2903588

TC MGUARD RS2000/4000 4G VPN Industrial 4G mobile router (LTE) with integrated firewall and VPN Data sheet 107583_en_02 1 © PHOENIX CONTACT 2018-12-13 Description The TC MGUARD ... 4G VPN is an industrial 4G wireless router (LTE) with 3G and GPRS fallback, integrated firewall, VPN and alarm inputs and outputs. Features The devices offer high-speed Internet access via 4G mobile network with fallback to 3G (UMTS/HSPA) and 2G (GPRS/ EDGE). You can therefore benefit from the advantages of the Internet and communicate with your automation systems from any location over public mobile networks. – With the help of predefined configuration on SD cards, the devices can be easily and quickly started up or replaced. For secure key generation and management, the devices are equipped with a trusted platform module (TPM). – – – – – – – – – – – – High-speed mobile network interface with provider redundancy Integrated 4-port switch (managed for TC MGUARD RS4000 4G VPN) Maximum security with IPsec protocol on Layer 3 Web-based management, SNMP Replaceable configuration memory Comprehensive connection options RS-232 interface with COM server function for integrating serial devices Flexible routing Up to 10 parallel VPN tunnels (up to 250 possible with additional license as an option) Supports current certificates such as x509.v3 Stateful inspection firewall for dynamic filtering Connection for VPN enable button and VPN status LED Extended temperature range In light of the EoL (end-of-life) announcements regarding the mobile network chips used, the next device revision (hardware Version 02) will no longer offer a GPS interface. This means that these devices will no longer support time synchronization and positioning via GPS and GLONASS. The next device revision will be available in 2018. Devices with hardware Version 01 will continue to support these functions, even beyond 2019. If you require a GPS function in your application, please contact Phoenix Contact directly. Make sure you always use the latest documentation. It can be downloaded at: phoenixcontact.net/product/2903586 This document is valid for the products listed in 3 "Ordering data" . TC MGUARD RS2000/4000 4G VPN 2 Table of contents 1 Description .............................................................................................................................. 1 2 Table of contents ..................................................................................................................... 2 3 Ordering data .......................................................................................................................... 3 4 Technical data ......................................................................................................................... 4 5 Use outside of Europe ............................................................................................................. 9 6 Function................................................................................................................................. 10 7 Product description................................................................................................................ 11 8 Application example  ............................................................................................................. 12 107583_en_02 PHOENIX CONTACT 2 / 12 TC MGUARD RS2000/4000 4G VPN 3 Ordering data Description Type Order No. Pcs./Pkt. Security appliance, WAN and 4G mobile network interface, SD card slot, 10 VPN tunnels, intelligent firewall with full scope of functions, router with NAT/1:1 NAT, optional CIFS Integrity Monitoring, 4-port Managed Switch, 2 SIM card slots TC MGUARD RS4000 4G VPN 2903586 1 Security appliance with 4G mobile network interface, SD card slot, 2 VPN tunnels, firewall for easy configuration, router with NAT/1:1 NAT, 4-port switch, 2 SIM card slots TC MGUARD RS2000 4G VPN 2903588 1 Accessories Type Order No. Pcs./Pkt. Patch cable, CAT5, assembled, 0.5 m FL CAT5 PATCH 0,5 2832263 10 Patch cable, CAT5, assembled, 2 m FL CAT5 PATCH 2,0 2832289 10 Patch cable, CAT5, assembled, 10 m FL CAT5 PATCH 10,0 2832629 10 Dust protection caps for RJ45 socket dust protection, color: black FL RJ45 PROTECT CAP 2832991 10 RJ45 connector, shielded, with bend protection sleeve, 2 pieces, gray for straight cables, for assembly on site. For connections that are not crossed, it is recommended that you use the connector set with gray bend protection sleeve. RJ45 connector, material: polycarbonate, color: gray FL PLUG RJ45 GR/2 2744856 1 RJ45 connector, shielded, with bend protection sleeve, FL PLUG RJ45 GN/2 2 pieces, green for crossed cables, for assembly on site. For connections that are crossed, it is recommended that the connector set with green bend protection sleeves is used. RJ45 connector, material: polycarbonate, color: green 2744571 1 Crimping pliers, for assembling the RJ45 plugs FL PLUG FL CRIMPTOOL RJ45..., for assembly on site 2744869 1 FO converter with SC duplex fiber optic connection FL MC EF 1300 MM SC (1300 nm), for converting 10/100Base-T(X) to multi-mode fiberglass (50/125 µm). Auto negotiation and auto MDI(X) function. Comprehensive link diagnostics DIN-rail mountable, 18 ... 