EDR-8010 Series

8 FE copper and 2 GbE SFP multiport industrial secure routers

Features and Benefits

• Marine cybersecurity certified (IACS UR E27 Rev.1 & IEC 61162-460 Ed. 3.0),
supporting 460-gateway, forwarder and switch roles
• Next-generation industrial firewall with Intrusion Prevention/Detection
System (IPS/IDS)
• 8 FE + 2 Gigabit port all-in-one firewall/NAT/VPN/router/switch

• Visualize OT security with the MXsecurity management software

• Secure remote access tunnel with VPN

• Examine industrial protocol data with Deep Packet Inspection (DPI)

technology
• Easy network setup with Network Address Translation (NAT)

• RSTP/Turbo Ring redundant protocol enhances network redundancy

• Developed according to IEC 62443-4-2 with Secure Boot

• -40 to 75°C operating temperature range (-T model)

Certifications

Introduction
The EDR-8010 Series is a set of highly integrated industrial multi-port secure routers with firewall/NAT/VPN and managed Layer 2 switch functions.
These devices are designed for Ethernet-based security applications in critical remote control or monitoring networks. These secure routers
provide an electronic security perimeter to protect critical cyber assets including substations in power applications, pump-and-treat systems in
water stations, distributed control systems in oil and gas applications, and PLC/SCADA systems in factory automation.

Defend Against Malicious Threats With Advanced Cybersecurity Features

The EDR-8010 Series’ embedded firewall uses policy rules to control network traffic between trusted zones while Network Address Translation
(NAT) shields the internal network from unauthorized access by outside hosts. The Virtual Private Networking (VPN) functionality further provides
users with secure communication tunnels when accessing the private network from the public Internet. To help protect your OT assets from
cyberattacks, the EDR-8010 Series supports Deep Packet Inspection (DPI) to examine the data portion of network packets for various OT-specific
protocols.

Simplify Configurations With the User-friendly Interface and Quick Settings

The EDR-8010 Series’ Setup Wizard provides an easy way for users to set up WAN, LAN, and Bridge ports for routing functionality in just four
steps. In addition, the object-based firewall management feature gives engineers a simple way to configure and maintain firewall filtering for IP
addresses and subnets, network services, industrial application services, and user-defined services.

Industrial-grade Design to Ensure Uninterrupted Network Connectivity

The EDR-8010 Series’ rugged hardware makes these secure routers ideal for harsh industrial environments, featuring wide-temperature models
that are built to operate reliably in hazardous conditions and extreme temperatures of -40 up to 75°C. Moreover, the EDR-8010 Series supports
comprehensive Layer 2 and Layer 3 redundancy mechanisms to ensure that your network stays connected at all times.

Virtual Patching and Intelligent Threat Protection

Patching remains a major challenge in OT environments because OT applications cannot afford interrupting operations by shutting down systems
to apply patches. Virtual patching technology can help complement existing patch management processes by shielding known and unknown
vulnerabilities. In addition, the EDR-8010 features intelligent IPS functionality for continuous protection against cyberthreats which uses pattern-
based detection to identify and block known attacks.

MX-ROS Addresses Growing Cybersecurity Threats

Moxa’s MX-ROS (https://www.moxa.com/en/spotlight/portfolio/mx-ros/index) is a software platform for industrial security routers and firewalls.
The platform supports the robust security and user-friendly operation of secure routers through simplified web and CLI interfaces. In addition to

1 www.moxa.com
adhering to IEC 62443-4-2, MX-ROS devices offer a wealth of the latest cross-industry Operational Technology (OT) network management features
with each release to safeguard hardware and software.

Specifications
Input/Output Interface
Alarm Contact Channels Resistive load: 1 A @ 24 VDC

Buttons Reset button

Digital Input Channels +13 to +30 V for state 1

-30 to +3 V for state 0
Max. input current: 8 mA

Ethernet Interface
10/100BaseT(X) Ports (RJ45 connector) 8

1000BaseSFP Slots 2

Standards IEEE 802.3 for 10BaseT

IEEE 802.3u for 100BaseT(X)
IEEE 802.3z for 1000BaseSX/LX/LHX/ZX
IEEE 802.3x for flow control
IEEE 802.1Q for VLAN Tagging
IEEE 802.1X for authentication
Static Port Trunk

