EDR-G9004 Series
2 Gigabit copper + 2 Gigabit copper/SFP combo port industrial secure routers
Features and Benefits
• 4-port Gigabit all-in-one firewall/NAT/VPN/router/switch
• Gen3 LAN Bypass for system fault tolerance
• Dual WAN redundant interfaces through public networks
• Industrial-grade Intrusion Prevention/Detection System (IPS/IDS)
• Visualize OT security with the MXsecurity management software
• Secure remote access tunnel with VPN
• Examine industrial protocol data with Deep Packet Inspection (DPI)
technology
• Easy network setup with Network Address Translation (NAT)
• Security features based on IEC 62443/NERC CIP
• Supports secure boot for checking system integrity
• -40 to 75°C operating temperature range (-T model)
Certifications
Introduction
The EDR-G9004 Series is a set of highly integrated industrial multi-port secure routers with firewall/NAT/VPN functions. These devices are
designed for Ethernet-based security applications in critical remote control or monitoring networks. These secure routers provide an electronic
security perimeter to protect critical cyber assets including substations in power applications, pump-and-treat systems in water stations,
distributed control systems in oil and gas applications, and PLC/SCADA systems in factory automation. Furthermore, with the addition of IDS/IPS,
the EDR-G9004 Series is an industrial next-generation firewall, equipped with threat detection and prevention capabilities to further protect critical
infrastructure from cybersecurity attacks.
Defend Against Malicious Threats With Advanced Cybersecurity Features
The EDR-G9004 Series’ embedded firewall uses policy rules to control network traffic between trusted zones while Network Address Translation
(NAT) shields the internal network from unauthorized access by outside hosts. The Virtual Private Networking (VPN) functionality further provides
users with secure communication tunnels when accessing the private network from the public Internet. To help protect your OT assets from
cyberattacks, the EDR-G9004 Series supports Deep Packet Inspection (DPI) to examine the data portion of network packets for various OT-
specific protocols.
Simplify Configurations With the User-friendly Interface and Quick Settings
The EDR-G9004 Series’ Setup Wizard provides an easy way for users to set up WAN, LAN, and Bridge ports for routing functionality in just four
steps. In addition, the object-based firewall management feature gives engineers a simple way to configure and maintain firewall filtering for IP
addresses and subnets, network services, industrial application services, and user-defined services.
Industrial-grade Design to Ensure Uninterrupted Network Connectivity
The EDR-G9004 Series’ rugged hardware makes these secure routers ideal for harsh industrial environments, featuring wide-temperature models
that are built to operate reliably in hazardous conditions and extreme temperatures of -40 up to 75°C. Moreover, the EDR-G9004 Series supports
WAN, Layer 3 redundancy mechanisms, and Gen3 LAN Bypass fault tolerance to ensure that your network stays connected at all times.
Virtual Patching and Intelligent Threat Protection
Patching remains a major challenge in OT environments because OT applications cannot afford interrupting operations by shutting down systems
to apply patches. Virtual patching technology can help complement existing patch management processes by shielding known and unknown
vulnerabilities. In addition, the EDR-G9004 features intelligent IPS functionality for continuous protection against cyberthreats which uses pattern-
based detection to identify and block known attacks.
1 www.moxa.com
�Specifications
Input/Output Interface
Alarm Contact Channels Resistive load: 1 A @ 24 VDC
Buttons Reset button
Digital Input Channels +13 to +30 V for state 1
-30 to +3 V for state 0
Max. input current: 8 mA
Ethernet Interface
10/100/1000BaseT(X) Ports (RJ45 connector) 2 (with Gen3 LAN Bypass)
Combo Ports (10/100/1000BaseT(X) or 1000/ 2
2500BaseSFP)
Standards IEEE 802.3 for 10BaseT
IEEE 802.3u for 100BaseT(X)
IEEE 802.3ab for 1000BaseT(X)
IEEE 802.3z for 1000BaseSX/LX/LHX/ZX
IEEE 802.3bz for 2.5GBaseX
IEEE 802.3x for flow control
IEEE 802.1Q for VLAN Tagging
Ethernet Software Features
Management Back Pressure Flow Control
DDNS
DHCP Server/Client
Web Console (HTTP/HTTPS)
LLDP
QoS/CoS/ToS
SNMPv1/v2c/v3
Telnet
TFTP
HTTPS
SSH
Routing Throughput: 350K packets per second (max. 1500 Mbps)
Routing Table Max. 4K routing rules
Concurrent Connections Max. 400K
Connections Per Second Max. 20K
Routing Redundancy VRRP
Security Secure Boot
IPsec
L2TP (server)
RADIUS
Trust access control
Time Management NTP Server/Client
SNTP
Unicast Routing OSPF
RIPV1/V2
Static Route
Switch Properties
VLAN ID Range VID 1 to 4094
Max. No. of VLANs 16
2 www.moxa.com
�LED Interface
LED Indicators PWR1, PWR2, STATE, BYPASS, WAN/DMZ, VRRP/HA, VPN, USB
DoS and DDoS Protection
Technology ARP-Flood
FIN Scan
ICMP-Death
NEWWithout-SYN Scan
NMAP-ID Scan
NMAP-Xmas Scan
Null Scan
SYN/FIN Scan
SYN/RST Scan
SYN-Flood
Xmas Scan
Firewall
Filter DDoS
Ethernet protocols
ICMP
IP address
MAC address
Ports
Stateful Inspection Router firewall
Transparent (bridge) firewall
Deep Packet Inspection Modbus TCP
Modbus UDP
DNP3
IEC 60870-5-104
IEC 61850 MMS
Additional protocols will be supported through future firmware updates.