30 V DC supply 2902853 1 Program and configuration memory, plug-in, 512 Mbyte SD FLASH 512MB 2988146 1 License for up to 250 additional VPN online connections FL MGUARD LIC VPN-250 2700193 1 License for up to 10 additional VPN online connections FL MGUARD LIC VPN-10 2700194 1 GSM UMTS antenna, with omnidirectional characteristic, PSI-GSM/UMTS-QB-ANT 2 m antenna cable with SMA round connector 2313371 1 Multiband mobile communication antenna with mounting bracket for outdoor installation, 5 m antenna cable with SMA circular connector, suitable for LTE/4G 2702273 1 107583_en_02 TC ANT MOBILE WALL 5M PHOENIX CONTACT 3 / 12 TC MGUARD RS2000/4000 4G VPN Accessories Type Order No. Pcs./Pkt. Mobile network antenna cable, 5 m in length, SMA (male) -> SMA (female), 50 ohm impedance PSI-CAB-GSM/UMTS- 5M 2900980 1 Mobile network antenna cable, 10 m in length, SMA (male) -> SMA (female), 50 ohm impedance PSI-CAB-GSM/UMTS-10M 2900981 1 Attachment plug with Lambda/4 technology as surge protection for coaxial signal interfaces. Connection: Male/female SMA connectors. CSMA-LAMBDA/4-2.0-BSSET 2800491 1 License for mGuard Secure VPN Client v11.x MGUARD SECURE VPN CLIENT LIC 2702579 1 Operation of the wireless system is only permitted when using accessories available from Phoenix Contact. The use of any other components can lead to the withdrawal of the operating license. You can find the approved accessories for this wireless system listed with the item at : phoenixcontact.net/product/2903586. 4 Technical data Supply Supply voltage range 11 V DC ... 36 V DC (via pluggable COMBICON screw terminal block) Typical current consumption < 320 mA (24 V DC) Max. current consumption < 1.8 A (at 11 V DC (incl. 3 x 125 mA for the outputs)) Electrical isolation VCC // PE Test voltage data interface/power supply 1 kV (50 Hz, 1 min.) Torque 0.56 Nm ... 0.79 Nm Only use devices with limited output voltage (U  36 V DC) and limited output current (I  2 A) as the external voltage source. 107583_en_02 PHOENIX CONTACT 4 / 12 TC MGUARD RS2000/4000 4G VPN Functions TC MGUARD RS4000 4G VPN TC MGUARD RS2000 4G VPN Management Web-based management, SNMP Web-based management, SNMP Firewall rules Configurable stateful inspection firewall with full scope of functions Simplified 2-click stateful inspection firewall Filtering MAC and IP addresses, ports, Incoming or outgoing traffic protocols Routing Standard routing, NAT, 1:1-NAT, port forwarding Standard routing, NAT, 1:1-NAT, port forwarding Number of VPN tunnels 10 (up to 250 tunnels with additional license as an option) 2 (fixed, Ipsec (IETF standard)) 1:1 Network Address Translation (NAT) in the VPN Supported Supported Encryption methods DES, 3DES, AES-128, -192, -256 DES, 3DES, AES-128, -192, -256 ESP tunnel / ESP transport Internet Protocol Security (IPsec) mode ESP tunnel / ESP transport Authentication X.509v3 certificates with RSA X.509v3 certificates with RSA or PSK or PSK Data integrity MD5, SHA-1 MD5, SHA-1 Dead peer detection (DPD) RFC 3706 RFC 3706 Ethernet interface, 10/100Base-T(X) in acc. with IEEE 802.3u TC MGUARD RS4000 4G VPN TC MGUARD RS2000 4G VPN Number of ports 6 4 Connection method RJ45 RJ45 Transmission speed 10/100 Mbps (auto negotiation) 10/100 Mbps (auto negotiation) Transmission length 100 m (shielded twisted pair) 100 m (shielded twisted pair) Test voltage 1 kV (50 Hz, 1 min.) 1 kV (50 Hz, 1 min.) Protocols supported TCP/IP, UDP/IP, FTP, HTTP TCP/IP, UDP/IP, FTP, HTTP Auxiliary protocols ARP, DHCP, PING (ICMP), SNMP V1, SMTP ARP, DHCP, PING (ICMP), SNMP V1, SMTP 107583_en_02 PHOENIX CONTACT 5 / 12 TC MGUARD RS2000/4000 4G VPN V.24 (RS-232) interface in acc. with ITU-T V.28, EIA/TIA-232, DIN 66259-1 Connection method D-SUB 9 plug Data format/encoding UART/NRZ: 8 Data, 1/2 Stop, None/Even/Odd Parity Serial transmission speed 9.6; 19.2; 38.4; 57.6; 115.2 kbps Transmission length 15 m Data flow control/protocols Software handshake, Xon/Xoff or hardware handshake RTS/CTS Wireless interface Interface description GSM / GPRS / EDGE / UMTS / HSPA / LTE (FDD) Antenna connection method SMA (female) Frequency 850 MHz (2 W (EGSM)) 900 MHz (2 W (EGSM)) 1800 MHz (1 W (EGSM)) 1900 MHz (1 W (EGSM)) 850 MHz (UMTS/HSPA B5) 900 MHz (UMTS/HSPA B8) 1900 MHz (UMTS/HSPA B2) 2100 MHz (UMTS/HSPA B1) 800 MHz (LTE B20) 850 MHz (LTE B5) 900 MHz (LTE B8) 1700 MHz (LTE B4) 1800 MHz (LTE B3) 1900 MHz (LTE B2) 2100 MHz (LTE B1) 2600 MHz (LTE B7) Data rate ≤ 150 Mbps (LTE (DL)) ≤ 50 Mbps (LTE (UL)) Antenna 50 Ω impedance SMA antenna socket SIM Interface 1.8 volt, 3 volt GPRS Class 12, Class B CS1 ... CS4 EDGE Multislot Class 10 UMTS HSPA 3GPP R9 LTE CAT4 Network check LED bar graph to display receive quality Digital input Number of inputs 3 Input signal, Voltage 10 V DC ... 30 V DC Input signal, Current 5 mA Digital output Number of outputs 3 Output signal, Voltage 10 V DC ... 30 V DC (depending on the operating voltage) Output signal, Current ≤ 125 mA (short-circuit-proof) 107583_en_02 PHOENIX CONTACT 6 / 12 TC MGUARD RS2000/4000 4G VPN General data Basic functions Router with intelligent firewall and VPN for 10 tunnels (up to 250 supported with optional additional license), CIFS Integrity Monitoring (as an option), metal housing, slot for SD memory card Degree of protection IP20 Degree of pollution 2 Dimensions (W/H/D) 45 mm x 130 mm x 114 mm Housing material Metal silver Free fall in acc. with IEC 60068-2-32 1m Vibration resistance in acc. with EN 60068-2-6/ IEC 60068-2-6 5g, 10...150 Hz, 2.5 h, in XYZ direction Shock in acc. with EN 60068-2-27/IEC 60068-2-27 Operation: 15g, 11 ms period, half-sine shock pulse Shock in acc. with EN 60068-2-27/IEC 60068-2-27 Storage: 30g, 11 ms period, half-sine shock pulse MTTF (mean time to failure) SN 29500 standard, temperature 25 °C, operating cycle 21 % (5 days a week, 8 hours a day) 532 Years MTTF (mean time to failure) SN 29500 standard, temperature 40 °C, operating cycle 34.25 % (5 days a week, 12 hours a day) 250 Years MTTF (mean time to failure) SN 29500 standard, temperature 40 °C, operating cycle 100 % (7 days a week, 24 hours a day) 104 Years Electromagnetic compatibility Conformance with EMC Directive 2014/30/EU Ambient conditions Ambient temperature (operation) -40 °C ... 60 °C Ambient temperature (storage/transport) -40 °C ... 70 °C Permissible humidity (operation) 5 % ... 95 % (non-condensing) Altitude 5000 m (for restrictions see manufacturer's declaration) Approvals / Certificates Conformance CE-compliant Free from substances that could impair the application of according to P-VW 3.10.7 57 65 0 VW-AUDI-Seat central coating standard Noxious gas test 107583_en_02 ISA-S71.04-1985 G3 Harsh Group A PHOENIX CONTACT 7 / 12 TC MGUARD RS2000/4000 4G VPN Conformance with EMC Directive 2014/30/EU Noise immunity according to EN 61000-6-2 Electrostatic discharge Electromagnetic HF field EN 61000-4-2 Contact discharge ± 6 kV (Test Level 3) Discharge in air ± 8 kV (Test Level 3) Comments Criterion B EN 61000-4-3 Frequency range Fast transients (burst) Surge current loads (surge) Field intensity 10 V/m Comments Criterion A EN 61000-4-4 Input ± 2.2 kV (Test Level 3) Signal ± 2.2 kV (Test Level 3) Comments Criterion B EN 61000-4-5 Input Conducted interference 80 MHz ... 3 GHz (Test Level 3) ± 0.5 kV (DC supply) Signal ± 1 kV (Data line, asymmetrical) Comments Criterion B EN 61000-4-6 Frequency range 0.15 MHz ... 80 MHz Voltage 10 V Comments Criterion A Emitted interference in acc. with EN 61000-6-4 Radio interference voltage in acc. with EN 55011 EN 55011 class A industrial area of application Emitted radio interference in acc. with EN 55011 EN 55011 class A industrial area of application Interference emission EN 61000-6-4 Criterion A Criterion B 107583_en_02 Normal operating behavior within the specified limits Temporary impairment of operating behavior that is corrected by the device itself PHOENIX CONTACT 8 / 12 TC MGUARD RS2000/4000 4G VPN 5 Use outside of Europe The devices are intended for use in Europe. If the required general conditions are met, use outside of Europe is possible. For an initial idea of which frequency bands are available in your country of use, visit www.frequencycheck.com. • • • Verify with your provider whether one of the following frequency bands is available: – LTE, CAT4, B1 – LTE, CAT4, B2 – LTE, CAT4, B3 – LTE, CAT4, B4 – LTE, CAT4, B5 – LTE, CAT4, B7 – LTE, CAT4, B8 – LTE, CAT4, B20 Verify with your provider whether there is network coverage at the installation location. Verify with your provider whether the device is approved for operation at the installation location. 