Network Risks Mitigated, Operations Empowered

Moxa Secure Networking Solutions enable secure OT network architectures for resilient operations

Futureproof Your Industrial Network Security

Implementing secure OT networks requires more than reliable connectivity. Industrial networks require layered security architectures that enforce segmentation, control traffic flows, restrict unauthorized access, and provide centralized visibility to support defense-in-depth across OT environments.

With over 37 years of industrial networks expertise, Moxa has embedded security directly into its solutions. As one of the first companies globally to achieve IEC 62443-4-1 certification for our secure development lifecycle (SDL) and IEC 62443-4-2 certification for a range of our products, Moxa provides secure industrial networking and connectivity solutions that help organizations build resilient OT network infrastructure.

How Moxa Secure Networking Solutions Strengthen OT Network Security

Securing OT networks requires layered protection—from secure device connectivity at the edge to segmentation, access control, traffic monitoring, and centralized network visibility and management across industrial infrastructure. Together, these capabilities form the foundation for protecting industrial networks and maintaining operational reliability.



Why is secure edge connectivity important for OT networks?

Edge devices such as serial devices, controllers, and remote I/O often connect legacy equipment to modern IP networks. Without proper protection, these connection points can become entry paths for cyber threats.

With built-in security functions, Moxa secure edge connectivity solutions protect communications and device integrity while connecting edge devices to IP networks.


Key capabilities include:
  • Encrypted communication protecting legacy protocol
  • User authentication and role-based authorization
  • IP whitelisting and network access control
  • Device integrity checks and secure firmware updates
  • Hardening mechanisms that disable unnecessary services

How can network segmentation help protect OT networks?

Segmenting industrial networks is a fundamental strategy for limiting how cyber incidents propagate across operations. Moxa secure switches and routers support segmentation mechanisms that isolate critical systems and control communication between network zones.


Key capabilities include:
  • VLAN-based network segmentation
  • Access control lists (ACL) for traffic filtering
  • Industrial firewall functions
  • Secure routing between OT network zones

These mechanisms help contain potential threats and prevent lateral movement across industrial systems.

How can organizations secure access to OT networks?

Industrial networks often require remote connectivity for maintenance, monitoring, and integration with enterprise systems. Without proper protection, these connections can introduce significant cybersecurity risks.


Moxa secure networking solutions enable protected connectivity through:

  • VPN technologies for encrypted remote access
  • Secure routers and firewalls controlling external connections
  • Authentication mechanisms that restrict device access
  • Secure management protocols such as HTTPS and SSH

These capabilities help protect OT network boundaries while enabling secure remote operations.

How does full network visibility enable real-time monitoring and control in OT networks?

Full network visibility gives operators real-time insight into devices, connectivity, and traffic , enabling early anomaly detection and faster troubleshooting.


Moxa network management software provides centralized visibility and monitoring to maintain operational awareness and accelerate response to network events. Key capabilities include:

  • Network topology visualization for a complete view of connected devices
  • Centralized real-time network monitoring with alerts
  • Automated security configuration auditing for Moxa devices
  • Security event logging and monitoring dashboards
  • Traffic diagnostics for troubleshooting and performance analysis
  • Centralized security and firewall policy management

Discover the Right Secure Networking Solutions for Your Industrial Networks

Moxa combines industrial networking and cybersecurity expertise to provide layered protection for your industrial networks. Explore how these solutions work.

Moxa’s Secure Networking Solutions

Network Management Software
Secure Routers, Firewalls, and NATs
Secure Managed Switches
Secure Wireless APs/Clients
Secure Edge Connectivity

