Security routers for the distributed protection and secure remote maintenance of production or machine cells

FL MGUARD 1100, 2100, and 4300 security routers Protect your industrial network

Thanks to comprehensive security functions, the mGuard security routers protect your industrial network against unauthorized access by people or malware. The proven mGuard security technology enables you to control and safeguard communication within your production network.

The central management software, mGuard Device Manager, enables easy and efficient system configuration, maintenance, and operation, especially when a large number of mGuard security routers are installed. Thanks to a wide variety of product versions, we offer the right product for every application.

Your advantages:

  • High level of security through proven mGuard security technology and over 20 years of experience in cybersecurity
  • Security is part of the entire product lifecycle – from the certified development process in accordance with IEC 62443-4-1 to the integration of important security functions
  • mGuard devices have low vulnerability due to hardening and the application of secure-by-design principles
  • Long-term software maintenance and high security through timely updates enable many years of use
  • PSIRT monitors vulnerabilities on a daily basis. They are evaluated and eliminated based on the severity of the problem

Product features

Interactive image map: Product features of mGuard
Unrestricted data flow within your network
Due to the high processing speed, the mGuard security router achieves a data throughput of almost 1,000 Mbps. The mGuard product family guarantees the highest level of security without imposing any restrictions on data traffic.
Protection against unwanted communication and access
The security routers in the mGuard product family provide a firewall that filters data traffic in the network. Unwanted communication and accidental access to network devices are blocked. You yourself can define which applications or protocols are desired and which devices may send data packets.
Easy integration of machines or subnetworks
Network Address Translation (NAT) translates existing IP addresses very easily. Changes do not need to be made to the machine network. The use of NAT masquerading reduces the number of individual IP addresses used, which are in scarce supply, as all devices in the subnet that are located behind an mGuard security router communicate via one address.
Protection against network overload
Network segmentation is used to control and manage communication between the individual segments. Network segments are protected against high traffic volumes, network overload, and unwanted access.
Protection of existing networks
In Stealth mode, you can easily retrofit the mGuard security routers into an existing network without making changes to the network. By using the mGuard devices as a dedicated security component, other network components are also protected reliably without having to constantly update them or install patches for the latest security standards.
Secure remote access via the Internet or public networks
Secure remote communication via any network thanks to encrypted VPN communication. A firewall function in the VPN tunnel additionally increases security.

Applications Secure industrial OT networks with the mGuard security routers

With the mGuard security routers, you can easily integrate machines into any production network while optimally protecting the network against unwanted communication and manipulation.

Production hall
Networked system
Man with tablet using remote communication
Production hall

The mGuard security routers provide optimum protection for networked production. As part of a “defense in depth” security strategy, the mGuard devices are positioned upstream of individual production or machine cells. Communication from the production network into or out of individual production and machine cells is reduced.

Routing and NAT functions allow you to optimally adjust the firewall in the respective application scenario. With the option of managing mGuard devices centrally via the mGuard Device Manager, the mGuard devices are also ideally suited for integrating OT security into IT security infrastructure.

Networked system

In the case of an existing system, there is often a requirement that existing network structures are not changed. The creation of subnetworks should be prevented in order to avoid the high effort required to assign new addresses to the individual network devices.

Stealth mode on the mGuard security routers enables you to easily retrofit your network. All the firewall features of the mGuard devices are available to you without restriction. Even non-patchable systems can thus be easily protected by the mGuard security router. By using the mGuard devices as a dedicated security component, other network components are protected reliably.

Man with tablet using remote communication

In addition to protecting networked production, you can also use the 2000 and 4000 series mGuard devices to connect external service technicians and data centers. Encrypted communication is performed via VPN connections.

Permanently established static VPN connections are often used to connect data centers. While an intermediate station is usually required in order to connect to external service technicians. This is where the mGuard Secure Cloud comes in handy as a remote maintenance platform. It enables service technicians to dial directly into a machine.

Overview of the FL MGUARD 1100, 2100, and 4300

The FL MGUARD 1100 security router is optimized for the secure networking and integration of subnetworks such as machine networks or system segments within a production network. With functions such as the integrated Firewall Assistant, the 1000 series devices enable easy and supported firewall configuration.

Thanks to secure VPN access, the 2000 series mGuard security routers enable easy remote maintenance of machines and systems. The devices are ideal for machine builders and system manufacturers who require fast integration into the production network in addition to secure remote maintenance.

The 4000 series mGuard devices are primarily aimed at system operators for whom the efficient management of many mGuard security appliances in their system is also important in addition to the security of their OT network infrastructure. The intelligent firewall with extended functions allows you to easily configure and implement comprehensive security rules in complex network structures.

Functions in detail

Direct comparison of the products

FL MGUARD 4302/4305
FL MGUARD 2102/2105
FL MGUARD 1102/1105
FL MGUARD 4302/4305

FL MGUARD 2102/2105

FL MGUARD 1102/1105

Temperature range -40°C … +60°C -20°C … +60°C 0°C … +60°C
Firewalling by IP/port groups 12 V DC ... 36 V DC 12 V DC ... 36 V DC 18 V DC ... 32 V DC
Integrated switch FL mGuard 4302: no | FL mGuard 4305: 3-port managed FL mGuard 2102: no | FL mGuard 2105: 4-port managed FL mGuard 1102: no | FL mGuard 1105: 4-port managed
DMZ port (third network zone) FL mGuard 4302: no | FL mGuard 4305: yes no no
NAT functions
IP masquerading yes yes yes
Port forwarding yes yes yes
1:1 NAT yes yes yes
Firewall functions
Stateful inspection firewall yes yes yes
Firewalling by IP/port groups yes no no
Firewalling based on DNS name yes no no
Conditional firewall (simple switching of firewall rules) yes no no
Firewall Assistant no no yes
Non-blocking validation of the configuration in test mode no no yes
Easy Protect Mode protection without configuration no no yes
Network
Router mode yes yes yes
Stealth mode yes yes yes
Network services
DHCP yes yes yes
DNS yes yes yes
NTP yes yes yes
SNMP (server) yes yes yes
To the product list To the product list To the product list
Padlock with security text

Cybersecurity is the prerequisite for a reliable network

More information on industrial security

Industrial cybersecurity protects networked industrial systems and plants from attacks, data espionage, failures due to viruses, malware, and misuse. After all, cyberattacks and malware can cause a great deal of damage, from loss of know-how, images, and data to expensive downtime and personnel costs for correcting damage, all the way to high ransom demands.

That’s why we provide security routers and industrial firewalls that are specifically designed to meet the needs of industry and monitor data traffic in the network. Only the data traffic you want is allowed; unauthorized access attempts are blocked. This increases the availability of your systems.