DMZ User-configurable DMZ ports

Ethernet Software Features

Broadcast Forwarding IP directed broadcast, broadcast forwarding

Management Back Pressure Flow Control

DDNS
DHCP Server/Client
Web Console (HTTP/HTTPS)
LLDP
QoS/CoS/ToS
SNMPv1/v2c/v3
Telnet
TFTP
HTTPS
SSH

Redundancy Protocols RSTP

STP
Turbo Ring v2
Turbo Chain

Routing Throughput Max. 50K packets per second / 500 Mbps (based on RFC 2544)

Routing Table Max. 4K routing rules

Concurrent Connections Max. 120K (based on RFC 3511)

Connections Per Second Max. Max. 6K (based on RFC 3511)

Routing Redundancy VRRP

Security Secure Boot

IPsec
L2TP (server)
RADIUS
Trust access control
TACACS+
SCP
SFTP
NTP authentication
Syslog Authentication

2 www.moxa.com
Time Management NTP Server/Client
SNTP

Unicast Routing OSPF

RIPV1/V2
Static Route

Multicast Routing Static Route

Filter IGMP v1/v2/v3

Switch Properties
VLAN ID Range VID 1 to 4094

IGMP Groups 1000

Max. No. of VLANs 32

LED Interface
LED Indicators PWR1, PWR2, STATE, MSTR/H.TC, CPLR/T.TC, VRRP/HA, VPN, USB

DoS and DDoS Protection

Technology ARP-Flood
FIN Scan
ICMP Flood
TCP Sessions Without SYN
NMAP-ID Scan
NMAP-Xmas Scan
Null Scan
SYN/FIN Scan
SYN/RST Scan
SYN-Flood
Xmas Scan

Firewall
Filter DDoS
Ethernet protocols
ICMP
IP address
MAC address
Ports

Stateful Inspection Router firewall

Transparent (bridge) firewall

Deep Packet Inspection Modbus TCP

Modbus UDP
DNP3
IEC 60870-5-104
IEC 61850 MMS
EtherNet/IP
MELSEC
Omron FINS
OPC UA
Siemens S7 Comm.
Siemens S7 Comm. Plus
Additional protocols will be supported through future firmware updates.

Intrusion Prevention System Requires an additional license.

Throughput Firewall:
Max. 50K packets per second / 500 Mbps (based on RFC 2544)

3 www.moxa.com
IPsec VPN
Authentication MD5 and SHA (SHA-512)
RSA (key size: 1024-bit, 2048-bit)
X.509 v3 certificate

Concurrent VPN Tunnels Max. 50 IPsec VPN tunnels

Encryption DES
3DES
AES-128
AES-192
AES-256
AES-256-GCM

Protocols IPsec
L2TP (server)
PPTP (client)

Throughput Conditions: AES-256, SHA-256

Max. 25K packets per second / 200 Mbps (based on RFC 2544)

NAT
Features 1-to-1
N-to-1
Port forwarding
NAT loopback

Real-Time Firewall / VPN Event Log

Event Type Firewall event
VPN event

Media Local storage

SNMP Trap
Syslog server

Serial Interface
Console Port RS-232 (TxD, RxD, GND), 3-pin (115200, n, 8, 1)

Connector USB Type-C

Power Parameters
Connection Removable terminal block

Operating Voltage 9.6 to 60 VDC

Input Voltage 12/24/48 VDC, redundant dual inputs (DNV-certified for 24 VDC)

Input Current 0.53 A @ 12 VDC

0.26 A @ 24 VDC
0.14 A @ 48 VDC

Reverse Polarity Protection Supported

Physical Characteristics
Housing Metal

IP Rating IP40

Dimensions 45 x 135 x 105 mm (1.77 x 5.31 x 4.13 in)

Weight 520 g (1.15 lb)

Installation DIN-rail mounting (DNV-certified)

Wall mounting (with optional kit)

4 www.moxa.com
Environmental Limits
Operating Temperature Standard Models: -10 to 60°C (14 to 140°F)
Wide Temp. Models: -40 to 75°C (-40 to 167°F)
All Models: DNV-certified for -25 to 70°C (-13 to 158°F)

Storage Temperature (package included) -40 to 85°C (-40 to 185°F)

Ambient Relative Humidity 5 to 95% (non-condensing)

Standards and Certifications

Safety IEC 62368-1
UL 62368-1

EMC EN 55032/35

EMI CISPR 32, FCC Part 15B Class A

EMS IEC 61000-4-2 ESD: Contact: 8 kV; Air: 15 kV

IEC 61000-4-3 RS: 80 MHz to 1 GHz: 20 V/m
IEC 61000-4-4 EFT: Power: 4 kV; Signal: 4 kV
IEC 61000-4-5 Surge: Power: 2 kV; Signal: 4 kV
IEC 61000-4-6 CS: 10 V
IEC 61000-4-8 PFMF

