March 2017 - Not only can the BASrouterLX router allow BACnet/IP devices to communicate with MS/TP devices, it can also improve network security by using a feature called "allowlist".
Standard IT security devices often implement Virtual Private Networks (VPNs) or Virtual Local Area Networks (VLANs). VPNs are generally used over the Internet to provide security for messages that travel over the unsecured Internet networks. VPNs can also be utilized internally but require VPN routers and will add complexity to your network, and are probably overkill for your internal network. VLANs are used by IT departments to separate network traffic in a facility. These can provide enhanced security but will require VLAN routers when you need to communicate between VLANs. VLANs also require managed Ethernet switches and add complexity to your network. Both of these are great solutions for providing enhanced security for your BACnet communications. However, there is a simpler technique that can be provided by the BASrouterLX, and it does not require any additional equipment or add any complexity.
The BASrouterLX allows users to "allowlist". A allowlist is a list of IP addresses to which the IP device will only communicate. All other devices are blocked or ignored. After the user enters his/her user ID and password he/she can enter the selected IP addresses into the allowlist of the device. With this feature, the BASrouterLX would only carry BACnet/IP traffic which used one of the allowlist IP addresses. Any other BACnet/ IP message would be blocked from the MS/TP network.
"Allowlist is a straight-forward concept that allows the IT security team to have a very controlled, secure network without needing to bother with the complexity of VPNs," said Harpartap Parmar, Senior Product Manager at Contemporary Controls. "It’s one the features of the BASrouterLX a go-to solution for our customers."
Visit the BASrouterLX product page to learn more.