Tofino VPN Server and Client LSMs

Secure remote SCADA communication

Only VPN with an integrated SCADA-capable firewall
Supports legacy automation devices and protocols
No IT expertise needed for set up or administration

Industrial facilities often want to utilize high-speed Internet connectivity in order to integrate control systems and/or people from multiple locations. How can you take advantage of this cost-effective technology without risking viruses or inappropriate access to your control and SCADA systems?

The Tofino VPN solution creates secure ‘tunnels’ of communication over untrusted networks, such as the Internet or corporate business networks. Unlike other VPNs, the Tofino VPN is easy to deploy, test, and manage. This ensures that good security is not compromised because of configuration errors.

The Tofino VPN also supports legacy automation devices and protocols, and is industrially hardened. Best of all, it can be combined with other Tofino LSMs, such as the Tofino Firewall LSM or the Tofino Modbus TCP Enforcer LSM, to provide a comprehensive security solution.

Summary

Saves You Money Through:	Reduced telecommunications and travel costs Reduced implementation, engineering and IT costs due to ease of deployment Leveraging investments by enabling communications to legacy non-IP devices
Features	Creates highly secure tunnels using Secure Sockets Layer (SSL) technology to protect control system integrity Easy to deploy, test, and manage with drag and drop configuration interface Allows testing of the VPN tunnel without committing control traffic to it Supports legacy automation protocols Interoperates seamlessly with other Tofino LSMs to provide fine grained VPN access and SCADA-capable firewall protection Industrially hardened
Applications	Manage remote plants from a central facility Provide secure access to plant facilities or remote personnel Interconnect legacy non-IP equipment Secure communications between critical controllers

Specifications

Security Implementation	Industry-standard Secure Sockets Layer (SSL/TLS)
Encryption	AES-CBC, 128-bit key
Authentication	SHA-1, 160-bit key
Maximum no. connections	Server supports at least 16 simultaneous connections
Devices Connected	Tofino Security Appliances Tofino Security Appliances and PCs Tofino Security Appliances and supported third-party VPN servers
User-Settable Options	The following options may be set for each connection: Endpoint IP address IP address mask Enable server routing between clients Allow non-IP broadcast
Compression	Built-in data compression for optimum performance over low-bandwidth networks
Supported Protocols	Tunnels all IP and non-IP Ethernet-based protocols
Easy deployment, test, and management	Configuration is simple using drag and drop interface Test the VPN tunnel without risking control traffic No changes required to the network design or addressing Configuration and management is done centrally with the Tofino CMP
Operating Modes	All standard Tofino modes supported: Passive, Test, and Operational
Security Alerts	Reports security alerts to the Tofino CMP management console via the Tofino 'Exception Heartbeat' mechanism
System Requirements	Tofino Security Appliance Tofino Central Management Platform (CMP) software Tofino Firewall LSM and / or Tofino Modbus TCP Enforcer LSM (optional, but strongly recommended for enhanced end-point security)
Ordering Information	Part number: LSM-VPNS-100 Name: Tofino VPN Server LSM Part number: LSM-VPNC-100 Name: Tofino VPN Client LSM Part number: LSM-VPNL-100 Name: Tofino VPN PC Client License

Additional Information:

Download Tofino VPN Server and Client LSM Datasheet