Developed specifically to withstand the harshest industrial environments, these security devices offer uncompromising end to end security with industrial design and operation in mind.
Product Overview
The Cisco® Industrial Security Appliances are true industrial appliances that provide OT targeted protection based on proven enterprise class security.
The ISA 3000 with four data links is a DIN rail mount, ruggedized appliance that provides the widest range of Access, Threat, and Application controls for the harshest and most demanding of industrial environments.
The ISA 3000 Series starts with the same industrial success of the IE 4000 switch hardware design and adds the proven security of the Cisco ASA and SourceFire software. The ISA 3000 is the answer to provide both safety and security to your network modernization projects. It also provides the anchor point for converging IT and OT security visibility without interfering with industrial operational practice This security appliance is built to withstand extreme environments, reflect industrial design, all the while adhering to overall IT network design, compliance, and performance requirements.
The ISA 3000 Series is ideal for industrial ethernet applications where hardened products are required. This includes utility industries, manufacturing, energy and process control, intelligent transportation systems (ITS), oil and gas field sites, city surveillance programs, and mining. Security and safety visibility has never been higher with the ability to simultaneously track suspect file propagation, coil set points, abnormal traffic patterns, and escalation of privileges all within a single device. This industrial element of Cisco’s secure networking portfolio cooperatively interacts with other industrial grade Cisco solutions as well as provides complete vision to interactions between your local cell and the IT world, outside vendors, or contractor activity.
Managed through either a user-friendly on-box system manager or company wide security management, the ISA 3000 provides industrial focused, out-of-the-box configuration and simplified operational manageability. These highly customizable management options allows for simplified local operational awareness and higher order IT/OT security convergence for the inevitable mingling of industrial and IT capabilities.
Note:
Physical Product Specifications
Hardware:
● 4 Core Intel Rangely (I-temp)
● 8-GB DRAM (soldered down)
● 16-GB onboard flash memory
● mSATA 64Gb
● 1-GB removable SD flash memory card - industrial temp (enabled in future release)
● Mini-USB connector for console
● RJ-45 traditional console connector
● Dedicated 10/100/1000 Management port
● Hardware based anti-counterfeit, anti-tamper chip
● Factory reset option
Alarm:
● Alarm I/O: four alarm inputs to detect dry contact open or closed, one Form C alarm output relay (enabled in future release)
Dimensions, (H x W x D): 11.2cm (Width) x 13cm (Height) x 16cm (Depth)
Weight: 1.9kg
Power Supply and Ranges:
● Dual internal DC
● Nominal ± 12Vdc, 24Vdc, or 48Vdc
● Maximum Range 9.6 Vdc to 60 Vdc
● Power Consumption 24 Watts
MTBF - Mean Time Between Failure:
● ISA-3000-4C 398,130 hours
● ISA-3000-2C2F 376,580 hours
Device Scalability
Throughput: Max 2Gbps - Min. 22Mbps Varies with traffic type and security activity (please work with Cisco SE for your traffic profile)
IPSec VPN Tunnels: 5, 25 (with SecPlus license)
Defined Interfaces: 200, 400 (with SecPlus license)
VLAN counts: 5, 25 (with SecPlus license)
IPv4 MAC security ACEs: 1,000 with default TCAM Template
NAT translation: Bidirectional, 128 unique subnet NAT translation entries, which can expand to tens of thousands of translated entries if designed properly
Cisco ISA 3000 Key Network Support Features
NAT:
● Static NAT With Port Translation, One-to-Many, Non-standard ports
● Dynamic NAT
● Dynamic PAT
● Identity NAT
Layer 2 IPv6: IPv6 Host support, HTTP over IPv6, SNMP over IPv6
Layer 3 Routing: IPv4 Static Routing
Utility: IEEE 1588 v2 PTP Power Profile
Separate Routing for Management Traffic: Segregates data and management traffic routing
Trunking: 802.1q trunks supported
Cisco ISA 3000 Key Security Software Features
