Industrial Routers and Gateways - Cisco Catalyst Industrial Routers with Cisco Next-Generation Firewall Solution Overview

<!DOCTYPE html> <html xmlns:fb="//www.facebook.com/2008/fbml" xmlns:og="//opengraphprotocol.org/schema/" lang="en" xml:lang="en" class="no-touch no-js"> <head> <meta charset="utf-8"> <meta name="HandheldFriendly" content="True" /> <meta name="MobileOptimized" content="320" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="rei" content="3/2/2022 10.39am est" /> <script tyle="text/javascript" src="/content/dam/cdc/j/cdcrSwitch.js"></script> <script type="text/javascript"> if (typeof cdc === "undefined"){ cdc = {}; } cdc.localizedLang="en/us"; if (window.cdcext === undefined) { window.cdcext = {}; } cdcext.customEnvironment = "prod"; if (window.cdclocale === undefined) { window.cdclocale = {}; } cdclocale.locale = cdc.localizedLang=="en/us"?"en_us":cdc.localizedLang; </script> <script src="/c/dam/cdc/t/ctm-core.js"></script> <script> window['adrum-start-time'] = new Date().getTime(); window.environ = "prod" ; </script> <script> if (window.cpe === undefined) { window.cpe = {}; } cpe.accountName = "prod"; cpe.config = ["cinf","dsc","pps"]; cpe.hideMethod = "elements"; window.targetGlobalSettings = JSON.parse('{\x22timeout\x22:4000}'); window.targetPageParamsAll = () => JSON.parse('{\x22entity\x22:\x22{\\\x22id\\\x22:\\\x221717433650985205\\\x22,\\\x22categoryId\\\x22:\\\x22Products,Routers,Product Solution Overview\\\x22}\x22}'); const bullseyeLibrary = `/etc.clientlibs/cisco-cdc/clientlibs/clientlib-external/resources/external/bullseye.js`; import(bullseyeLibrary); </script> <script src="/etc.clientlibs/cisco-cdc/clientlibs/clientlib-external/resources/regional-mbox/regional-mbox.js"></script> <title>Industrial Routers and Gateways - Cisco Catalyst Industrial Routers with Cisco Next-Generation Firewall Solution Overview - Cisco</title> <meta name="format-detection" content="telephone=no"> <meta http-equiv="Content-type" content="text/html;charset=UTF-8" /> <meta name="description" content="Secure your WAN with Cisco industrial routers: advanced OT security, firewall, and threat protection for peace of mind in digitization. " /> <meta name="title" content="Industrial Routers and Gateways - Cisco Catalyst Industrial Routers with Cisco Next-Generation Firewall Solution Overview" /> <meta name="documentId" content="1717415403730167" /> <meta name="templateName" content="eot-toc" /> <meta property="fb:app_id" content="156494687694418" /> <meta name="ioContentSource" content="WEM" /> <meta name="concept" content="Industrial Routers and Gateways" /> <meta name="docType" content="Product Solution Overview" /> <meta name="iaPath" content="cisco.com#Products#Cisco Products#Routers#Industrial Routers and Gateways" /> <meta name="contentType" content="cisco.com#US#preSales" /> <meta name="locale" content="US" /> <meta name="language" content="en" /> <meta name="country" content="US" /> <meta name="CCID_Page" content="cc001776" /> <meta name="date" content="Mon Jun 03 10:49:59 PDT 2024" /> <meta name="accessLevel" content="Customer" /> <meta name="accessLevel" content="Guest" /> <meta name="accessLevel" content="Partner" /> <meta name="entitlementExpression" content="contains( "0,1,2,3,4,7" , $profileField[3] )" /> <meta property="og:site_name" content="Cisco" /> <meta property="og:type" content="website" /> <meta property="og:title" content="Industrial Routers and Gateways - Cisco Catalyst Industrial Routers with Cisco Next-Generation Firewall Solution Overview" /> <meta property="og:description" content="Secure your WAN with Cisco industrial routers: advanced OT security, firewall, and threat protection for peace of mind in digitization. " /> <meta property="og:image" content="https://www.cisco.com/web/fw/i/logo-open-graph.gif" /> <meta property="og:url" content="https://www.cisco.com/c/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.html" /> <link rel="canonical" href="https://www.cisco.com/c/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.html"/> <script src="/etc.clientlibs/clientlibs/granite/jquery.min.js"></script> <script src="/etc.clientlibs/clientlibs/granite/utils.min.js"></script> <script src="/etc.clientlibs/clientlibs/granite/jquery/granite.min.js"></script> <script src="/etc.clientlibs/foundation/clientlibs/jquery.min.js"></script> <script src="/etc.clientlibs/foundation/clientlibs/shared.min.js"></script> <script src="/etc.clientlibs/cq/personalization/clientlib/underscore.min.js"></script> <script src="/etc.clientlibs/cq/personalization/clientlib/personalization/kernel.min.js"></script> <script src="/etc.clientlibs/cq/personalization/clientlib/personalization/kernel.min.js"></script> <script type="text/javascript"> $CQ(function() { CQ_Analytics.SegmentMgr.loadSegments("\/etc\/segmentation"); CQ_Analytics.ClientContextUtils.init("\/c\/dnc\/etc\/clientcontext\/default", "\/content\/en\/us\/products\/collateral\/networking\/industrial\u002Drouters\u002Dgateways\/industrial\u002Drouter\u002Dnext\u002Dgeneration\u002Dfirewall\u002Dso"); }); </script> <link rel="stylesheet" href="/etc/designs/cdc/clientlibs/responsive/css/cisco-sans.min.css" type="text/css"> <script src="/etc/designs/cdc/clientlibs/responsive/js/foundation.min.js"></script> <link rel="stylesheet" href="/etc/designs/cdc/clientlibs/responsive/css/responsive.min.css" type="text/css"> <script> sessionStorage.setItem("logOutIntermediateMessage", 'You are being logged out.'); </script>  <script type="application/ld+json"> [ { "@context": "http://www.schema.org", "@type": "WebPage", "name": "Cisco Catalyst Industrial Routers with Cisco Next-Generation Firewall Solution Overview", "url": "https://www.cisco.com/c/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.html", "description": "Secure your WAN with Cisco industrial routers: advanced OT security, firewall, and threat protection for peace of mind in digitization. ", "publisher": { "@type": "Corporation", "name": "Cisco" } }] </script>    <script>!function(e){var n="https://s.go-mpulse.net/boomerang/";if("False"=="True")e.BOOMR_config=e.BOOMR_config||{},e.BOOMR_config.PageParams=e.BOOMR_config.PageParams||{},e.BOOMR_config.PageParams.pci=!0,n="https://s2.go-mpulse.net/boomerang/";if(window.BOOMR_API_key="GKZXC-NS3SU-A7VFH-HKBHM-U7LKH",function(){function e(){if(!o){var e=document.createElement("script");e.id="boomr-scr-as",e.src=window.BOOMR.url,e.async=!0,i.parentNode.appendChild(e),o=!0}}function t(e){o=!0;var n,t,a,r,d=document,O=window;if(window.BOOMR.snippetMethod=e?"if":"i",t=function(e,n){var t=d.createElement("script");t.id=n||"boomr-if-as",t.src=window.BOOMR.url,BOOMR_lstart=(new