Futureproof Your Industrial Network Security

Building a secure OT network requires more than dependable connectivity. Industrial environments need layered security architectures that support network segmentation, regulate traffic flows, restrict unauthorized access, and provide centralized visibility to implement a defense-in-depth strategy across critical OT infrastructure.

Backed by more than 37 years of industrial networking expertise, Moxa integrates cybersecurity into every stage of its networking solutions. As one of the first companies worldwide to achieve IEC 62443-4-1 certification for its Secure Development Lifecycle (SDL), along with IEC 62443-4-2 certification for multiple product families, Moxa delivers secure networking and connectivity solutions that help organizations develop resilient and future-ready OT network infrastructures.

How Moxa Secure Networking Solutions Strengthen OT Network Security

Protecting industrial OT networks requires multiple layers of security, ranging from secure edge connectivity to network segmentation, access control, traffic monitoring, and centralized network visibility and management. Together, these security capabilities strengthen industrial infrastructure, reduce cyber risks, and support reliable, uninterrupted operations.



Why is secure edge connectivity essential for OT networks?

Edge devices, including serial devices, controllers and remote I/O, serve as the connection between legacy equipment and modern IP-based networks. Without appropriate security measures, these critical connection points can become potential entry paths for cyber threats.

Moxa secure edge connectivity solutions incorporate built-in security mechanisms that protect communications and preserve device integrity while securely connecting edge devices to industrial IP networks.


Key capabilities include:
  • Encrypted communication protecting legacy protocol
  • User authentication and role-based authorization
  • IP whitelisting and network access control
  • Device integrity checks and secure firmware updates
  • Hardening mechanisms that disable unnecessary services

How can network segmentation help protect OT networks?

Network segmentation is a core cybersecurity strategy that limits the spread of cyber incidents across industrial operations. Moxa secure switches and routers support segmentation technologies that isolate critical assets and regulate communication between OT network zones.


Key capabilities include:
  • VLAN-based network segmentation
  • Access control lists (ACL) for traffic filtering
  • Industrial firewall functions
  • Secure routing between OT network zones

These capabilities help contain potential security threats, reduce attack surfaces, and prevent lateral movement throughout industrial systems.

How can organizations secure access to OT networks?

Industrial operations frequently depend on remote connectivity for maintenance, monitoring, and integration with enterprise systems. Without strong security controls, remote connections can introduce significant cybersecurity risks.


Moxa secure networking solutions provide protected remote connectivity through:

  • VPN technologies for encrypted remote access
  • Secure routers and firewalls controlling external connections
  • Authentication mechanisms that restrict device access
  • Secure management protocols such as HTTPS and SSH

These security capabilities help protect OT network boundaries while enabling safe, reliable, and secure remote operations.

How does full network visibility enable real-time monitoring and control in OT networks?

Comprehensive network visibility gives operators real-time insight into connected devices, network status, and traffic activity, enabling earlier anomaly detection, faster troubleshooting, and more effective operational decision-making.


Moxa network management software delivers centralized visibility and continuous monitoring to improve operational awareness while accelerating responses to network events.


Key capabilities include:
  • Network topology visualization for a complete view of connected devices
  • Centralized real-time network monitoring with alerts
  • Automated security configuration auditing for Moxa devices
  • Security event logging and monitoring dashboards
  • Traffic diagnostics for troubleshooting and performance analysis
  • Centralized security and firewall policy management

Discover the Right Secure Networking Solutions for Your Industrial Networks

Moxa combines decades of industrial networking expertise with proven cybersecurity capabilities to deliver layered protection across industrial OT environments. Explore how Moxa secure networking solutions help strengthen network resilience, improve operational security, and support reliable industrial communications.

