Utility CommunicationsABB FOX Firewall AFF650

By introducing Ethernet based communication protocols cyber security has become a more important issue in utility communication systems.

ABB offers based on AFS Family a utility grade Ethernet plat-form. This solution is completed with the AFF650 firewall solution.

AFF takes the harsh environmental conditions of utilities into account. Offering easy management (e.g. web-based tools) as well as easy maintenance (e.g. configuration recovery adapter CRA), it is a perfect solution for utilities.

AFF offer high performance with HW-based VPN encryption and Network Address Translation. Redundant power inputs as well as redundant ring topology (Layer 2) or virtual firewall interfaces (Layer 3) provide highest service availability.

Main Functionality Operates in Routing or Bridging Mode Router Functionality Firewall Functionality Stateful Inspection Packet filtering (IP address or protocol) Packet filtering (MAC address) Protection against DoS attacks Network Address Translation - NAT (1:1, 1:n) VPN Functionality (IPSec) Router Redundancy Dynamic DNSResponse

Request

RequestResponse

SecureInsecure

Stateful Inspection with AFF650

For more information please contact: ABB Switzerland Ltd.Power SystemsBrown Boveri Strasse 65400 Baden, SwitzerlandPhone: +41 58 589 37 35or: +41 844 845 845 (Call Center) Fax: +41 58 585 16 88 E-Mail: utilitycommunications@ch.abb.com www.abb.com/utilitycommunications

1KH

A -

001

206

- S

EN

-

PD

F -

12/1

1 -

Prin

ted

in S

witz

erla

nd

A

BB

Sw

itzer

land

Ltd

. D

ecem

ber

2011

. Th

e rig

ht t

o m

odifi

catio

ns o

r de

viat

ions

due

to

tech

nica

l pro

gres

s is

res

erve

d.

AFF650 Industrial Firewall - Technical data

Product description

Modi Router, Multi Client Transparent (MCT), PPPoENumber of ports 1 x untrusted port, 1 x trusted portType of trusted ports 10/100BaseTX or 100Base-FX/MM/SC Type of untrusted ports 10/100BaseTX, 100Base-FX/MM/SC or 100Base-FX/SM/SCV.24 interface 1xRJ11 socket, serial interface for device configurationUSB interface 1xUSB socket to connect Configuration Recovery Adapter (CRA)Operating voltage 9.6 up to 60VDC, 18 up to 30VAC,

power consumption: 9.5W (24VDC, 2x10/100BaseFX)Stateful Inspection firewall Firewall rules (incoming/outgoing, modem access, management), IP masquerading,

1-to-1 NAT, DoS limiter, MAC filter, user firewall for external activiation of FW rulesMultipoint VPN

IPSec, IKEv2, DES, 3DES, AES (-128, -192, -256), Pre-Shared Key, X.509v3 certificates, MD5, SHA-1, NAT-T, Firewall rules for every VPN connection, configuration assistant in the web interface, remote enable/disable of connections

Management Command Line Interface (CLI), web interface, configuration recovery adapter (CRA), DHCP, AFS Finder, AFS View, FOXMAN UN

Diagnostics LEDs (power, link status, data, error, CRA, V.24), signal contact (24VDC/1A), log file, syslog, configuration check

Protocols Serial, HTTPS, SSH, SNMP (v1/v2/v3), LLDPOther services DHCP server/client, DynDNS, firewall access via V.24 (PPP), SNTP, VLAN

support (IEEE 802.1Q), port forwardingRedundancy function Use redundant network-/ring coupling, firewall redundancy (layer 4), redundant 24V

power inputsOperation temperature -40C up to 60CStorage/transport temperature -40C up to +70CRelative humidity 10% up to 95% (non-condensing)MTBF 27.4 years (trusted & untrusted ports based on 10/100BaseTX), 25CDimensions (WxHxD) 60mm x 145mm x 125mmMounting DIN rail 35mmWeight 600g (trusted & untrusted ports based on 10/100BaseTX) Protection class IP20Mechanical stabilityIEC 60068-2-27 shock 15g, 11ms duration, 18 shocksIEC 60068-2-6 vibration 1mm, 2-13.2Hz, 90min; 0.7g, 13.2-100Hz, 90min;

3.5mm, 3-9Hz, 10cycles, 1octave/min; 1g, 9-150Hz, 10 cycles, 1 octave/min.EMCEN 61000-4-2 electrostatic discharge (ESD): 6KV contact discharge, 8kV air dischargeEN 61000-4-3 electromagnetic field: 10V/m (80-2000 MHz)EN 61000-4-4 fast transient (burst): 2 kV power line, 1 kV line/lineEN 61000-4-5 surge voltage: Power line: 2 kV (Line/earth), 1 kV (line/line)EN 61000-4-6 conducted immunity: 3V (10 kHz-150 kHz), 10V (150 kHz-80 MHz)EMC emitted immunity FCC CFR47 part 15 class A; EN55022 class A