Date).getTime(),e=e||d.body,e.appendChild(t)},!window.addEventListener&&window.attachEvent&&navigator.userAgent.match(/MSIE [67]\./))return window.BOOMR.snippetMethod="s",void t(i.parentNode,"boomr-async");a=document.createElement("IFRAME"),a.src="about:blank",a.title="",a.role="presentation",a.loading="eager",r=(a.frameElement||a).style,r.width=0,r.height=0,r.border=0,r.display="none",i.parentNode.appendChild(a);try{O=a.contentWindow,d=O.document.open()}catch(_){n=document.domain,a.src="javascript:var d=document.open();d.domain='"+n+"';void(0);",O=a.contentWindow,d=O.document.open()}if(n)d._boomrl=function(){this.domain=n,t()},d.write("<bo"+"dy onload='document._boomrl();'>");else if(O._boomrl=function(){t()},O.addEventListener)O.addEventListener("load",O._boomrl,!1);else if(O.attachEvent)O.attachEvent("onload",O._boomrl);d.close()}function a(e){window.BOOMR_onload=e&&e.timeStamp||(new Date).getTime()}if(!window.BOOMR||!window.BOOMR.version&&!window.BOOMR.snippetExecuted){window.BOOMR=window.BOOMR||{},window.BOOMR.snippetStart=(new Date).getTime(),window.BOOMR.snippetExecuted=!0,window.BOOMR.snippetVersion=12,window.BOOMR.url=n+"GKZXC-NS3SU-A7VFH-HKBHM-U7LKH";var i=document.currentScript||document.getElementsByTagName("script")[0],o=!1,r=document.createElement("link");if(r.relList&&"function"==typeof r.relList.supports&&r.relList.supports("preload")&&"as"in r)window.BOOMR.snippetMethod="p",r.href=window.BOOMR.url,r.rel="preload",r.as="script",r.addEventListener("load",e),r.addEventListener("error",function(){t(!0)}),setTimeout(function(){if(!o)t(!0)},3e3),BOOMR_lstart=(new Date).getTime(),i.parentNode.appendChild(r);else t(!1);if(window.addEventListener)window.addEventListener("load",a,!1);else if(window.attachEvent)window.attachEvent("onload",a)}}(),"".length>0)if(e&&"performance"in e&&e.performance&&"function"==typeof e.performance.setResourceTimingBufferSize)e.performance.setResourceTimingBufferSize();!function(){if(BOOMR=e.BOOMR||{},BOOMR.plugins=BOOMR.plugins||{},!BOOMR.plugins.AK){var n=""=="true"?1:0,t="",a="bdpnbeqxgy4r2z2ic5ya-f-cde35bf24-clientnsv4-s.akamaihd.net",i="false"=="true"?2:1,o={"ak.v":"39","ak.cp":"61004","ak.ai":parseInt("271834",10),"ak.ol":"0","ak.cr":3,"ak.ipv":4,"ak.proto":"http/1.1","ak.rid":"6f7571d","ak.r":37669,"ak.a2":n,"ak.m":"dsca","ak.n":"essl","ak.bpcip":"8.222.208.0","ak.cport":37440,"ak.gh":"23.53.33.222","ak.quicv":"","ak.tlsv":"tls1.2","ak.0rtt":"","ak.0rtt.ed":"","ak.csrc":"-","ak.acc":"reno","ak.t":"1732777840","ak.ak":"hOBiQwZUYzCg5VSAfCLimQ==7rjVlpKaQ/7fAq/S5GNhV9fY1tra56r6RdrmTL5JJ56jz7fwxNvasH643I7tIAPx1ioq0C9JAk3fpWhPWnqSDwtuHxlkhf32exg+T/heMp6u0nkl4Y24ReH5nem1j9rM0C361dYMAGQAFPAbgnvvPaw5ZlqcvledMWuwXymQhdHHNSGBNAJmWEnmYtOyAvvs2wt2Cmubhb6orUAcCKxTDpZcthA1czJZRRcbpUbnBS1KEK7j9LYRuKVxtuncNgkKwp4bEOurXOWPZbagtCsyfgf/TTpWv/uGX4QZADAMg7b+lCHURGE0OJdOTeL6gve9Jyw5Obk7sB/8iN38s2nTM2pEqCo0zcboM6L8ZnbJ0qDxndoNHH8g4jEsACJ/cA4HFUieOmsScPc2fUUXY5urn7zCMDmMxmqAK+m//NSLbvg=","ak.pv":"517","ak.dpoabenc":"","ak.tf":i};if(""!==t)o["ak.ruds"]=t;var r={i:!1,av:function(n){var t="http.initiator";if(n&&(!n[t]||"spa_hard"===n[t]))o["ak.feo"]=void 0!==e.aFeoApplied?1:0,BOOMR.addVar(o)},rv:function(){var e=["ak.bpcip","ak.cport","ak.cr","ak.csrc","ak.gh","ak.ipv","ak.m","ak.n","ak.ol","ak.proto","ak.quicv","ak.tlsv","ak.0rtt","ak.0rtt.ed","ak.r","ak.acc","ak.t","ak.tf"];BOOMR.removeVar(e)}};BOOMR.plugins.AK={akVars:o,akDNSPreFetchDomain:a,init:function(){if(!r.i){var e=BOOMR.subscribe;e("before_beacon",r.av,null,null),e("onbeacon",r.rv,null,null),r.i=!0}return this},is_complete:function(){return!0}}}}()}(window);</script></head> <body id="wcq" class=" fw-res cdc-eot cdc-eot-toc cdc-transform product-solution-overview "> <div id="fw-skiplinks"> <ul class="container"> <li><a id="skiplink-content" href="#fw-content">Skip to content</a></li> <li><a id="skiplink-search" href="#">Skip to search</a></li> <li><a id="skiplink-footer" href="#fw-footer-v2" class="last">Skip to footer</a></li> </ul> </div> <script type="module" src="/site/web-components/us/en/cdc-header.js"></script> <cdc-header></cdc-header> <nav class="fw-c-header__seo-links" aria-hidden="true" style="display:none"> <ul> <li><a tabindex="-1" href="https://www.cisco.com/site/us/en/index.html">Cisco.com Worldwide</a></li> <li><a tabindex="-1" href="/c/en/us/products/index.html">Products and Services</a></li> <li><a tabindex="-1" href="https://www.cisco.com/site/us/en/solutions/index.html">Solutions</a></li> <li><a tabindex="-1" href="/c/en/us/support/index.html">Support</a></li> <li><a tabindex="-1" href="/c/en/us/training-events.html">Learn</a></li> <li><a tabindex="-1" href="//www.cisco.com/c/en/us/about/sitemap.html">Explore Cisco</a></li> <li><a tabindex="-1" href="/c/en/us/buy.html">How to Buy</a></li> <li><a tabindex="-1" href="https://www.cisco.com/site/us/en/partners/index.html?dtid=odicdc001129">Partners Home</a></li> <li><a tabindex="-1" href="https://www.cisco.com/site/us/en/partners/cisco-partner-program/index.html?ccid=cc000864&dtid=odiprc001129">Partner Program</a></li> <li><a tabindex="-1" href="https://www.cisco.com/site/us/en/partners/support-help/index.html">Support</a></li> <li><a tabindex="-1" href="https://www.cisco.com/site/us/en/partners/tools/index.html?dtid=odiprc001129">Tools</a></li> <li><a tabindex="-1" href="https://locatr.cloudapps.cisco.com/WWChannels/LOCATR/pf/index.jsp#/">Find a Cisco Partner</a></li> <li><a tabindex="-1" href="https://www.cisco.com/site/us/en/partners/connect-with-a-partner/index.html?ccid=cc000864&dtid=odiprc001129">Meet our Partners</a></li> <li><a tabindex="-1" href="https://www.cisco.com/site/us/en/partners/index.html?dtid=odicdc001129">Become a Cisco Partner</a></li> </ul> </nav> <div id="fw-content" class="container grid"> <div class="row full" data-owner="ID"> <div class="col full "> <nav id="fw-breadcrumb" class="data-based" aria-label="breadcrumbs" data-owner="ID"> <ul itemscope itemtype="//schema.org/BreadcrumbList"> <li aria-hidden="true"><a href='#' class="skip"><span></span></a></li> <li itemprop='itemListElement' itemscope itemtype='//schema.org/ListItem'><a itemprop='item' href='/c/en/us/products/index.html'><span itemprop='name'>Products & Services</span><meta itemprop='position' content='1' /></a><span class='caret'></span></li><li itemprop='itemListElement' itemscope itemtype='//schema.org/ListItem'><a itemprop='item' href='/c/en/us/products/routers/index.html'><span itemprop='name'>Routers</span><meta itemprop='position' content='2' /></a><span class='caret'></span></li><li itemprop='itemListElement' itemscope itemtype='//schema.org/ListItem'><a itemprop='item' href='/c/en/us/products/routers/industrial-routers-gateways/index.html'><span itemprop='name'>Industrial Routers and Gateways</span><meta itemprop='position' content='3' /></a><span class='caret'></span></li> </ul> </nav> <script> if (window.cdc === undefined) { window.cdc = {}; } if (cdc.breadcrumb === undefined) { cdc.breadcrumb = (function () { let clone = document.querySelector('#fw-breadcrumb').cloneNode(true); let appendClone = function () { let hasBreadcrumb = document.querySelector('#fw-breadcrumb') !