107583_en_02 PHOENIX CONTACT 9 / 12 TC MGUARD RS2000/4000 4G VPN 6 Function The TC MGUARD RS4000 4G VPN supports highavailability high-end security. It creates a remote maintenance infrastructure for the secure connection of machines and systems. For maximum availability, an additional external network is supported redundantly alongside the internal network (LAN) and the external network (WAN) in the form of the mobile phone interface. The integrated 4-port switch offers management functions and supports EtherNet/IP™. – Firmware with extended scope of functions – Meets the security requirements for remote access applications with parallel integration of machines and systems into higher-level networks – Managed 4-port switch – Two parallel interfaces for external networks: mobile phone and Ethernet (WAN) – DMZ port – Up to 10 parallel VPN tunnels (up to 250 possible with additional license as an option) – CIFS Integrity Monitoring (optional)   The TC MGUARD RS2000 4G VPN is designed for applications with fewer complex requirements. The device acts as an industrial remote service router with a simplified configuration. The integrated 4-port switch saves space on the DIN rail. – Basic security router with reduced complexity – 4-port switch – RS-232 interface with COM server function for integrating serial devices – Simplified 2-click stateful inspection firewall – Two VPN connections (cannot be extended) Both versions have all the necessary standard functions for operating a flexible and robust Ethernet network. Serial device server The integrated COM server function is used to integrate RS-232 interfaces into Ethernet networks. This provides an easy way of implementing functions such as cable replacement or network integration. – Cable replacement: two devices in combination tunnel serial connections via Ethernet. – Network integration: you can integrate automation devices such as controllers or frequency inverters into a network using corresponding programming and diagnostics software. Device Manager The Device Manager simplifies the management of mGuard security appliances. The tool features a template mechanism that enables the user to configure and manage all mGuard devices centrally – from a few hundred devices to several thousand. 107583_en_02 PHOENIX CONTACT 10 / 12 TC MGUARD RS2000/4000 4G VPN 7 Product description The 4G devices have two antenna connections. To achieve optimum LTE reception, always connect two antennas for 4G devices. 1 2       1   2 3 4   5 6 7   14 8 9 15 10 11 Figure 1 12 13 Operating elements 16 3 4 5 - 8 9 10                   11 12 13 14 15 16 107583_en_02 Reset button Diagnostics and status indicators P1, P2 Green On Supply voltage present STAT Green Flashing Heartbeat - the device is correctly connected and operating. ERR Red Flashing Software system error - please restart. MOD Green On Package data connection is established via mobile phone. FAULT Red On Fault: Signal output 01 open INFO 1, Green On The configured VPN INFO 2 connection has been established. WAN port (only MGUARD RS 4000) DMZ port (only MGUARD RS 4000) LAN ports (protected) Slot for optional memory card Status LEDs Display of reception quality as bar graph   Yellow/ On Very good network green/ reception green   Yellow/ On Good network green reception   Yellow On Adequate network reception     OFF Extremely poor or no network reception SIM 1 Green On SIM card 1 active     Flashing No PIN entered SIM 2 Green On SIM card 2 active     Flashing No PIN entered RSMA antenna socket (GPS) SMA antenna connector 1, primary antenna (mobile network) SMA antenna connector 2, secondary antenna (mobile network) RS-232 interface Slot for SIM card 1 Slot for SIM card 2 PHOENIX CONTACT 11 / 12 TC MGUARD RS2000/4000 4G VPN 8 Application example  Secure remote maintenance concepts from Phoenix Contact offer the following advantages: – Availability regardless of location – Reduced travel costs and downtimes – Greater customer loyalty, thanks to a high level of service quality – Less expense linked to warranties – Fewer devices, as remote maintenance, routing, and firewall are combined in a single device – Operator network protected against unauthorized access – No security problems associated with the theft of equipment – Same level of administration required, even if the number of machines increases – The user alone enables remote maintenance – Easy machine integration in customer networks – Fast resolution of IP address conflicts – Machines are protected from the operator network and vice versa – No adaptation of machines and systems, no software required 107583_en_02 PHOENIX CONTACT GmbH & Co. KG • 32823 Blomberg • Germany phoenixcontact.com 12 / 12