Find Secure Networking Products That Match Your Demands

  • Secure Managed Switches
  • Secure Routers, Firewalls, and NATs
  • Secure Wireless APs/Clients
  • Secure Edge Connectivity
  • Network Management Software
Secure Managed Switches
Ports
Security Features
Redundancy Protocols
Software Management
Industrial Certifications
MDS-G4000 Family
MDS-G4000
RKS-G4028
RKS-G4028
EDS-4000/G4000
EDS-G4000
EDS-500E Family
EDS-500E
Up to 4 10GbE + 24 GbE Up to 28 GbE Up to 6 2.5GbE + 8 GbE Up to 4 GbE + 24 FE
HTTPS, SSL/SSH, ACL, IEEE 802.1X, Port Security, DHCP Snooping, Secure Boot1 HTTPS, SSL/SSH, ACL, IEEE 802.1X, Port Security, DHCP Snooping, Secure Boot HTTPS, SSL/SSH, ACL2, IEEE 802.1X
Turbo Ring, Turbo Chain, RSTP/STP, MRP, VRRP (L3 Model) Turbo Ring, Turbo Chain, RSTP/STP, MRP
MXview One
IEC 61850-3, IEEE 1613, EN 50121-4, NEMA TS2, ATEX3, CID23 IEC 62443-4-2 SL2, IEC 61850-3, IEEE 1613, EN 50121-4, NEMA TS2 IEC 62443-4-2 SL2, IEC 61850-3, IEEE 1613 (Class 1), DNV4, ABS4, NK4, LR4, EN 50121-4, NEMA TS2, ATEX5, CID25, IECEx5 IEC 61850-3, IEEE 1613, DNV6, ABS6, NK6, LR6, EN 50121-46, NEMA TS26, ATEX6, CID26
  • 1. Only available for -4XGS models.
  • 2. Only available for 18 and 28 port models.
  • 3. Only available for the non-4XGS models.
  • 4. Only available for -LV and PoE models.
  • 5. Only available for -LV models.
  • 6. Only available for 10 and 18 port models.
Secure Routers, Firewalls, and NATs
Ports
NAT
Firewalls
IPS/IDS
DPI
VPN
Routing Throughput (based on RFC 2544)
Redundancy Protocols
Software Management
Industrial Certifications
EDF-G1002-BP
EDF-G1002-BP
EDR-G9010
EDR-G9010
EDR-G9004
EDR-G9004
EDR-8010
EDR-8010
NAT-102
NAT-102
NAT-108
NAT-108
2 GbE (Gen3 LAN Bypass) 2 2.5GbE + 8 GbE1 Up to 2 2.5GbE + 2 GbE (1/2 DMZ/WAN ports) 2 GbE + 8 FE1 2 FE 8 FE
- 1-to-1, N-to-1, NAT loopback, Port forwarding, IP Twins Mapping4
DDoS, Ethernet protocols, ICMP, IP address, MAC address, Ports IP address, MAC address (Device Lockdown), Ports
Enabled by default. IPS pattern update functionality requires an additional license. Requires an additional license - -
DNP3, EtherNet/IP, IEC 60870-5-104, IEC 61850 MMS, Modbus TCP, Modbus UDP, Omron FINS, Siemens S7 Comm., Siemens S7 Comm. Plus, OPC UA, MELSEC communication protocol - -
- Up to 250 IPsec VPN tunnels Up to 50 IPsec VPN tunnels - -
- Max. 350K packets per second / 2 Gbps Max. 50K packets per second / 500 Mbps Max. 15K packets per second /100 Mbps
- VRRP, Turbo Ring, Turbo Chain, RSTP/STP VRRP VRRP, Turbo Ring, Turbo Chain, RSTP/STP - -
MXview One, MXview Security3, MXsecurity MXview One MXview One
NEMA TS2, EN 50121-4, CID2, ATEX, IECEx, DNV IEC 62443-4-2 SL2, IEEE 1613, IEC 61850-3 Ed. 2.0, ATEX2, CID22, EN 50121-42, NEMA TS22, DNV2, DNV IEC 61162-460 Edition 3.02, DNV security profile 22, IACS UR E27 Rev.12, IEC 609452 IEEE 1613, IEC 61850-3 Ed. 2.0, ATEX, CID2, IECEx, EN 50121-4, NEMA TS2, DNV IEEE 1613, IEC 61850-3 Ed. 2.0, ATEX, CID2, IECEx, EN 50121-4, NEMA TS2, DNV, DNV IEC 61162-460 Edition 3.0, DNV security profile 2, IACS UR E27 Rev.1, IEC 60945 EN 50121-4, NEMA TS2, ATEX, CID2 -
  • 1. Supports user-configurable DMZ/WAN ports.
  • 2. Only available for -LV models.
  • 3. An active MXview One license is required in order to activate the MXview Security add-on license.