Moxa’s Secure Networking Solutions

Network Management Software
Secure Routers, Firewalls, and NATs
Secure Managed Switches
Secure Wireless APs/Clients
Secure Edge Connectivity

Find Secure Networking Products That Match Your Demands

  • Secure Managed Switches

  • Secure Routers, Firewalls, and NATs

  • Secure Wireless APs/Clients

  • Secure Edge Connectivity

  • Network Management Software

Secure Managed Switches
Ports
Security Features
Redundancy Protocols
Software Management
Industrial Certifications

MDS-G4000 Family

MDS-G4000

RKS-G4028

RKS-G4028

EDS-4000/G4000

EDS-G4000

EDS-500E Family

EDS-500E
Up to 4 10GbE + 24 GbE Up to 28 GbE Up to 6 2.5GbE + 8 GbE Up to 4 GbE + 24 FE
HTTPS, SSL/SSH, ACL, IEEE 802.1X, Port Security, DHCP Snooping, Secure Boot1 HTTPS, SSL/SSH, ACL, IEEE 802.1X, Port Security, DHCP Snooping, Secure Boot HTTPS, SSL/SSH, ACL2, IEEE 802.1X
Turbo Ring, Turbo Chain, RSTP/STP, MRP, VRRP (L3 Model) Turbo Ring, Turbo Chain, RSTP/STP, MRP
MXview One
IEC 61850-3, IEEE 1613, EN 50121-4, NEMA TS2, ATEX3, CID23 IEC 62443-4-2 SL2, IEC 61850-3, IEEE 1613, EN 50121-4, NEMA TS2 IEC 62443-4-2 SL2, IEC 61850-3, IEEE 1613 (Class 1), DNV4, ABS4, NK4, LR4, EN 50121-4, NEMA TS2, ATEX5, CID25, IECEx5 IEC 61850-3, IEEE 1613, DNV6, ABS6, NK6, LR6, EN 50121-46, NEMA TS26, ATEX6, CID26
  • 1. Only available for -4XGS models.
  • 2. Only available for 18 and 28 port models.
  • 3. Only available for the non-4XGS models.
  • 4. Only available for -LV and PoE models.
  • 5. Only available for -LV models.
  • 6. Only available for 10 and 18 port models.
Secure Routers, Firewalls, and NATs
Ports
NAT
Firewalls
IPS/IDS
DPI
VPN
Routing Throughput (based on RFC 2544)
Redundancy Protocols
Software Management
Industrial Certifications

EDF-G1002-BP

EDF-G1002-BP

EDR-G9010

EDR-G9010

EDR-G9004

EDR-G9004

EDR-8010

EDR-8010

NAT-102

NAT-102

NAT-108

NAT-108
2 GbE (Gen3 LAN Bypass) 2 2.5GbE + 8 GbE1 Up to 2 2.5GbE + 2 GbE (1/2 DMZ/WAN ports) 2 GbE + 8 FE1 2 FE 8 FE
- 1-to-1, N-to-1, NAT loopback, Port forwarding, IP Twins Mapping4
DDoS, Ethernet protocols, ICMP, IP address, MAC address, Ports IP address, MAC address (Device Lockdown), Ports
Enabled by default. IPS pattern update functionality requires an additional license. Requires an additional license - -
DNP3, EtherNet/IP, IEC 60870-5-104, IEC 61850 MMS, Modbus TCP, Modbus UDP, Omron FINS, Siemens S7 Comm., Siemens S7 Comm. Plus, OPC UA, MELSEC communication protocol - -
- Up to 250 IPsec VPN tunnels Up to 50 IPsec VPN tunnels - -
- Max. 350K packets per second / 2 Gbps Max. 50K packets per second / 500 Mbps Max. 15K packets per second /100 Mbps
- VRRP, Turbo Ring, Turbo Chain, RSTP/STP VRRP VRRP, Turbo Ring, Turbo Chain, RSTP/STP - -
MXview One, MXview Security3, MXsecurity MXview One MXview One
NEMA TS2, EN 50121-4, CID2, ATEX, IECEx, DNV IEC 62443-4-2 SL2, IEEE 1613, IEC 61850-3 Ed. 2.0, ATEX2, CID22, EN 50121-42, NEMA TS22, DNV2, DNV IEC 61162-460 Edition 3.02, DNV security profile 22, IACS UR E27 Rev.12, IEC 609452 IEEE 1613, IEC 61850-3 Ed. 2.0, ATEX, CID2, IECEx, EN 50121-4, NEMA TS2, DNV IEEE 1613, IEC 61850-3 Ed. 2.0, ATEX, CID2, IECEx, EN 50121-4, NEMA TS2, DNV, DNV IEC 61162-460 Edition 3.0, DNV security profile 2, IACS UR E27 Rev.1, IEC 60945 EN 50121-4, NEMA TS2, ATEX, CID2 -
  • 1. Supports user-configurable DMZ/WAN ports.
  • 2. Only available for -LV models.
  • 3. An active MXview One license is required in order to activate the MXview Security add-on license.
  • 4. NAT-108 Series only.
Moxa Solutions
Operation Mode
Wi-Fi Standards
Frequency Band
Data Rates
Wireless Security
Interfaces
Operating Temperature
Protection Class
AeroMesh

