iSEG RF-3180

Secure Gateway for Remote Sites and Substations

Secure Gateway featuring DPI firewall and work order-based technician access to assets



Strict enforcement of identity and access policies via Authentication Proxy Access for NERC CIP V6 compliance


Whitelist-based, distributed IP and Serial DPI SCADA firewall (DNP3, ModBus, IEC-101/104, S7)


Communication with central site via IPsec VPN over cellular & fiber with X.509 certificates


Up to 16 x 10/100 and 2 x 100/1000 SFP ports, as well as RS-232 ports with protocol gateway functionality


Cellular 2G/3G/4G/LTE dual-SIM modem for operator redundancy or for remote substations with no LAN connectivity


Designed for operation under harsh temperature and radiation conditions

Designed Specifically for remote production sites


Once connected to the OT (SCADA/ICS) network, the iSEG RF-3180 immediately begins to gather information from across the network (devices, behaviors, etc.) and suggest editable firewall rules. The iSEG RF-3180 secures both M2M (Machine to Machine) and H2M (Human to Machine) traffic by incorporating DPI (Deep-Packet Inspection) capability for analyzing SCADA network traffic. Upon detecting an anomaly the 3180 will automatically generate alerts, block the abnormal activity and isolate any affected sub-networks.


To facilitate NERC CIP V6 compliance, the iSEG RF-3180 includes an APA (Authentication Proxy Access). It grants authenticated users access to predefined devices and functions, all fully logged. Integration with a physical identity server system also allows other authentication methods, e.g. magnetic card.
Radiflow’s whitelist-based, distributed DPI firewall ensures uninterrupted control over the network. Installed at every port for both Serial and Ethernet traffic, meaning that every access point at the remote site is firewalled. Each SCADA protocol packet is validated by the firewall engine not only for its source and destination, but also for its protocol and packet content. The distributed firewall structure enables the creation of a unique firewall at each access point on the network, which is especially important for securing insider attack.










Distributed DPI Firewall

  • Profile-based firewall
  •  Security rules planning per service group
  • Modes: Monitoring, Enforcement, Learning
  •  IEC 101 DPI Firewall; IEC 104 DPI Firewall
  • Modbus RTU DPI Firewall, TCP Firewall
  • DNP3 RTU Firewall, TCP Firewall
  • S7 RTU Firewall, TCP Firewall


  • IPsec Certificates X.509
  •  IPsec Dynamic Key Exchange
  • IPsec encryption AES, 3DES
  • L3 IPsec VPN: policy based, route based
  • L3 mGRE DM-VPN
  • L2 VPN GRE

Access control

  •  Port access filter per MAC/IP addresses
  •  Enable/Disable port
  • IEEE 802.1x port-based authentication
  • Local APA (Authentication Proxy Access)
  •  User activity report (under local APA)
  • Access Lists L2, L3, L4
  • NAT – traversal


  • RS-232 Console Port
  • Local USB Port for Emergency Boot
  • Discrete outputs for reporting system alarms Failsafe output relay for reporting critical alarms


  •  2 x 100/1000 SFP ports
  • 8 x 10/100 Base-T ports POE+
  • 8 x 10/100 Base-T Ports (optional)
  • 8 x 100FX SFP Ports (optional)
  • 4 x RS-232 Ports (optional)
  • Cellular Modem (optional)



  •  Mounting: DIN rail (optional wall mount)
  • Enclosure: Rugged – IP 30 rated, no fans
  • Weight: 1.4Kg (DC), 1.8Kg (AC)
  • Dimensions: (mm) 148h x 72w x 123d
  • Operating temperature: -40oC to 75oC
  • Storage temperature: -40oC to 85oC
  • Operating Humidity: 5%-90%
  • IEEE1613 EMI – Electric Utility Substations
  • EN50121-4 – Vibration and Shock resistance
  •  lEC 61000-4



  • 15W without PoE
  • 135W with PoE



  • 12 -12V DC (range: 9-18v DC)
  • 24 – 24V DC (range: 18-32v DC)
  • 48 – 48V DC (range: 36-60v DC)
  • HD – 125V DC (range : 85-165v DC)
  • 110-230V AC (range: 90-250v AC)
  • WDC – Wide DC range (range: 18-60v DC)



  •  Console serial port
  • Remote CLI access using SSH tunnel
  • Backup/Restore running config
  • Conditioned/scheduled system reboot
  • Remote management and upgrade
  • TFTP/SFTP Client
  • Safe Mode
  • Syslog
  • SNMPv1/v2C/v3
  • iSIM Network Management System



Advanced Layer 2 feature-set

  • ITU-T G.8032v2 Ethernet ring
  • IEEE 802.1s MSTP
  • IEEE 802.1w RSTP, enhanced RSTP
  • IEEE 802.3ad LAG with LACP
  • IEEE 802.1q VLAN segregation
  • IEEE 802.1p per-port queues
  • DHCP Client, Server and Relay
  • QOS Prioritization, Shaping, Scheduling
  • OAM EFM IEEE 802.3ah
  • OAM CFM ITU-T Y.1731/IEEE 802.1ag


Layer 3 feature-set

  • Static routing; OSPF, RIPv2 Routing
  • VRRP redundancy scheme



  • Transparent tunneling of serial streams
  • SCADA gateway for IEC101/104, ModBus
  • RTU/TCP and DNP3
  • Terminal Server Byte/Frame mode; TCP/UDP


Cellular Modem

  • Cellular 2G/3G/4G/LTE modem with 2 x SIM cards


System Performance

  •  Line rate L2/L3 switching throughput
  • Switching latency < 10?Sec
  • 16K MAC addresses; 4K VLANs



  • L2 Multicast
  • IGMP snooping for traffic optimization


Skip to content