== null, firstMarquee = document.querySelectorAll('.dmc-mq')[0]; if (!hasBreadcrumb && firstMarquee !== undefined) { firstMarquee.querySelector('.frame .inset').insertBefore(this.clone, firstMarquee.querySelector('.frame .inset').firstElementChild); } }; return { clone: clone, appendClone: appendClone } }()); } //DE380224 var anchorChild = document.getElementsByTagName("a"); for(var i=0; i<anchorChild.length; i++){ if(anchorChild[i].getAttribute("itemprop")=="item") { if ( anchorChild[i].href.includes("%3Clocale%3E") ){ let anchorChildHREF = anchorChild[i].href; let docLocale = document.querySelector('meta[name="locale"]').getAttribute('content'); let docLanguage = document.querySelector('meta[name="language"]').getAttribute('content'); var docSeparator; if ((docLocale.toLowerCase() == "us") && (docLanguage.toLowerCase() == "en")) { docSeparator="/"; } else { docSeparator="_"; } let anchorURLReplace = docLanguage.toLowerCase() + docSeparator + docLocale.toLowerCase(); anchorChildHREF = anchorChildHREF.replace("%3Clocale%3E", anchorURLReplace); anchorChild[i].setAttribute('href', anchorChildHREF); } } } </script> <h1 id="fw-pagetitle" class="" data-owner="ID">Cisco Catalyst Industrial Routers with Cisco Next-Generation Firewall Solution Overview</h1> </div> </div>  <script type="text/javascript"> // initialize dictionary for i18n var pagelanguage = "en_us".replace("_","-"); var pagelocale = pagelanguage; Granite.I18n.setLocale(pagelocale.toLowerCase()); Granite.I18n.setUrlPrefix("/etc/designs/cdc/fw/w/responsive_components/eot/i18n/"); Granite.I18n.setUrlSuffix(".1.json"); cdc.util.ensureNamespace("cdc.rc"); cdc.rc.isEotToc = true; </script> <div class="row full blowout"> <div class="col full"> </div> </div> <div class="row full"> <div class="col full top docId"> <script> if (typeof(cdc) == "undefined") cdc={}; if (typeof(cdc.translations) == "undefined") cdc.translations={}; </script> <div class="docHeaderComponent base-blowout"> <div class="linksRow"> <div class="toolbar"> <div class="noprint" id="saveModule"> <script type="text/javascript"> cdc.util.ensureNamespace("cdc.rc.savedoc"); cdc.rc.savedoc.isLoggedIn = false; cdc.rc.savedoc.save = "Save"; cdc.rc.savedoc.saved = "Saved"; </script> <button class="save" aria-expanded="false"> <label>Save</label> </button> </div> <div class="saveDocumentMessage login cdc-expandPanel" role="region" aria-live="polite"> <a href="/c/login/index.html?referer=/c/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.html">Log in</a> to Save Content </div>   <div class="noprint downloadDocument" ><button type="button" class="view-download-list-link anchor" aria-expanded="false"><div class="toolbarIcon downloadIcon"></div><label class="iconLabel">Download</label></button></div> <div class="noprint printDocument js-only"><button type="button" class="anchor printPage"><div class="toolbarIcon printIcon"></div><label class="iconLabel">Print</label></button></div> </div> </div>  <script language="javascript"> cdc.translations.map = "{en-us=https://www.cisco.com/c/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.html, x-default=https://www.cisco.com/c/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.html}";//storing the map for use in the JS cdc.translations.locale="en_us"; </script> <div class="availableLanguagesList"> <h3>Available Languages</h3> <ul id="translationsList"> </ul> </div> <div id="download-list-container" class="noprint panelRow" role="region" aria-live="polite"> <div class='download-list' aria-label="Download Options"> <h3>Download Options</h3> <ul> <li> <div class="fileText"> <a href="/c/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.pdf" class="download-pdf"><div class="fileIcon pdfIcon"></div>PDF</a> <span class="docSize">(1.2 MB)</span> <br /> <span class="description">View with Adobe Reader on a variety of devices</span> </div> </li> </ul> </div> </div> <div class="infobarClearFix"> <div class="infobar"> <div class="updatedDate"><span>Updated:</span>June 3, 2024</div> </div> </div> </div> <script> jQuery(document).ready(function(){ if(jQuery("body").hasClass("cdc-eot-toc") && jQuery(".cdc-eot-toc").find(".DocumentHistory").length > 0){ jQuery(".cdc-eot-toc .seeRevisions").show(); if(jQuery(window).width() >= 768){ jQuery(".cdc-eot-toc .updatedDate").nextAll(".bullet").show(); } }else{ jQuery(".cdc-eot-toc .infobar .bullet").hide(); jQuery(".cdc-eot-toc .seeRevisions"); jQuery(".cdc-eot-toc .updatedDate"); } }) </script> <div class="disclaimers marketing"> <div class="disclaimerButtons"> <div class="aboutBias"> <button aria-expanded="false" >Bias-Free Language</button> </div> </div> <div class="biasfreeContent panel"> <h3>Bias-Free Language</h3> <p>The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. <a href="https://www.cisco.com/c/en/us/about/social-justice/inclusive-language-policy.html">Learn more</a> about how Cisco is using Inclusive Language.</p> </div> </div> <div id="luh-holder" class="dmc-inpage-nav noprint"> </div> </div> </div> <div class="row wide-narrow flip cdc-eot-toc-banner"> <div class="col wide"> <div class="defaultBrandImage"></div> <link rel="stylesheet" href="/etc/designs/cdc/dmr/mbox/mbox.min.css" type="text/css"> <div data-version="DM:components/dgbanner/banner-mbox:V1.5.1"> <div class="mboxDefault"></div> <script type="text/javascript"> var test=""; if(test!