  • 4. NAT-108 Series only.
Moxa Solutions
Operation Mode
Wi-Fi Standards
Frequency Band
Data Rates
Wireless Security
Interfaces
Operating Temperature
Protection Class
AeroMesh
AWK-1161A
AWK-1165A
AWK-1161C
AWK-1165C
AWK-3262A
AWK-4262A
APClientAP/Client
802.11ax
Selectable 2.4 GHz / 5 GHz Dual BandConcurrent 2.4 GHz + 5 GHz Dual Band
574 Mbps (2.4 GHz) / 1,201 Mbps (5 GHz) 574 Mbps (2.4 GHz) + 1,201 Mbps (5 GHz)
WPA3, Protected Management Frames (802.11w), Wi-Fi ACL (Automatic/Static), Client Isolation, Hide SSID
1 x GbE5 x GbE1 x GbE5 x GbE1 x GbE + 1 x 2.5GbE (PoE)
-25 to 60°C / -40 to 75°C (-T models) -40 to 75°C
IP30IP68
Key Features
NPort 6100-G2/6200-G2/6400-G2/6600-G2 Series Secure Terminal Servers
MGate MB3000-G2 Series Modbus Gateways
ioThinx 4510 Series Advanced Modular Remote I/Os
Embedded Security Functions for Secure Deployment
User Authentication & Authorization
  • Password protection (length, character enforcement, update policy)
  • Authentication servers (RACIUS/TACACS+)
  • Role-Based Access Control (RBAC)
  • Password protection (length, character enforcement, update policy)
  • Authentication servers (RACIUS/TACACS+)
  • Role-based Access Control (RBAC)
  • Password protection (length, character enforcement)
Device Integrity
  • Secure Boot check software authenticity before bootup
  • Check CRC code before update the device
  • Check CRC code before update the device
Device Least Functionality
Communication Integrity
  • Authentication & Encryption for both management & serial data stream
  • HTTPS (TLS 1.3 embedded with self-signed certificate, also supports public certificate import)
  • SSHv2/SNMPv3
  • ECC 521 or RSA-4096
  • Authentication & Encryption for management interface
  • HTTPS (TLS 1.2 embedded with self-signed certificate, also supports public certificate import)
  • SNMPv3
  • ECC 521 or RSA-4096
  • HTTPS (TLS 1.2 embedded with self-signed certificate, and can be exported)
  • SNMPv3
Network Access Control
  • Accessible IP List
  • Accessible IP List
  • Access Control List (ACL)
Securing Your Devices in Daily Maintenance
Configuration Management
  • GUI type of Device Search Utility
  • CLI type of MCC tools
  • GUI type of MXconfig
  • CLI type of MCC tools
Device Management
  • Syslog with RFC 3164 format with ISO8601 timestamp
  • Local syslog storage & remote syslog with failover
  • Manageable via MXview One network management software
  • Syslog with RFC 3164 format with ISO8601 timestamp
  • Local syslog storage
  • Manageable via MXview One network management software
  • Syslog
  • Manageable via MXview One network management software
Vulnerability Management
  • Dedicated Cybersecurity Response Team for handling vulnerability
  • Perform Nessus Scan

MXview One Series: Next-generation Industrial Network Management Software

You can easily manage and maintain our secure routers, firewalls, and managed switches using one platform. Our MXview One Series simplifies device security management, allowing you to easily adjust security levels and receive alerts when abnormal activity occurs. Additionally, our software includes a network security add-on that enables centralized firewall policy management and provides a dashboard for at-a-glance network security monitoring.