Intrusion Prevention System Requires an additional license.
Throughput Max. 350K packets per second (max. 1500 Mbps)
IPsec VPN
Authentication MD5 and SHA (SHA-256)
RSA (key size: 1024-bit, 2048-bit)
X.509 v3 certificate
Concurrent VPN Tunnels Max. 250 IPsec VPN tunnels
Encryption DES
3DES
AES-128
AES-192
AES-256
Protocols IPsec
L2TP (server)
PPTP (client)
Throughput Max. 300 Mbps (Conditions: AES-256, SHA-256)
NAT
Features 1-to-1
N-to-1
NAT loopback
Port forwarding
3 www.moxa.com
�Real-Time Firewall / VPN Event Log
Event Type Firewall event
VPN event
Media Local storage
SNMP Trap
Syslog server
Serial Interface
Console Port RS-232 (TxD, RxD, GND), 3-pin (115200, n, 8, 1)
Connector USB Type-C
Power Parameters
Connection Removable terminal block
Input Voltage 12/24/48 VDC
Input Current 1.51 A @ 12 VDC
0.70 A @ 24 VDC
0.35 A @ 48 VDC
Reverse Polarity Protection Supported
Physical Characteristics
Housing Metal
Dimensions 45 x 135 x 105 mm (1.77 x 5.31 x 4.13 in)
Weight 750 g (1.65 lb)
Installation DIN-rail mounting (DNV-certified)
Wall mounting (with optional kit)
Environmental Limits
Operating Temperature Standard Models: -10 to 60°C (14 to 140°F)
Wide Temp. Models: -40 to 75°C (-40 to 167°F)
Storage Temperature (package included) -40 to 85°C (-40 to 185°F)
Ambient Relative Humidity 5 to 95% (non-condensing)
Standards and Certifications
Safety IEC 62368-1
UL 62368-1
IEC 60950-1
UL 60950-1
EMC EN 55032/35
EMI CISPR 32, FCC Part 15B Class A
EMS IEC 61000-4-2 ESD: Contact: 8 kV; Air: 15 kV
IEC 61000-4-3 RS: 80 MHz to 1 GHz: 20 V/m
IEC 61000-4-4 EFT: Power: 4 kV; Signal: 4 kV
IEC 61000-4-5 Surge: Power: 2 kV; Signal: 4 kV
IEC 61000-4-6 CS: 10 V
IEC 61000-4-8 PFMF
Railway EN 50121-4
Traffic Control NEMA TS2
Maritime IEC 60945
DNV
4 www.moxa.com
�Power Substation IEEE 1613
IEC 61850-3 Edition 2.0
Hazardous Locations ATEX
Class I Division 2
Shock IEC 60068-2-27
Freefall IEC 60068-2-32
Vibration IEC 60068-2-6
MTBF
Time 1,000,000 hrs
Standards Telcordia (Bellcore), GB
Warranty
Warranty Period 5 years
Details See www.moxa.com/warranty
Package Contents
Device 1 x EDR-G9004 Series secure router
Cable 1 x DB9 female to USB Type-C
Installation Kit 4 x cap, plastic, for RJ45 port
2 x cap, plastic, for SFP slot
Documentation 1 x quick installation guide
1 x warranty card
Note SFP modules need to be purchased separately for use with this product.
5 www.moxa.com
�Dimensions
DIN-rail Mount
Wall Mount
6 www.moxa.com
�Ordering Information
10/100/
10/100/
1000BaseT(X)
1000BaseT(X) Conformal Operating
Model Name or 1000/ Firewall NAT VPN Input Voltage
Ports (RJ45 Coating Temp.