=undefined && test.trim().length>0){ mboxCreate('en-us_dg_large_eot','type=default',''); }else{ mboxCreate('en-us_dg_large_eot','type=default'); } </script> </div> <script src="/etc/designs/cdc/dmr/libs/u.min.js"></script> <script src="/etc/designs/cdc/dmr/libs/nmsp.min.js"></script> <script src="/etc/designs/cdc/dmr/libs/log.min.js"></script> <script src="/etc/designs/cdc/dmr/libs/metrics.min.js"></script>  <style> .cdc-eot-toc #fw-pagetitle, .cdc-ic-ebook #fw-pagetitle { width: 80% !important; } .cdc-eot-toc #eot-doc-wrapper .pBody { line-height: 1.5 !important; margin-bottom: 15px !important; } .cdc-eot-toc #eot-doc-wrapper div.pDefault { font-size: 14px !important; font-weight: bold !important; } .cdc-eot-toc #eot-doc-wrapper p.pBulletCMT{ text-indent: -18px !important; padding-left: 15px !important; } .cdc-eot-toc #eot-doc-wrapper p.pBullet2CMT { text-indent: -16px !important; padding-left: 65px !important; } thead tr{ border: 1px solid white !important; } thead td{ border: 1px solid white !important; } #eot-doc-wrapper div.pCellBulletCMT { margin-top: 12pt !important; margin-bottom: 12pt !important; } .cdc-eot-toc p.CellBullet2 { margin-top: 12pt !important; margin-bottom: 12pt !important; } #eot-doc-wrapper img{ height:80% !important; width: 70% !important; } </style> <div id="overDocWrapper" class="doctool noprint"> <script type="text/javascript"> $( document ).ready(function() { var fwt_element = $("#fw-content").find(".fwt-fatfooter"); fwt_element.addClass("noprint"); }); if (window.cdc === undefined) { window.cdc = {}; } if (cdc.rac === undefined) { cdc.rac = {}; } if (cdc.rac.getOverrideConfig === undefined) { cdc.rac.getOverrideConfig = {}; } else { //var configData = { "ratingsOnly": false, "objId":31, "source":"dummy source" }; var configData = { "ratingsOnly": false}; cdc.rac.getOverrideConfig(configData); } </script> <script> if (typeof(cdc) == "undefined") cdc={}; if (typeof(cdc.translations) == "undefined") cdc.translations={}; </script> <div class="docHeaderComponent base-blowout"> <div class="linksRow"> <div class="toolbar"> <div class="noprint" id="saveModule"> <script type="text/javascript"> cdc.util.ensureNamespace("cdc.rc.savedoc"); cdc.rc.savedoc.isLoggedIn = false; cdc.rc.savedoc.save = "Save"; cdc.rc.savedoc.saved = "Saved"; </script> <button class="save" aria-expanded="false"> <label>Save</label> </button> </div> <div class="saveDocumentMessage login cdc-expandPanel" role="region" aria-live="polite"> <a href="/c/login/index.html?referer=/c/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.html">Log in</a> to Save Content </div>   <div class="noprint downloadDocument" ><button type="button" class="view-download-list-link anchor" aria-expanded="false"><div class="toolbarIcon downloadIcon"></div><label class="iconLabel">Download</label></button></div> <div class="noprint printDocument js-only"><button type="button" class="anchor printPage"><div class="toolbarIcon printIcon"></div><label class="iconLabel">Print</label></button></div> </div> </div>  <script language="javascript"> cdc.translations.map = "{en-us=https://www.cisco.com/c/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.html, x-default=https://www.cisco.com/c/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.html}";//storing the map for use in the JS cdc.translations.locale="en_us"; </script> <div class="availableLanguagesList"> <h3>Available Languages</h3> <ul id="translationsList"> </ul> </div> <div id="download-list-container" class="noprint panelRow" role="region" aria-live="polite"> <div class='download-list' aria-label="Download Options"> <h3>Download Options</h3> <ul> <li> <div class="fileText"> <a href="/c/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.pdf" class="download-pdf"><div class="fileIcon pdfIcon"></div>PDF</a> <span class="docSize">(1.2 MB)</span> <br /> <span class="description">View with Adobe Reader on a variety of devices</span> </div> </li> </ul> </div> </div> <div class="infobarClearFix"> <div class="infobar"> <div class="updatedDate"><span>Updated:</span>June 3, 2024</div> </div> </div> </div> <script> jQuery(document).ready(function(){ if(jQuery("body").hasClass("cdc-eot-toc") && jQuery(".cdc-eot-toc").find(".DocumentHistory").length > 0){ jQuery(".cdc-eot-toc .seeRevisions").show(); if(jQuery(window).width() >= 768){ jQuery(".cdc-eot-toc .updatedDate").nextAll(".bullet").show(); } }else{ jQuery(".cdc-eot-toc .infobar .bullet").hide(); jQuery(".cdc-eot-toc .seeRevisions"); jQuery(".cdc-eot-toc .updatedDate"); } }) </script> </div> </div> <div class="col narrow sticky noprint"> <span id="tocTop"></span> <section id="eotTocNav"> <div id="navWrapper"> </div> <div id="tocSearch"></div> <div id="eotListWrapper" data-config-metrics-group="Table of Contents"> <script type="text/javascript"> cdc.util.ensureNamespace("cdc.rc"); cdc.rc.toctitle = "Table of Contents"; </script> <h4 id="eotTocToc">Table of Contents</h4> <ul> <li><a class="head1" href="#Benefits" title="Benefits">Benefits</a></li> <li><a class="head1" href="#LeveragingCiscoindustrialrouterstoprotectyourcriticalinfrastructure" title="LeveragingCiscoindustrialrouterstoprotectyourcriticalinfrastructure">Leveraging Cisco industrial routers to protect your critical infrastructure</a></li> <li><a class="head1" href="#Statefulinspectionwithapplicationawarenessandcontrol" title="Statefulinspectionwithapplicationawarenessandcontrol">Stateful inspection with application awareness and control</a></li> <li><a class="head1" href="#Segmentandprotectcriticalinfrastructure" title="Segmentandprotectcriticalinfrastructure">Segment and protect critical infrastructure</a></li> <li><a class="head1" href="#Integratedintrusiondetectionandpreventionsystem" title="Integratedintrusiondetectionandpreventionsystem">Integrated intrusion detection and prevention system</a></li> <li><a class="head1" href="#Malwareprotectionandsandboxing" title="Malwareprotectionandsandboxing">Malware protection and sandboxing</a></li> <li><a class="head1" href="#URLfiltering" title="URLfiltering">URL filtering</a></li> <li><a class="head1" href="#Integratingwithasecurityserviceedge" title="Integratingwithasecurityserviceedge">Integrating with a security service edge</a></li> <li><a class="head1" href="#CentralizedmanagementwithCatalystSDWANManager" title="CentralizedmanagementwithCatalystSDWANManager">Centralized management with Catalyst SD-WAN Manager</a></li> <li><a class="head1" href="#Supportedplatforms" title="Supportedplatforms">Supported platforms</a></li> <li><a class="head1" href="#TheCiscoadvantage" title="TheCiscoadvantage">The Cisco advantage</a></li> <li><a class="head1" href="#BuildyoursecureWANinfrastructurewithCisco" title="BuildyoursecureWANinfrastructurewithCisco">Build your secure WAN infrastructure with Cisco</a></ul> </div>  <script type="text/javascript"> cdc.util.ensureNamespace("cdc.rc.innerSearch"); cdc.rc.innerSearch.hintText = "Search"; cdc.util.ensureNamespace("cdc.rc.tableOfContents"); cdc.rc.tableOfContents.label = "Table of Contents"; </script> </section> </div> </div> <div class="row narrow-wide">  <div class="col narrow noprint" style="position: relative;z-index: -1;">   </div> <div class="col wide document"> <div id="eot-doc-wrapper"> <html> <head> <script>!function(e){var n="https://s.go-mpulse.net/boomerang/";if("False"=="True")e.BOOMR_config=e.BOOMR_config||{},e.BOOMR_config.PageParams=e.BOOMR_config.PageParams||{},e.BOOMR_config.PageParams.pci=!0,n="https://s2.go-mpulse.net/boomerang/";if(window.BOOMR_API_key="GKZXC-NS3SU-A7VFH-HKBHM-U7LKH",function(){function