Firewalls and Router
Maximum security for industrial networks


Firewalls and Router - IRF2000 series

Phone: +49 7022 2522-200
Start product request

2200 2220 2601 2621
4G/LTE module
DNV GL certified
(As an option)
GPS Modul
(As an option)
Basic equipment
Housing Rugged aluminium die-cast case for top hat rail mounting VESA75
Ethernet connections LAN + WAN than 2x RJ45 1000BaseTX FD (IRF22xx), 6x RJ45 1000BaseTX FD (IRF26xx)
Power supply 1 x 24 V DC (7..36 V)
max. 600mA at 24 V DC
Cut&Alarm The network access side (WAN) is physically separable and correspond to the disconnection of the network connector
24V input – for activation of Cut (external) & Alarm function, for example, with a SPS or per key switch (max. 10mA)
24V output – alarm output for status signaling to a SPS or display (max. 1000mA)
VPN Key & Up 24 V VPN Key input signal for triggering VPN connections. (max 10mA)
24 V VPN Up output signal for signaling a working VPN channel (max. 1000mA)
SCM-Card Slot for ADS-TEC memory- and smartcards
USB 2.0 Port External USB 2.0 plug for connecting USB serial converter RS232 or RS485 with FDTI, CP210 or PL2303 chip sets which can be controlled from Java / OSGi.
Configuration Configuration via webinterface (HTTP, HTTPS) and SNMP
Interface for central configuration with IDA light management software
Operating temperature -20°C to +70°C
Storage temperature -40°C to +85°C
Humidity 5 to 90% without condensation
Protection class IP 20 for switching cabinet mounting
Vibration DIN EN 60068-2-6
Shock DIN EN 60068-2-29
(W x H x D)
IRF2200 140mm x 163mm x 35mm (57mm as DNV GL variant)
IRF2220 140mm x 170mm x 35mm (57mm as DNV GL variant)
IRF2601 140mm x 163mm x 57mm
IRF2621 140mm x 170mm x 57mm
DSL Unit can be connected via any port to a DSL modem
PPPoE access data can be configured
Mobile radio wireless modules 4G/LTE Integrated 4G/LTE module for high-speed Internet access via radio
Can be configured as redundant / fail-safe uplink
DynDNS Enables the automatic registration of a dynamic IP address with service via Internet dial-up
VPN Supports two different VPN protocols:
OpenVPN: Layer2 (ethernet) and Layer3 (IP) transport with SSL-based encryption. Support for tunneling via HTTP proxy and packet filtering
IPsec: Standard IPsec encryption with 1:1 NAT support and data filtering
Firewall in two operating modes Routing mode with statefull filtering of IPv4 traffic on both physical interfaces WAN and LAN
The transparent mode (bridged) connects the WAN adapter directly to the LAN network and enables additional filtering on Layer 2, based on ethernet criteria via VLAN, MAC addresses or protocol
Eventlog/Syslog Eventlog can be sent to syslog server
Eventlog can be sent to an email address periodically
Eventlog visible via webinterface
Packet Filter Enables the use of pre-defined rulesets for standard communication requirements and an easy controlled production of new filter sets
DHCP Server DHCP server on WAN and/or LAN interface, DNS and gateway are taken over dynamically if an interface is configured as DHCP client
DHCP Relay Enables the transmission of all DHCP queries to a central DHCP server
Modbus TCP The Modbus/TCP interface enables the control of the device by a PLC. Following functions are imaged in the registers:
Cut & Alarm, status request & acknowledgment
IPsec, on/off switchable generally
OpenVPN, separate status request and activation / deactivation of the 10 possible OpenVPN connections
Client Monitoring Monitoring of TCP/IP terminals by means of ICMP:
Limit values for packetloss and delay are configurable
In case of violation of the limit values an eventlog input is generated
An email can be sent
CUT or ALARM can be released
Remote Capture Remote capture interface for usage with Wireshark. Allows packet analysis with Wireshark through „rpcapd“
With this feature you can use every interface on the firewall as a remote capture interface on an additional diagnostics Windows PC
X.509 Certificate Management Separate certificate management for verification of the validity of all existing certificates
Upload function for client, CA and CRL certificates
Preinstalled set at demo-certificates for quick function tests
SCEP for automated certificate enrollment
Webinterface Online help tooltips for all important options
German/English language support
Access via HTTP/HTTPS is configurable freely for any interface, access violations may be logged
Configurable HTTPS certificate
HTTP access can be deactivated
Free definition of unlimited user accounts with detailed access (write) control for any configuration option

Optionen: IRF2000 Serie

IRF2000 series
Java/OSGi Extension Software license, the device switches free for a rechargeable JavaVM to Java 1.3 specification, as well as large parts of Java 1.4, 1.5 and 1.6. including Equinox OSGi Framework 3.8.2. For Java environment and your own application and data are un ~ 110 MB of RAM and ~ 55MB SLC NAND Flash ready.
Big-LinX Remote Maintenance Portal for VPN-Router and Service
Memory card The entire configuration is stored on ADS-TEC memory cards
This allows simple device replacement
The device reads the configuration automatically
Big-LinX Smartcard Access Card for Big-LinX Remote Maintenance Portal
UMTS/3G/LTE -Integrated UMTS/HSPA/3G/LTE-Karte
-Modem option
-Peak download rate 100 Mbit/s
-Peak uplink rate of 50 Mbit/s
-LTE 800/900/1800/2100/2600Mhz
-WCDMA 850/1900/2100MHz
-GSM/GPRS/EDGE 850/900/1800/1900MHz
-FCC, IC, CE, GCF, PTCRB, A-Tick, AT & T, Telstra, NTT, DoCoMo, Softbank, Bell