TrustSec Controls:
● In-band and out of band Identity
● Active Directory integration
● Policy based on Security Group Tags
● 802.1x support
● MACSec and MAB support
● Enforces end-point security state for remote access
Multi-Level Access Controls:
● Global Blacklists - automated or manual
● Global Whitelists
● Third party intelligence feed utilization
● File Whitelists
● File Blacklists
● Application level access control
● 802.1x support
Threat Network Mapping:
● Passive device identification
● Mobile device identification
● Application host network mapping
● Vulnerability/host network mapping
● User/host network mapping
Threat Discovery:
● Indicators of Compromise tracking
● OpenAppID - open community ID system
● Correlation policies and responses
● Traffic variance detection
● Router based remediation actions
● Netflow tracking
● 25,000+ threat identifiers
● Customizable identifiers
● Can create wholly new identifiers
● Widest identifier contributorship
File Tracking:
● Approved file trace
● Suspect file trace
● Malware match
Compliance Specifications
Electromagnetic Emissions:
FCC 47 CFR Part 15 Class A
EN 55022A Class A
VCCI Class A
AS/NZS CISPR 22 Class A
CISPR 11 Class A
CISPR 22 Class A
ICES 003 Class A
CNS13438 Class A
KN22
Electromagnetic Immunity:
EN55024
CISPR 24
AS/NZS CISPR 24
KN24
EN 61000-4-2 Electro Static Discharge
EN 61000-4-3 Radiated RF
EN 61000-4-4 Electromagnetic Fast Transients
EN 61000-4-5 Surge
EN 61000-4-6 Conducted RF
EN 61000-4-8 Power Frequency Magnetic Field
EN 61000-4-9 Pulse Magnetic Field
EN 61000-4-18 Damped Oscillatory Wave
EN-61000-4-29 DC Voltage Dips and Interruptions
Industry Standards:
EN 61000-6-1 Immunity for Light Industrial Environments
EN 61000-6-2 Immunity for Industrial Environments
EN 61000-6-4 Emission Standard for Industrial Environments
EN 61326 Industrial Control
EN 61131-2 Programmable Controllers
IEEE 1613 Electric Power Stations Communications Networking
IEC 61850-3 Electric Substations Communications Networking
Safety Standards and Certifications:
Operating Temperature: -40C to +74C
● -40C to +70C (Vented Enclosure Operating)
● -40C to +60C (Sealed Enclosure Operating)
● -34C to +75C (Fan or Blower equipped Enclosure Operating)
EN 60068-2-21
EN 60068-2-2
EN 61163
Storage Environment:
Temperature: -40 to +85 degrees CHumidity:
Relative humidity of 5% to 95% non-condensing.Shock and Vibration:
● IEC60068-2-6 and IEC60068-2-27
● MIL-STD-810, Method 514.4
● Marine EN60945
● Industrial EN61131-2/IEC61131-2
● Railway EN50155
● Smart Grid EN61850-3
● IEEE 1613
Corrosion:
ISO 9223: Corrosion
class C3-Medium
class C4-High
EN 60068-2-52 (Salt Fog) (Pending)
EN 60068-2-60 (Flowing Mixed Gas) (Pending)
Others:
RoHS Compliance
China RoHS Compliance
TAA (Government)
CE (Europe)
Warranty: Five-year limited HW warranty on all ISA 3000 PIDS. See link at end of Datasheet for more details on warranty.
Management and Standards
IEEE Standards:
● IEEE 802.1D MAC Bridges, STP
● IEEE 802.1p Layer2 COS prioritization
● IEEE 802.1q VLAN
● IEEE 802.1s Multiple Spanning-Trees
● IEEE 802.1w Rapid Spanning-Tree
● IEEE 802.1x Port Access Authentication
● IEEE 802.1AB LLDP
● IEEE 802.3ad Link Aggregation (LACP)
● IEEE 802.3ah 100BASE-X SMF/MMF only
● IEEE 802.3x full duplex on 10BASE-T
● IEEE 802.3 10BASE-T specification
● IEEE 802.3u 100BASE-TX specification
● IEEE 802.3ab 1000BASE-T specification
● IEEE 802.3z 1000BASE-X specification
● IEEE 1588v2 PTP Precision Time Protocol
RFC Compliance:
● RFC 768: UDP
● RFC 783: TFTP
● RFC 791: IPv4 protocol
● RFC 792: ICMP
● RFC 793: TCP
● RFC 826: ARP
● RFC 854: Telnet
● RFC 951: BOOTP
● RFC 959: FTP
● RFC 1157: SNMPv1
● RFC 1901,1902-1907 SNMPv2
● RFC 2273-2275: SNMPv3
● RFC 2571: SNMP Management
● RFC 1166: IP Addresses
● RFC 1256: ICMP Router Discovery
● RFC 1305: NTP
● RFC 1492: TACACS+
● RFC 1493: Bridge MIB Objects
● RFC 1534: DHCP and BOOTP interoperation
● RFC 1542: Bootstrap Protocol
● RFC 1643: Ethernet Interface MIB
● RFC 1757: RMON
● RFC 2068: HTTP
● RFC 2131, 2132: DHCP
● RFC 2236: IGMP v2
● RFC 3376: IGMP v3
● RFC 2474: DiffServ Precedence
● RFC 3046: DHCP Relay Agent Information Option
● RFC 3580: 802.1x RADIUS
● RFC 4250-4252 SSH Protocol