e(){if(!o){var e=document.createElement("script");e.id="boomr-scr-as",e.src=window.BOOMR.url,e.async=!0,i.parentNode.appendChild(e),o=!0}}function t(e){o=!0;var n,t,a,r,d=document,O=window;if(window.BOOMR.snippetMethod=e?"if":"i",t=function(e,n){var t=d.createElement("script");t.id=n||"boomr-if-as",t.src=window.BOOMR.url,BOOMR_lstart=(new Date).getTime(),e=e||d.body,e.appendChild(t)},!window.addEventListener&&window.attachEvent&&navigator.userAgent.match(/MSIE [67]\./))return window.BOOMR.snippetMethod="s",void t(i.parentNode,"boomr-async");a=document.createElement("IFRAME"),a.src="about:blank",a.title="",a.role="presentation",a.loading="eager",r=(a.frameElement||a).style,r.width=0,r.height=0,r.border=0,r.display="none",i.parentNode.appendChild(a);try{O=a.contentWindow,d=O.document.open()}catch(_){n=document.domain,a.src="javascript:var d=document.open();d.domain='"+n+"';void(0);",O=a.contentWindow,d=O.document.open()}if(n)d._boomrl=function(){this.domain=n,t()},d.write("<bo"+"dy onload='document._boomrl();'>");else if(O._boomrl=function(){t()},O.addEventListener)O.addEventListener("load",O._boomrl,!1);else if(O.attachEvent)O.attachEvent("onload",O._boomrl);d.close()}function a(e){window.BOOMR_onload=e&&e.timeStamp||(new Date).getTime()}if(!window.BOOMR||!window.BOOMR.version&&!window.BOOMR.snippetExecuted){window.BOOMR=window.BOOMR||{},window.BOOMR.snippetStart=(new Date).getTime(),window.BOOMR.snippetExecuted=!0,window.BOOMR.snippetVersion=12,window.BOOMR.url=n+"GKZXC-NS3SU-A7VFH-HKBHM-U7LKH";var i=document.currentScript||document.getElementsByTagName("script")[0],o=!1,r=document.createElement("link");if(r.relList&&"function"==typeof r.relList.supports&&r.relList.supports("preload")&&"as"in r)window.BOOMR.snippetMethod="p",r.href=window.BOOMR.url,r.rel="preload",r.as="script",r.addEventListener("load",e),r.addEventListener("error",function(){t(!0)}),setTimeout(function(){if(!o)t(!0)},3e3),BOOMR_lstart=(new Date).getTime(),i.parentNode.appendChild(r);else t(!1);if(window.addEventListener)window.addEventListener("load",a,!1);else if(window.attachEvent)window.attachEvent("onload",a)}}(),"".length>0)if(e&&"performance"in e&&e.performance&&"function"==typeof e.performance.setResourceTimingBufferSize)e.performance.setResourceTimingBufferSize();!function(){if(BOOMR=e.BOOMR||{},BOOMR.plugins=BOOMR.plugins||{},!BOOMR.plugins.AK){var n=""=="true"?1:0,t="",a="bdpnbeqxgy4r2z2ic5ya-f-cde35bf24-clientnsv4-s.akamaihd.net",i="false"=="true"?2:1,o={"ak.v":"39","ak.cp":"61004","ak.ai":parseInt("271834",10),"ak.ol":"0","ak.cr":3,"ak.ipv":4,"ak.proto":"http/1.1","ak.rid":"6f7571d","ak.r":37669,"ak.a2":n,"ak.m":"dsca","ak.n":"essl","ak.bpcip":"8.222.208.0","ak.cport":37440,"ak.gh":"23.53.33.222","ak.quicv":"","ak.tlsv":"tls1.2","ak.0rtt":"","ak.0rtt.ed":"","ak.csrc":"-","ak.acc":"reno","ak.t":"1732777840","ak.ak":"hOBiQwZUYzCg5VSAfCLimQ==7rjVlpKaQ/7fAq/S5GNhV9fY1tra56r6RdrmTL5JJ56jz7fwxNvasH643I7tIAPx1ioq0C9JAk3fpWhPWnqSDwtuHxlkhf32exg+T/heMp6u0nkl4Y24ReH5nem1j9rM0C361dYMAGQAFPAbgnvvPaw5ZlqcvledMWuwXymQhdHHNSGBNAJmWEnmYtOyAvvs2wt2Cmubhb6orUAcCKxTDpZcthA1czJZRRcbpUbnBS1KEK7j9LYRuKVxtuncNgkKwp4bEOurXOWPZbagtCsyfgf/TTpWv/uGX4QZADAMg7b+lCHURGE0OJdOTeL6gve9Jyw5Obk7sB/8iN38s2nTM2pEqCo0zcboM6L8ZnbJ0qDxndoNHH8g4jEsACJ/cA4HFUieOmsScPc2fUUXY5urn7zCMDmMxmqAK+m//NSLbvg=","ak.pv":"517","ak.dpoabenc":"","ak.tf":i};if(""!==t)o["ak.ruds"]=t;var r={i:!1,av:function(n){var t="http.initiator";if(n&&(!n[t]||"spa_hard"===n[t]))o["ak.feo"]=void 0!==e.aFeoApplied?1:0,BOOMR.addVar(o)},rv:function(){var e=["ak.bpcip","ak.cport","ak.cr","ak.csrc","ak.gh","ak.ipv","ak.m","ak.n","ak.ol","ak.proto","ak.quicv","ak.tlsv","ak.0rtt","ak.0rtt.ed","ak.r","ak.acc","ak.t","ak.tf"];BOOMR.removeVar(e)}};BOOMR.plugins.AK={akVars:o,akDNSPreFetchDomain:a,init:function(){if(!r.i){var e=BOOMR.subscribe;e("before_beacon",r.av,null,null),e("onbeacon",r.rv,null,null),r.i=!0}return this},is_complete:function(){return!0}}}}()}(window);</script></head> <body> <code><script type="text/javascript"></script> <link rel="stylesheet" href="wemdcmt.css"/> <link rel="stylesheet" href="/etc/designs/cdc/transformation/wemdcmt.css"/></code> <div class="WordSection1"> <p class="pBody"> </p> <p class="pIntroCMT" style="page-break-before:always;page-break-after:auto">Across all industries, organizations need advanced, agile, and secure Wide Area Network (WAN) infrastructures to connect distributed Operational Technology (OT) assets to control centers and unlock the potential of digitization. Whether it’s about connecting roadways assets, first responder or public transport vehicles, water, oil, or gas infrastructures, renewable energy resources, power substations, EV charging stations, or any critical remote assets, you need rugged routers with cutting-edge cybersecurity capabilities. </p> <p class="pBody">As we define the networking standards of the future, Cisco believes industrial routers must become a platform to easily deploy advanced OT security capabilities at scale. In addition to enabling smarter and simpler WAN infrastructures, Cisco industrial routers come with next generation firewall capabilities, malware protection, cloud security, and threat intelligence feeds to help you build secure distributed networks so you can run modern industrial operations with peace of mind.</p> <p class="pToC_Subhead1" style="page-break-after:auto"><a name="_Toc168092251">Benefits</a></p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span><b>Connect critical OT assets anywhere</b> with a wide range of modular rugged industrial routers that adapt to your needs. </p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span><b>Easily deploy and manage WAN infrastructures</b> of any size and complexity with powerful management tools. </p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span><b>Beat modern threats</b> by blocking malware intrusion, malicious traffic, and application-layer attacks. </p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span><b>Unify security policies</b> across all your remote industrial sites by centralizing policy definition to easily deploy at scale. </p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span><b>Secure access to cloud resources</b> by using secure DNS or centralizing policy enforcement toward the cloud. </p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span><b>Be always up to date</b> with Talos threat intelligence feeds that help your security infrastructure fight against the latest threats. </p> <p class="pToC_Subhead1" style="page-break-before:always;page-break-after:auto"><a name="_Toc168092252">Leveraging Cisco industrial routers to protect your critical infrastructure</a></p> <p class="pBody"><a href="https://www.cisco.com/site/us/en/products/networking/industrial-routers-gateways/index.html">Cisco<sup>®</sup> Catalyst Industrial Routers</a> offer unconditional connectivity for all your remote assets. They can withstand extreme temperatures, humidity, and dust. They offer a variety of WAN connectivity options, including 5G/ LTE cellular, MPLS, Ethernet, and fiber, through pluggable interface modules that can be easily replaced when needs or technologies evolve. In addition, Cisco Catalyst SD-WAN simplifies deploying and managing a large and complex WAN infrastructure from a central location.