2500BaseSFP
Connector)
Combo Ports
EDR-G9004-VPN-
2 2 ✓ ✓ ✓ 12/24/48 VDC – -10 to 60°C
2MGTXSFP
EDR-G9004-VPN-
2 2 ✓ ✓ ✓ 12/24/48 VDC – -40 to 75°C
2MGTXSFP-T
EDR-G9004-VPN-
2 2 ✓ ✓ ✓ 12/24/48 VDC ✓ -10 to 60°C
2MGTXSFP-CT
EDR-G9004-VPN-
2 2 ✓ ✓ ✓ 12/24/48 VDC ✓ -40 to 75°C
2MGTXSFP-CT-T
Accessories (sold separately)
Storage Kits
ABC-02-USB Configuration backup and restoration tool, firmware upgrade, and log file storage tool for managed
Ethernet switches and routers, 0 to 60°C operating temperature
ABC-02-USB-T Configuration backup and restoration tool, firmware upgrade, and log file storage tool for managed
Ethernet switches and routers, -40 to 75°C operating temperature
SFP Modules
SFP-1G10ALC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX
1310 nm, RX 1550 nm, 0 to 60°C operating temperature
SFP-1G10ALC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX
1310 nm, RX 1550 nm, -40 to 85°C operating temperature
SFP-1G10BLC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX
1550 nm, RX 1310 nm, 0 to 60°C operating temperature
SFP-1G10BLC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX
1550 nm, RX 1310 nm, -40 to 85°C operating temperature
SFP-1G20ALC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX
1310 nm, RX 1550 nm, 0 to 60°C operating temperature
SFP-1G20ALC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX
1310 nm, RX 1550 nm, -40 to 85°C operating temperature
SFP-1G20BLC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX
1550 nm, RX 1310 nm, 0 to 60°C operating temperature
SFP-1G20BLC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX
1550 nm, RX 1310 nm, -40 to 85°C operating temperature
SFP-1G40ALC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX
1310 nm, RX 1550 nm, 0 to 60°C operating temperature
SFP-1G40ALC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX
1310 nm, RX 1550 nm, -40 to 85°C operating temperature
SFP-1G40BLC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX
1550 nm, RX 1310 nm, 0 to 60°C operating temperature
SFP-1G40BLC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX
1550 nm, RX 1310 nm, -40 to 85°C operating temperature
SFP-1GEZXLC SFP module with 1 1000BaseEZX port with LC connector for 110 km transmission, 0 to 60°C operating
temperature
SFP-1GEZXLC-120 SFP module with 1 1000BaseEZX port with LC connector for 120 km transmission, 0 to 60°C operating
temperature
SFP-1GLHLC SFP module with 1 1000BaseLH port with LC connector for 30 km transmission, 0 to 60°C operating
temperature
SFP-1GLHLC-T SFP module with 1 1000BaseLH port with LC connector for 30 km transmission, -40 to 85°C operating
temperature
7 www.moxa.com
�SFP-1GLHXLC SFP module with 1 1000BaseLHX port with LC connector for 40 km transmission, 0 to 60°C operating
temperature
SFP-1GLHXLC-T SFP module with 1 1000BaseLHX port with LC connector for 40 km transmission, -40 to 85°C
operating temperature
SFP-1GLSXLC SFP module with 1 1000BaseLSX port with LC connector for 1km/2km transmission, 0 to 60°C
operating temperature
SFP-1GLSXLC-T SFP module with 1 1000BaseLSX port with LC connector for 1km/2km transmission, -40 to 85°C
operating temperature
SFP-1GLXLC SFP module with 1 1000BaseLX port with LC connector for 10 km transmission, 0 to 60°C operating
temperature
SFP-1GLXLC-T SFP module with 1 1000BaseLX port with LC connector for 10 km transmission, -40 to 85°C operating
temperature
SFP-1GSXLC SFP module with 1 1000BaseSX port with LC connector for 300m/550m transmission, 0 to 60°C
operating temperature
SFP-1GSXLC-T SFP module with 1 1000BaseSX port with LC connector for 300m/550m transmission, -40 to 85°C
operating temperature
SFP-1GZXLC SFP module with 1 1000BaseZX port with LC connector for 80 km transmission, 0 to 60°C operating
temperature
SFP-1GZXLC-T SFP module with 1 1000BaseZX port with LC connector for 80 km transmission, -40 to 85°C operating