AWK-1161A

AWK-1165A

AWK-1161C

AWK-1165C

AWK-3262A

AWK-4262A

APClientAP/Client
802.11ax
Selectable 2.4 GHz / 5 GHz Dual BandConcurrent 2.4 GHz + 5 GHz Dual Band
574 Mbps (2.4 GHz) / 1,201 Mbps (5 GHz) 574 Mbps (2.4 GHz) + 1,201 Mbps (5 GHz)
WPA3, Protected Management Frames (802.11w), Wi-Fi ACL (Automatic/Static), Client Isolation, Hide SSID
1 x GbE5 x GbE1 x GbE5 x GbE1 x GbE + 1 x 2.5GbE (PoE)
-25 to 60°C / -40 to 75°C (-T models) -40 to 75°C
IP30IP68
Key Features
NPort 6100-G2/6200-G2/6400-G2/6600-G2 Series Secure Terminal Servers
MGate MB3000-G2 Series Modbus Gateways
ioThinx 4510 Series Advanced Modular Remote I/Os
Embedded Security Functions for Secure Deployment
User Authentication & Authorization
  • Password protection (length, character enforcement, update policy)
  • Authentication servers (RACIUS/TACACS+)
  • Role-Based Access Control (RBAC)
  • Password protection (length, character enforcement, update policy)
  • Authentication servers (RACIUS/TACACS+)
  • Role-based Access Control (RBAC)
  • Password protection (length, character enforcement)
Device Integrity
  • Secure Boot check software authenticity before bootup
  • Check CRC code before update the device
  • Check CRC code before update the device
Device Least Functionality
Communication Integrity
  • Authentication & Encryption for both management & serial data stream
  • HTTPS (TLS 1.3 embedded with self-signed certificate, also supports public certificate import)
  • SSHv2/SNMPv3
  • ECC 521 or RSA-4096
  • Authentication & Encryption for management interface
  • HTTPS (TLS 1.2 embedded with self-signed certificate, also supports public certificate import)
  • SNMPv3
  • ECC 521 or RSA-4096
  • HTTPS (TLS 1.2 embedded with self-signed certificate, and can be exported)
  • SNMPv3
Network Access Control
  • Accessible IP List
  • Accessible IP List
  • Access Control List (ACL)
Securing Your Devices in Daily Maintenance
Configuration Management
  • GUI type of Device Search Utility
  • CLI type of MCC tools
  • GUI type of MXconfig
  • CLI type of MCC tools
Device Management
  • Syslog with RFC 3164 format with ISO8601 timestamp
  • Local syslog storage & remote syslog with failover
  • Manageable via MXview One network management software
  • Syslog with RFC 3164 format with ISO8601 timestamp
  • Local syslog storage
  • Manageable via MXview One network management software
  • Syslog
  • Manageable via MXview One network management software
Vulnerability Management
  • Dedicated Cybersecurity Response Team for handling vulnerability
  • Perform Nessus Scan

MXview One Series: Next-generation Industrial Network Management Software

You can easily manage and maintain our secure routers, firewalls, and managed switches using one platform. Our MXview One Series simplifies device security management, allowing you to easily adjust security levels and receive alerts when abnormal activity occurs. Additionally, our software includes a network security add-on that enables centralized firewall policy management and provides a dashboard for at-a-glance network security monitoring.

*For any further information, please contact us via sales@manuauto.com.

Get A Quote