to such trademark is granted hereunder and you agree that no such right license or interest shall be asserted by you with respect to such trademark You shall not copy reverse compile or reverse assemble all or any portion of this document or the Product mentioned therein You are prohibited from and shall not directly or indirectly develop market distribute license or sell any product that supports substantially similar functionality as the product mentioned in this document based on or derive
Download Pdf Manuals
Related Search