Triconex Tofino Firewall - Invensys

FEATURES• Triconex Tofino Firewall permits only thosetypes of network traffic required for correctsystem operation. All other unnecessarytraffic is blocked.• Tracks OPC (OLE for Process Control) clientrequests to Tricon 4353 OPC server anddynamically opens only the minimumrequired TCP ports in the Triconex TofinoFirewall for data connections.• All traffic that is permitted through theTriconex Tofino Firewall is rate-limited toprevent overload of the TriconCommunications Module.• All security events, including blockednetwork traffic, are logged on the appliancefor subsequent analysis.Figure 2: Triconex Tofino Firewall protecting the Tricon• Security event logs may be offloaded via USBstorage device.• Pre-configured − no configuration requiredfor most Tricon installations.• 10/100BaseT network interfaces − directconnection to TCM models 4351A, 4351B,and 4353.• Plug and play installation − no changes required to external equipment,network design or network IP addresses.SPECIFICATIONSNetwork Interfaces• Two 10/100 Base T Ethernet twisted-pair interfaces − “Trusted” (closed padlock symbol) and“Untrusted” (open padlock symbol).• “Trusted” network interface connects to 10/100BaseT interface on Tricon 4351A, 4351B and 4353Communications Module.• “Untrusted” network interface connects to external control interface.• Network link speed and duplex auto-negotiated with link partner.• Auto-MDX adapts to straight-through or cross-over connections.Permitted network traffic• Tricon protocols: TSAA, TriStation, TMI, Downloader, Control (Time Sync), Peer-to-Peer• Modbus TCP (master and slave)• Simple Network Time Protocol (SNTP) (Tricon client, external server)• Network printer access (Tricon client to external print server)• OPC (bidirectional)• ICMP ‘ping’ (echo request) – incoming only• Address Resolution Protocol (ARP)• Incoming traffic rate limit: 5,000 packets per second• Port numbers are adjustable via Triconex Tofino Firewall Configuration Utility to match anycustom TCM configuration

Power• 9-32VDC; 24VDC nominal• 170mA typical, 350mA max. at 24VDC• Dual redundant power inputs; 24-12AWG screw cage terminals• Dual power-fail indicator digital inputs (security event log entry generated on state change)EMI Radiation and Immunity• EN 55022 Class A• EN 61000-4-2, EN 61000-4-3Environmental• Operating temperature: -40°C to +70°C• Storage temperature: -40°C to +85°C• Relative humidity: 10%-90% ( non-condensing)Vibration and Shock• IEC 60068-2-6: 1g @ 20-500Hz• IEC 60068-2-27: 30g for 11ms shock• EN 61326: EMC Annex A• EN 61010-1Mechanical• Protection Class: IP20• Mounting: 35mm DIN rail• Dimensions (mm): 42W x 146H x 138D• Weight: 290gCertifications• Class I, Div 2 hazardous environments• CE mark (EMC compatibility)• MUSIC 2009-1 security certification (Foundation level)• Certified Modbus compliant by Modbus-IDANOTESEach Triconex Tofino Firewall provides protection for a single 10/100BaseT network interface.One Triconex Tofino Firewall is required for each TCM network interface to be protected.