Railway EN 50121-4

Traffic Control NEMA TS2

Maritime DNV
DNV IEC 61162-460 Edition 3.0 460-gateway, 460-forwarder and 460-switch
DNV security profile 2, IACS UR E27 Rev.1
IEC 60945

Shock IEC 60068-2-27

Freefall IEC 60068-2-32

Vibration IEC 60068-2-6

Power Substation IEC 61850-3 Edition 2.0

IEEE 1613

Hazardous Locations ATEX

Class I Division 2
IECEx

MTBF
Time 1,347,225 hrs

Standards Telcordia (Bellcore), GB

Warranty
Warranty Period 5 years

Details See www.moxa.com/warranty

Package Contents
Device 1 x EDR-8010 Series secure router

Cable 1 x DB9 female to USB Type-C

Installation Kit 4 x cap, plastic, for RJ45 port

2 x cap, plastic, for SFP slot

5 www.moxa.com
 Documentation 1 x quick installation guide
1 x warranty card

Note SFP modules need to be purchased separately for use with this product.

Dimensions
DIN-rail Mount

Wall Mount

6 www.moxa.com
Ordering Information
10/
1000
100BaseT(X) Conformal Operating
Model Name BaseBaseSFP Firewall NAT VPN Input Voltage
Ports (RJ45 Coating Temp.
Slots
Connector)

EDR-8010-2GSFP 8 2 ✓ ✓ – 12/24/48 VDC – -10 to 60°C

EDR-8010-2GSFP-T 8 2 ✓ ✓ – 12/24/48 VDC – -40 to 75°C

EDR-8010-2GSFP-CT 8 2 ✓ ✓ – 12/24/48 VDC ✓ -10 to 60°C

EDR-8010-2GSFP-
8 2 ✓ ✓ – 12/24/48 VDC ✓ -40 to 75°C
CT-T

EDR-8010-VPN-
8 2 ✓ ✓ ✓ 12/24/48 VDC – -10 to 60°C
2GSFP

EDR-8010-VPN-
8 2 ✓ ✓ ✓ 12/24/48 VDC – -40 to 75°C
2GSFP-T

EDR-8010-VPN-
8 2 ✓ ✓ ✓ 12/24/48 VDC ✓ -10 to 60°C
2GSFP-CT

EDR-8010-VPN-
8 2 ✓ ✓ ✓ 12/24/48 VDC ✓ -40 to 75°C
2GSFP-CT-T

Accessories (sold separately)

Storage Kits
ABC-02-USB Configuration backup and restoration tool, firmware upgrade, and log file storage tool for managed
Ethernet switches and routers, 0 to 60°C operating temperature

ABC-02-USB-T Configuration backup and restoration tool, firmware upgrade, and log file storage tool for managed
Ethernet switches and routers, -40 to 75°C operating temperature

SFP Modules
SFP-1G10ALC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX
1310 nm, RX 1550 nm, 0 to 60°C operating temperature

SFP-1G10ALC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX
1310 nm, RX 1550 nm, -40 to 85°C operating temperature

SFP-1G10BLC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX
1550 nm, RX 1310 nm, 0 to 60°C operating temperature

SFP-1G10BLC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 10 km transmission; TX
1550 nm, RX 1310 nm, -40 to 85°C operating temperature

SFP-1G20ALC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX
1310 nm, RX 1550 nm, 0 to 60°C operating temperature

SFP-1G20ALC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX
1310 nm, RX 1550 nm, -40 to 85°C operating temperature

SFP-1G20BLC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX
1550 nm, RX 1310 nm, 0 to 60°C operating temperature

SFP-1G20BLC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 20 km transmission; TX
1550 nm, RX 1310 nm, -40 to 85°C operating temperature

SFP-1G40ALC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX
1310 nm, RX 1550 nm, 0 to 60°C operating temperature

SFP-1G40ALC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX
1310 nm, RX 1550 nm, -40 to 85°C operating temperature

SFP-1G40BLC WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX
1550 nm, RX 1310 nm, 0 to 60°C operating temperature

SFP-1G40BLC-T WDM-type (BiDi) SFP module with 1 1000BaseSFP port with LC connector for 40 km transmission; TX
1550 nm, RX 1310 nm, -40 to 85°C operating temperature