</p> <p class="pBody"><img border="0" width="366" height="216" src="/c/dam/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.docx/_jcr_content/renditions/industrial-router-next-generation-firewall-so_0.png" alt="A stack of electronic devicesDescription automatically generated"/></p> <div class=" pDefault"> Figure 1. <span style="font:7.0pt "Times New Roman"">             </span>  </div> <p class="FigureCaptionText">Catalyst industrial routers are purpose built for industrial use cases</p> <p class="pBody">Catalyst industrial routers also come with comprehensive Next-Generation Firewall (NGFW) features and many more cybersecurity capabilities to block modern threats: </p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span>Standard firewall capabilities like stateful inspection,</p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span>Application awareness and control to block application-layer attacks, </p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span>Integrated intrusion prevention (IDS/IPS), </p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span>Continuously up-to-date threat intelligence, </p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span>Malware protection and sandboxing, URL filtering, </p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span>Integration with a Secure Services Edge (SSE). </p> <p class="pBody" style="margin-top:7.0pt">Building a modern industrial WAN infrastructure requires advanced routing capabilities such as only Cisco can offer. Having state-of-the-art cybersecurity features built into your industrial routers not only is vital to keep the organization safe, but it’s also key to simplify and scale deployment and management tasks. Converging industrial networking and cybersecurity helps ensure unified security policies are enforced across sites, eliminating gaps in defenses due to cost and complexity of integrating many point products together.</p> <p class="pToC_Subhead1" style="page-break-before:always;page-break-after:auto"><a name="_Toc168092253">Stateful inspection with application awareness and control</a></p> <p class="pBody">All Cisco industrial routers offer stateful firewall inspection with application recognition for creating localized security policies to limit traffic between assets. Using Network Based Application Recognition (<a href="https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar2-protocols/nbar2-protocols.html">NBAR2</a>), which can detect over 5,000 applications, Cisco industrial routers can recognize whether protocols are operating on standard network ports. In some cases, the presence of specific applications operating over nonstandard ports may indicate a policy violation or an attempt to evade firewall controls. </p> <p class="pBody">Additionally, application recognition can be used to create Quality-of- Service (QoS) policies, helping ensure that the most critical network traffic in the infrastructure always has priority and evading potential Denial-of- Service (DoS) attempts on the OT network. </p> <p class="pToC_Subhead1"><a name="_Toc168092254">Segment and protect critical infrastructure</a></p> <p class="pBody">Along with QoS, critical infrastructure can be further protected from noncritical assets that share the same physical infrastructure by segmenting traffic flows into separated virtual networks. Virtual Routing and Forwarding (VRF) allows a Cisco industrial router to run more than one routing table simultaneously. The routing tables are completely independent and fully segmented by default. For traffic originating in one domain to reach another domain, it must be explicitly routed through a firewall, reducing the possibility that an administrative error will lead to a wide-open network.</p> <p class="pBody"><img border="0" width="360" height="295" id="Picture 2" src="/c/dam/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.docx/_jcr_content/renditions/industrial-router-next-generation-firewall-so_1.png" alt="Traffic isolation"/></p> <div class=" pDefault"> Figure 2. <span style="font:7.0pt "Times New Roman"">             </span>  </div> <p class="FigureCaptionText">Traffic isolation</p> <p class="pBody">Whether it is a traffic cabinet, wind farm, or rail-side signaling, resources in the network infrastructure are often shared with physical security, technicians, IoT sensors, and more. Cisco industrial routers help ensure that the critical traffic that keeps our world moving remains protected.</p> <p class="pToC_Subhead1" style="page-break-before:always;page-break-after:auto"><a name="_Toc168092255">Integrated intrusion detection and prevention system</a></p> <p class="pBody">An intrusion detection and prevention system (IDS/IPS) detects and blocks known network attacks. It uses signatures, which are a set of rules, to detect attacks originating from both external and internal sources.</p> <p class="pBody"><img border="0" width="290" height="241" id="Picture 3" src="/c/dam/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.docx/_jcr_content/renditions/industrial-router-next-generation-firewall-so_2.png" alt="A computer screen shot of a computer networkDescription automatically generated"/></p> <div class=" pDefault"> Figure 3. <span style="font:7.0pt "Times New Roman"">             </span>  </div> <p class="FigureCaptionText">Intrusion detection and prevention</p> <p class="pBody">Snort<span class="Superscript"><sup class=" cSuperscript">®</sup></span>, the open-source IDS/IPS engine used across the Cisco portfolio, enables Cisco industrial routers to perform real-time traffic analysis to detect and prevent cyber threats. Cisco Talos<span class="Superscript"><sup class=" cSuperscript">®</sup></span>, the threat intelligence that powers Snort, leverages the world’s largest <a href="https://www.cisco.com/site/us/en/products/security/talos/index.html">threat detection network</a> to bring security effectiveness to every Cisco security product. This industry-leading threat intelligence works as an early-warning system that constantly updates with new threats to help keep your infrastructure safe. </p> <p class="pBody">Rules can also be customized for OT deployments. Snort provides pre-processors for the Modbus, Distributed Network Protocol (DNP3), Common Industrial Protocol (CIP), and S7Commplus protocols so that network access policies can be easily customized for more granular application control.