temperature
SFP-1GTXRJ45-T SFP module with 1 1000BaseT port with RJ45 connector for 100 m transmission, -40 to 75°C operating
temperature
SFP-2.5GSLC-T SFP module with 1 2.5GBaseFX port with LC connector, single-mode, for 5 km transmission, -40 to 85
°C operating temperature
SFP-2.5GMLC-T SFP module with 1 2.5GBaseFX port with LC connector, multi-mode, for 170, 200, 550, 600 m
transmission, -40 to 85 °C operating temperature
SFP-2.5GSLHLC-T SFP module with 1 2.5GBaseFX port with LC connector, single-mode, for 45 km transmission, -40 to
85 °C operating temperature
SFP-2.5GLSLC-T SFP module with 1 2.5GBaseFX port with LC connector, single-mode, for 20 km transmission, -40 to
85 °C operating temperature
Mounting Kits
WK-35-01 Wall-mounting kit with 2 plates (35 x 44 x 2.5 mm) and 6 screws
Software
MXview-50 MXview license for 50 nodes
MXview-100 MXview license for 100 nodes
MXview-250 MXview license for 250 nodes
MXview-500 MXview license for 500 nodes
MXview-1000 MXview license for 1000 nodes
MXview-2000 MXview license for 2000 nodes
MXview Upgrade-50 MXview license expansion for 50 nodes
LIC-MXsecurity-NEW-1Y-XN-SR 1-year MXsecurity license with customizable node quantity (minimum 1 node)
LIC-MXsecurity-NEW-XM-XN-DMR MXsecurity license with customizable duration and node quantity (minimum 1 month, minimum 1
node)
LIC-MXsecurity-RENEW-1Y-XN-SR 1-year MXsecurity renewal license with customizable node quantity (minimum 1 node)
LIC-MXsecurity-RENEW-XM-XN- MXsecurity renewal license with customizable duration and node quantity (minimum 1 month,
DMR minimum 1 node)
LIC-MXsecurity-ADD-1Q-XN-SR 3-month MXsecurity add-on license with customizable node quantity (minimum 1 node)
LIC-MXsecurity-ADD-2Q-XN-SR 6-month MXsecurity add-on license with customizable node quantity (minimum 1 node)
LIC-MXsecurity-ADD-3Q-XN-SR 9-month MXsecurity add-on license with customizable node quantity (minimum 1 node)
LIC-MXsecurity-ADD-4Q-XN-SR 1-year MXsecurity add-on license with customizable node quantity (minimum 1 node)
8 www.moxa.com
�LIC-MXsecurity-ADD-XM-XN-DMR MXsecurity add-on license with customizable duration and node quantity (minimum 1 month, minimum
1 node)
LIC-IPS-MXsecurity-NEW-1Y-XN-SR 1-year IPS license for MXsecurity with customizable node quantity (minimum 1 node)
LIC-IPS-MXsecurity-NEW-XM-XN- IPS license for MXsecurity with customizable duration and node quantity (minimum 1 month, minimum
DMR 1 node)
LIC-IPS-MXsecurity-RENEW-1Y-XN- 1-year IPS renewal license for MXsecurity with customizable node quantity (minimum 1 node)
SR
LIC-IPS-MXsecurity-RENEW-XM-XN- IPS renewal license for MXsecurity with customizable duration and node quantity (minimum 1 month,
DMR minimum 1 node)
LIC-IPS-MXsecurity-ADD-1Q-XN-SR 3-month IPS add-on license for MXsecurity with customizable node quantity (minimum 1 node)
LIC-IPS-MXsecurity-ADD-2Q-XN-SR 6-month IPS add-on license for MXsecurity with customizable node quantity (minimum 1 node)
LIC-IPS-MXsecurity-ADD-3Q-XN-SR 9-month IPS add-on license for MXsecurity with customizable node quantity (minimum 1 node)
LIC-IPS-MXsecurity-ADD-4Q-XN-SR 1-year IPS add-on license for MXsecurity with customizable node quantity (minimum 1 node)
LIC-IPS-MXsecurity-ADD-XM-XN- IPS add-on license for MXsecurity with customizable duration and node quantity (minimum 1 month,
DMR minimum 1 node)
LIC-IPS-DEVICE-NEW-1Y-1N-MR 1-year device-based IPS license
LIC-IPS-DEVICE-RENEW-1Y-1N-MR 1-year device-based IPS renewal license
© Moxa Inc. All rights reserved. Updated Mar 03, 2023.
This document and any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of
Moxa Inc. Product specifications subject to change without notice. Visit our website for the most up-to-date product information.
9 www.moxa.com
