TEL. & FAX +66(0)2-020-3301

EDR-G902 Series

Home  >   MOXA  >   Industrial Network Infrastructure  >  
Secure Routers  >   Secure Routers

Industrial secure routers with firewall/NAT/VPN

Product Feature

  • Firewall/NAT/VPN/Router all-in-one
  • Secure remote access tunnel with VPN
  • Stateful firewall protects critical assets
  • Inspect industrial protocols with PacketGuard technology
  • Easy network setup with Network Address Translation (NAT)
  • Dual WAN redundant interfaces through public networks
  • Support for VLANs in different interfaces
  • -40 to 75°C operating temperature range (-T model)
  • Security features based on IEC 62443/NERC CIP


The EDR-G902 is a high-performance, industrial VPN server with a firewall/NAT all-in-one secure router. It is designed for Ethernet-based security applications on critical remote control or monitoring networks, and it provides an Electronic Security Perimeter for the protection of critical cyber assets including pumping stations, DCS, PLC systems on oil rigs, and water treatment systems. The EDR-G902 Series includes the following cybersecurity features:

  • Virtual Private Network (VPN): VPNs are designed to provide users with secure communication links when accessing a private network from the public Internet. They use IPsec (IP Security) server or client mode for encryption and authentication of all IP packets at the network layer to ensure confidentiality and sender authentication.
  • Firewall: Controls network traffic between different trust zones. Network Address Translation (NAT), which shields the internal LAN from unauthorized activity from outside hosts.

The EDR-G902’s Quick Automation Profile function supports most common fieldbus protocols, including EtherCAT, EtherNet/IP, FOUNDATION Fieldbus, Modbus TCP, and PROFINET. Users can easily create a secure Ethernet Fieldbus network from a user-friendly web UI with a single click. In addition, Moxa’s PacketGuard technology (Deep Packet Inspection) helps to filter Modbus TCP commands at OSI layer 7. The wide-temperature range models that are available operate reliably in hazardous, -40 to 75°C environments.

Input/Output Interface

Alarm Contact Channels1 relay output with current carrying capacity of 1 A @ 24 VDC
ButtonsReset button
Digital Input Channels+13 to +30 V for state 1
-30 to +3 V for state 0
Max. input current: 8 mA

Ethernet Interface

10/100/1000BaseT(X) Ports (RJ45 connector)1
Combo Ports (10/100/1000BaseT(X) or 100/1000BaseSFP+)1
StandardsIEEE 802.1Q for VLAN Tagging
IEEE 802.3 for 10BaseT
IEEE 802.3ab for 1000BaseT(X)
IEEE 802.3u for 100BaseT(X) and 100BaseFX
IEEE 802.3x for flow control
IEEE 802.3z for 1000BaseSX/LX/LHX/ZX
WAN Ports, RJ45/Fiber Combo Port1
LAN Ports, RJ45 port1

Ethernet Software Features

ManagementBack Pressure Flow Control, DDNS, DHCP Server/Client, HTTP, LLDP, 
QoS/CoS/ToS, SMTP, SNMPv1/v2c/v3, Telnet, TFTP, QoS, PPPOE, 
Traffic prioritization
RoutingThroughput: 25,000 packets per second (max. 300 Mbps)
Routing RedundancyVRRP
SecurityHTTPS/SSL, SSH, IPsec, OpenVPN (client and server), UDP and TCP 
Tunnel mode (routing) and TAP mode (bridge), L2TP (server), RADIUS
Time ManagementNTP Server/Client, SNTP
Unicast RoutingOSPF, RIPV1/V2, Static Route

Switch Properties

Max. No. of VLANs10

DoS and DDoS Protection

TechnologyARP-Flood, FIN Scan, ICMP-Death, NEWWithout-SYN Scan, NMAP-ID 
Scan, NMAP-Xmas Scan, Null Scan, SYN/FIN Scan, SYN/RST Scan, SYN-
Flood, Xmas Scan


Deep Packet InspectionModbus TCP
Modbus UDP
FilterDDoS, Ethernet protocols, ICMP, IP address, MAC address, Ports
Quick Automation ProfilesDNP, EtherCAT, EtherNet/IP, FOUNDATION Fieldbus, FTP, HTTP, 
IEC 60870-104, IPsec, L2TP, LonWorks, Modbus TCP, PPTP, 
Stateful InspectionRouter firewall
Transparent (bridge) firewall
ThroughputMax. 25000 packets per second (max. 300 Mbps)


AuthenticationMD5 and SHA (SHA-256)
RSA (key size: 1024-bit, 2048-bit)
X.509 v3 certificate
Concurrent VPN TunnelsMax. 50 IPsec VPN tunnels
Encryption3DES, AES-128, AES-192, AES-256, DES
ProtocolsIPsec, L2TP (server), PPTP (client)
ThroughputMax. 60 Mbps (Conditions: AES-256, SHA-256)


Features1-to-1, bidirectional 1-to-1, N-to-1, Port forwarding


AuthenticationUser password by MD5 and SHA1
Concurrent VPN TunnelsClient Mode: max. 2 external servers
Server Mode: max. 5 external clients
EncryptionAES-128/192/256 CBC, Blowfish CBC, DES CBC, DES-EDE3 CBC
ProtocolsOpenVPN (client and server), UDP, and TCP, Tunnel mode (routing) 
and TAP mode (bridge)

Real-Time Firewall / VPN Event Log

Event TypeFirewall event, System event, VPN event
MediaLocal storage, SNMP Trap, Syslog server

Serial Interface

Console PortRS-232

Power Parameters

ConnectionRemovable terminal block
Input Voltage12/24/48 VDC
Input Current0.45 A @ 24 VDC
Overload Current ProtectionSupported
Reverse Polarity ProtectionSupported

Physical Characteristics

IP RatingIP30
Dimensions51 x 152 x 131.1 mm (2.01 x 5.98 x 5.16 in)
Weight1250 g (2.82 lb)
InstallationDIN-rail mounting, Wall mounting (with optional kit)

Environmental Limits

Operating TemperatureEDR-G902: 0 to 60°C (32 to 140°F)
EDR-G902-T: -40 to 75°C (-40 to 167°F)
Storage Temperature (package included)-40 to 85°C (-40 to 185°F)
Ambient Relative Humidity5 to 95% (non-condensing)

Standards and Certifications

FreefallIEC 60068-2-32
EMCEN 55032/24
EMICISPR 32, FCC Part 15B Class A
EMSIEC 61000-4-2 ESD: Contact: 6 kV; Air: 8 kV
IEC 61000-4-3 RS: 80 MHz to 1 GHz: 10 V/m
IEC 61000-4-4 EFT: Power: 4 kV; Signal: 4 kV
IEC 61000-4-5 Surge: Power: 2 kV; Signal: 1 kV
IEC 61000-4-6 CS: 10 V
IEC 61000-4-8 PFMF
SafetyUL 508
ShockIEC 60068-2-27
VibrationIEC 60068-2-6


Time981,233 hrs
StandardTelcordia (Bellcore), GB


Warranty Period5 years
Name Type Version Release Date
Datasheet for EDR-G902 Series Datasheet V1.1 26 August 2019


10/100/1000BaseT(X) RJ45 Connector, 100/1000Base SFP Slot Combo WAN Port 1
Operating Temp. 0 to 60°C


10/100/1000BaseT(X) RJ45 Connector, 100/1000Base SFP Slot Combo WAN Port 1
Operating Temp. -40 to 75°C

บริษัท พีที ออโตเมชั่น (ไทยแลนด์) จำกัด

จันทร์ ถึง ศุกร์ เวลา 9.00 น. – 18.00 น.