</p> <p class="pToC_Subhead1"><a name="_Toc168092256">Malware protection and sandboxing</a></p> <p class="pBody">Malware is one of the most common cyber threats. Detecting and removing malicious files before they enter your network is key to prevent breaches. Cisco Advanced Malware Protection (AMP) integrated into Cisco industrial routers equips the platform to provide protection and visibility from malware. Before letting a file enter the network, your Cisco industrial router generates a 256-bit Secure Hash Algorithm (SHA256) signature and compares it against a database curated by Cisco Talos, the industry’s largest collection of file reputation intelligence.</p> <p class="pBody"><img border="0" width="311" height="256" id="Picture 1" src="/c/dam/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.docx/_jcr_content/renditions/industrial-router-next-generation-firewall-so_3.png" alt="Sandboxing an unknown file"/></p> <div class=" pDefault"> Figure 4. <span style="font:7.0pt "Times New Roman"">             </span>  </div> <p class="FigureCaptionText">Sandboxing an unknown file</p> <p class="pBody">Files with an unknown disposition can be sent to the Cisco Secure Malware Analytics cloud for further analysis within a sandbox. During detonation, the sandbox captures artifacts and observes the behavior of the file, then gives the file an overall score of abnormal behaviors. Based on the observations and score, Secure Malware Analytics will define the file as clean or malicious so your Cisco industrial router will let it pass or block it.</p> <p class="pToC_Subhead1"><a name="_Toc168092257">URL filtering</a></p> <p class="pBody">Use cases such as predictive maintenance or IoT applications often require connections to cloud resources, increasing the attack surface. To enable such innovation, URL filtering in the Cisco industrial routers allows control access to trusted cloud resources by configuring domain-based or URL-based policies. Although we recommend that access to cloud and internet resources be disabled by default, and that you explicitly allow only trusted domains, security administrators have peace of mind that the network is protected by reputation-based filtering. Each URL has a web reputation score associated with it to help ensure that users or applications are not communicating with high-risk parts of the internet. </p> <p class="pToC_Subhead1" style="page-break-after:auto"><a name="_Toc168092258">Integrating with a security service edge</a></p> <p class="pBody">Whether it is rail-side deployments spanning hundreds of miles or traffic intersections that are distributed across a whole city, critical infrastructure is often widely distributed. When deploying Cisco industrial routers, network architects have a choice of where advanced security policies will be deployed. A common deployment model is to centralize the most advanced policies in the network, alleviating the burden that may exist on edge nodes. Cisco industrial routers can leverage Cisco Secure Access or any third-party Security Service Edge (SSE) via IPsec tunnels to centralize policy enforcement across sites or toward the cloud.</p> <p class="pBody"><img border="0" width="621" height="284" id="Picture 8" src="/c/dam/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.docx/_jcr_content/renditions/industrial-router-next-generation-firewall-so_4.png" alt="A screen shot of a computerDescription automatically generated"/></p> <div class=" pDefault"> Figure 5. <span style="font:7.0pt "Times New Roman"">             </span>  </div> <p class="FigureCaptionText">Cisco Secure Access</p> <p class="pBody">With Cisco Secure Access, network administrators enable segmentation and prioritization to the most critical traffic on the network, while security administrators maintain granular control of data that comes into and out of each remote site with a single set of policies, so that only known, trusted traffic flows throughout the infrastructure.</p> <p class="pToC_Subhead1"><a name="_Toc168092259">Centralized management with Catalyst SD-WAN Manager</a></p> <p class="pBody">As you connect distributed industrial sites together, it is essential to simplify and automate your WAN infrastructure deployment and management. Cisco Catalyst SD-WAN provides solutions for common challenges for industrial spaces by supporting multiple transports with configurable dynamic routing polices while leveraging the same security features and management tools for both the enterprise and industrial network extensions. </p> <p class="pBody">The Cisco Catalyst SD-WAN Manager provides both centralized policy creation for all Cisco industrial routers deployed in the infrastructure. By creating security policy templates, all existing devices, and any newly connected devices, will be subject to a consistent set of policies curated by the security team.</p> <p class="pBody"><img border="0" width="621" height="294" id="Picture 9" src="/c/dam/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.docx/_jcr_content/renditions/industrial-router-next-generation-firewall-so_5.png" alt="A screenshot of a computerDescription automatically generated"/></p> <div class=" pDefault"> Figure 6. <span style="font:7.0pt "Times New Roman"">             </span>  </div> <p class="FigureCaptionText">Cisco Catalyst SD-WAN Manager centralizes security policy definition</p> <p class="pBody">Cisco Catalyst SD-WAN Manager also offers centralized logging and reporting. It collects all events, alarms, and logs from your Cisco industrial routers, giving security teams visibility and understanding of any activity that is occurring within their critical infrastructure and helping them comply with cybersecurity mandates like NIS2. </p> <p class="pBody">Nevertheless, for deployments that are not leveraging centralized management, the NGFW features of the Cisco Catalyst industrial routers can be managed using the traditional command line interface.