SFP-1GEZXLC SFP module with 1 1000BaseEZX port with LC connector for 110 km transmission, 0 to 60°C operating
temperature

7 www.moxa.com
SFP-1GEZXLC-120 SFP module with 1 1000BaseEZX port with LC connector for 120 km transmission, 0 to 60°C operating
temperature

SFP-1GLHLC SFP module with 1 1000BaseLH port with LC connector for 30 km transmission, 0 to 60°C operating
temperature

SFP-1GLHLC-T SFP module with 1 1000BaseLH port with LC connector for 30 km transmission, -40 to 85°C operating
temperature

SFP-1GLHXLC SFP module with 1 1000BaseLHX port with LC connector for 40 km transmission, 0 to 60°C operating
temperature

SFP-1GLHXLC-T SFP module with 1 1000BaseLHX port with LC connector for 40 km transmission, -40 to 85°C
operating temperature

SFP-1GLSXLC SFP module with 1 1000BaseLSX port with LC connector for 1km/2km transmission, 0 to 60°C
operating temperature

SFP-1GLSXLC-T SFP module with 1 1000BaseLSX port with LC connector for 1km/2km transmission, -40 to 85°C
operating temperature

SFP-1GLXLC SFP module with 1 1000BaseLX port with LC connector for 10 km transmission, 0 to 60°C operating
temperature

SFP-1GLXLC-T SFP module with 1 1000BaseLX port with LC connector for 10 km transmission, -40 to 85°C operating
temperature

SFP-1GSXLC SFP module with 1 1000BaseSX port with LC connector for 300m/550m transmission, 0 to 60°C
operating temperature

SFP-1GSXLC-T SFP module with 1 1000BaseSX port with LC connector for 300m/550m transmission, -40 to 85°C
operating temperature

SFP-1GZXLC SFP module with 1 1000BaseZX port with LC connector for 80 km transmission, 0 to 60°C operating
temperature

SFP-1GZXLC-T SFP module with 1 1000BaseZX port with LC connector for 80 km transmission, -40 to 85°C operating
temperature

SFP-1GTXRJ45-T SFP module with 1 1000BaseT port with RJ45 connector for 100 m transmission, -40 to 75°C operating
temperature

Mounting Kits
WK-40-01 Wall-mounting kit, 2 plates, 6 screws, 40 x 58 x 2 mm

Software
LIC-MXsecurity-NEW-XN-SR MXsecurity perpetual node license with customizable node quantity (minimum 1 node)

LIC-IPS-MXsecurity-NEW-1Y-XN-SR 1-year IPS license for MXsecurity with customizable node quantity (minimum 1 node)

LIC-IPS-MXsecurity-NEW-XM-XN- IPS license for MXsecurity with customizable duration and node quantity (minimum 1 month, minimum
DMR 1 node)

LIC-IPS-MXsecurity-RENEW-1Y-XN- 1-year IPS renewal license for MXsecurity with customizable node quantity (minimum 1 node)
SR

LIC-IPS-MXsecurity-RENEW-XM-XN- IPS renewal license for MXsecurity with customizable duration and node quantity (minimum 1 month,
DMR minimum 1 node)

LIC-IPS-MXsecurity-ADD-1Q-XN-SR 3-month IPS add-on license for MXsecurity with customizable node quantity (minimum 1 node)

LIC-IPS-MXsecurity-ADD-2Q-XN-SR 6-month IPS add-on license for MXsecurity with customizable node quantity (minimum 1 node)

LIC-IPS-MXsecurity-ADD-3Q-XN-SR 9-month IPS add-on license for MXsecurity with customizable node quantity (minimum 1 node)

LIC-IPS-MXsecurity-ADD-4Q-XN-SR 1-year IPS add-on license for MXsecurity with customizable node quantity (minimum 1 node)

LIC-IPS-MXsecurity-ADD-XM-XN- IPS add-on license for MXsecurity with customizable duration and node quantity (minimum 1 month,
DMR minimum 1 node)

LIC-IPS-DEVICE-RENEW-1Y-1N-MR 1-year device-based IPS renewal license

LIC-IPS-DEVICE-NEW-1Y-1N-MR 1-year device-based IPS license

© Moxa Inc. All rights reserved. Updated Apr 22, 2025.

This document and any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of
Moxa Inc. Product specifications subject to change without notice. Visit our website for the most up-to-date product information.

8 www.moxa.com