</p> <p class="pToC_Subhead1"><a name="_Toc168092260">Supported platforms</a></p> <p class="pBody">All Cisco Catalyst industrial routers have security built in. Cisco IOS<span class="Superscript"><sup class=" cSuperscript">®</sup></span> XE, the software that powers all Cisco networking infrastructure, provides stateful packet inspection, application visibility and control, VPN, segmentation, DoS mitigation, and FQDN matching. </p> <p class="pBody">For the remaining features, there is an NGFW add-on that can be deployed in devices with 8 GB of memory. The NGFW add-on for industrial routers provides Snort IDS/IPS, reputation-based URL filtering, and malware protection.</p> <p class="pBody"><img border="0" width="621" height="356" id="Picture 11" src="/c/dam/en/us/products/collateral/networking/industrial-routers-gateways/industrial-router-next-generation-firewall-so.docx/_jcr_content/renditions/industrial-router-next-generation-firewall-so_6.png" alt="A screenshot of a computerDescription automatically generated"/></p> <p class="pBody"> </p> <div class=" pDefault"> Figure 7. <span style="font:7.0pt "Times New Roman"">             </span>  </div> <p class="FigureCaptionText">Catalyst Industrial Routers security features per platform</p> <p class="pToC_Subhead1" style="page-break-after:auto"><a name="_Toc168092261">The Cisco advantage</a></p> <p class="pBody">For more than 20 years, Cisco has been helping industrial organizations around the globe digitize their operations, working with manufacturers, power and water utilities, energy companies, mines, ports, railways, roadways, and more. </p> <p class="pBody">Today, Cisco offers a market-leading portfolio of industrial networking equipment plus a comprehensive suite of cybersecurity products, integrated tightly together with a deep understanding of OT requirements. This rare combination makes Cisco an ideal partner to help industrial organizations secure their critical infrastructure from the ever-growing threat landscape.</p> <p class="pToC_Subhead1" style="page-break-before:always"><a name="_Toc168092262">Build your secure WAN infrastructure with Cisco</a></p> <p class="pBody">Talk to a <a href="https://engage2demand.cisco.com/LP=27098?ccid=cc002425&oid=otrit032509&dtid=odicdc000509">Cisco sales representative</a> or channel partner and visit these web pages to learn more: </p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span><a href="https://www.cisco.com/site/us/en/products/networking/industrial-routers-gateways/index.html?ccid=cc002425&oid=powit025991&dtid=odicdc000509">Catalyst Industrial Routers</a></p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span><a href="https://www.cisco.com/c/en/us/solutions/design-zone/industries/extended-enterprise.html?ccid=cc002470&oid=sowit032511&dtid=odicdc000509">Cisco Validated Designs: SD-WAN for Industrial Markets</a></p> <p class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal;margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";position:relative;top:-.5pt">●<span style="font:7.0pt "Times New Roman"">     </span></span><a href="https://www.cisco.com/site/us/en/solutions/networking/sdwan/index.html?ccid=cc002425&oid=powit032510&dtid=odicdc000509">Cisco Catalyst SD-WAN</a></p> <p class="pBody"> </p> <p class="pBody"> </p> <p class="pBody"> </p> </div> </body> </html> <cdc:do action="com.cisco.wem.framework.service.command.eotcontent.EOTResponsiveContent@3aad4d2f" returnTypedAs="eotResponsiveContainerVo" id="eotResponsiveContainerVo" /> <div class="row full visitedlinks" style="padding: 0px; margin:0px"> <div class="col full" > </div> </div> </div> <script> if (window.cdc === undefined) { cdc = {}; } if (cdc.eot === undefined) { cdc.eot = {}; } cdc.eot.isEot = true; cdc.eot.isToc = true; jQuery(document).ready(function () { if (jQuery('.unpublished').length > 0) { let lastRel = "1.0"; if (jQuery('.published').length > 0) { lastRel = Number(jQuery('.published td')[0].innerText) + 1 + ".0"; } jQuery('.preview_revision').text(lastRel); } const linkItemsLen = jQuery("#eot-doc-wrapper link[rel='stylesheet']").length; function addNewTocStyleSheet() { const fileName = "/etc/designs/cdc/transformation/wemdcmt_responsive.css", linkElement = `<link rel="stylesheet" href="" type="text/css" />`; document.head.append(linkElement); } if (cdc.eot.isToc && !linkItemsLen) { addNewTocStyleSheet(); } else if (cdc.eot.isEot) { jQuery("#eot-doc-wrapper link[rel='stylesheet']").each(function () { const linkTag = jQuery(this), hrefVal = jQuery(linkTag).attr("href"); if (hrefVal != undefined && hrefVal.indexOf("support-responsive.css") == -1 && hrefVal.indexOf("_responsive.css") == -1) { let fileName = hrefVal.substr(hrefVal.lastIndexOf("/") + 1, hrefVal.length).split(".css")[0]; const filePath = "/etc/designs/cdc/transformation/"; if (fileName == "ccimr") { fileName = "techdocs_responsive"; } else if (fileName == "support-docs") { fileName = "support-responsive"; } else if (fileName == "framework") { fileName = "responsiveframework"; } else if (fileName == "dcmt") { fileName = "wemdcmt_responsive"; } else if (fileName == "techdocs_85_11_word") { fileName = "techdocs_85_11_word"; if (cdc.eot.isToc) { addNewTocStyleSheet(); } } else { fileName += "_responsive"; } jQuery(linkTag).attr("href", filePath + fileName + ".css"); } if (hrefVal.indexOf("support-responsive.css") > -1) { jQuery(linkTag).attr("href", "/etc/designs/cdc/transformation/support-responsive.css"); } }); jQuery("#eot-doc-wrapper > table").wrap("<div></div>"); jQuery("#eot-doc-wrapper table:not('.olh_note')").parent().css({ overflowX: "auto" }); } }); </script> <div class="noprint"> </div> <div class="noprint"> </div> <div id="learnMore" class="noprint"> <h3>Learn more</h3> </div> <div class="row halves noprint"> <div class="col half showComponent"> <div class="eot-vav"> <ul> </ul> </div> </div>  <div class="col half"></div> </div> <div class="noprint"> </div> </div> </div>   </div> <script type="module" src="/site/web-components/us/en/cdc-footer.js"></script> <cdc-footer></cdc-footer> <script type="text/javascript"> if(document.querySelector('#privacy-manager')!=null){ document.querySelector('#privacy-manager').href='#cookies'; } </script> <div id="fw-overlay"></div> <script src="/etc/designs/cdc/clientlibs/responsive/js/responsive.min.js"></script>  <script src="/etc/designs/cdc/fw/m/eot_metricsrule.js" type="text/javascript"></script> <script src="/etc/designs/cdc/fw/lib/jqmodal.js" type="text/javascript"></script>  <noscript><img src="//cisco.112.2o7.net/b/ss/cisco-mobile/5/12345" width="2" height="2" border="0" alt=""/></noscript> </body> </html>

CINXE.COM

Industrial Routers and Gateways - Cisco Catalyst Industrial Routers with Cisco Next-Generation Firewall Solution Overview - Cisco