UNITES SECURITY AND FLEXIBILITY

The ALL PURPOSE

Security Router

The mbNET industrial router is the ideal basis for securely connecting your machines and systems to the Internet for direct access or via our remote service portal (my)mbCONNECT24.

mbNET Highlights

Designed as a secure industrial VPN router, this device innovates for security in many ways.

Controlled Remote Access

You decide: Use a digital signal from your PLC to indicate when the router should connect to the portal for reaching the components behind.

Onboard Security Chip

The hardware-based secure element cannot be read out. It is used to secure all processes and to encrypt your passwords and data.

Active Session Warning

Use an onboard DO to enable a local audible or visual alarm and notify local staff of an active remote session on the unit.

Unique Password

Each hardware device that leaves the factory has its own unique password.

Signed Firmware

The Secure Boot concept ensures that the router only boots with signed and trusted firmware.

Support SIMPLY.connect

Setting up a new router has never been easier. SIMPLY.connect enables you to make a guided connection in three steps: Log in, scan, done. No more complex configuration.

remarkable Features

N

Security by Design

i

Local Data Acquisition

Optional Serial Connectivity

Onboard 4 DI’s, 2 DO’s

Edge-upgradable

Nano-SIM slot (only for LTE)

Need more information?

mbNET Booster

Get even more out of your mbNET with our new features (from firmware 8.2.0).

802.1x Client (Radius)
SNMPv3
MQTT Bridge
LAN Segmentation

802.1x Client
Authentification

Security at the highest level: 802.1x for mbNET
802.1x is the standard for port-based network security controls developed by the Institute of Electrical and Electronics Engineers (IEEE). This standard ensures seamless integration into existing IT infrastructures and enables secure authentication and authorized connection to the local network. Briefly: Access control to a network before an IP address is assigned.

Multiple authentication methods
The mbNET supports a variety of secure authentication methods, including EAP-TLS, EAP-PEAP, EAP-TTLS and EAP-FAST. This ensures that your network security is always up to date.

Perfect for challenging IT environments
This feature is essential for administrators and allows machine and plant builders to easily integrate mbNET into factories where complex network infrastructures such as Cisco architectures with EAP-FAST are already in use. Integrate your hardware effortlessly into any IT environment!

from HW02

SNMPv3: Simple Network
Management Protocol

Discover the SNMP support for mbNET as of version 8.2.0! This new feature ensures that network administrators can seamlessly integrate important key figures and status information from the mbNET into their network monitoring. With SNMP, mbNET offers a robust solution that meets the highest standards.

The following MIBs (Management Information Base) are now available: Device type, serial number, firmware version, Ethernet port status, operating time, CPU load, RAM utilization as well as security-related information such as openVPN connection activity, connected users and number of firewall drops.

This data is crucial for the early detection and prevention of potential security risks. Integrate your mbNET seamlessly into your existing network monitoring.

from HW02

MQTT Bridge

From now on, all internally used MQTT topics of the router and the associated data can be easily mirrored to an external MQTT broker. This innovative solution enables seamless integration and synchronization of data between internal systems and external applications or cloud services. The captured data is securely and efficiently transferred to an external MQTT broker hosted outside the machine network.

The security of the data transfer is guaranteed by SSL/TLS in conjunction with CA certificates. This feature is particularly interesting for all users of a mymbCONNECT24 portal.

from HW02

LAN segmentation /
port-based VLANs

With the new LAN segmentation, our mbNET enables machine network architects to seamlessly and efficiently set up four separate local LAN segments directly on the remote access router. These segments are completely isolated when activated and are given individual IP address ranges, which significantly increases flexibility and control over your network infrastructure.

If communication between the segments is desired, this must first be actively configured. This ensures that only required and targeted data traffic is permitted. Layer 3 routing guarantees that ARP requests and unwanted broadcasts remain within the respective LAN segments, which optimizes both the performance and security of your network.

Optimize your machine network with the LAN segmentation of the mbNET!

from HW06

NEW
FEATURES
discover now

License Model

Basic

Features

Single

License

tec.boost

License Bundle

Basic

Features

included by
default

Single

License

choose your
favourite feature

tec.boost

License Bundle

all tec.boost features
in one bundle

Bugfixes

Basic

Features

Single

License

tec.boost

License Bundle

Security Patches

Basic

Features

Single

License

tec.boost

License Bundle

future tec.boost Features

Basic

Features

Single

License

tec.boost

License Bundle

automatically with firmware upgrade on the device
(features depend on HW version)

can be pre-activated on delivery

Basic

Features

Single

License

tec.boost

License Bundle

802.1x Client (Radius)

Basic

Features

Single

License

tec.boost

License Bundle

SNMPv3

Basic

Features

Single

License

tec.boost

License Bundle

MQTT Bridge

Basic

Features

Single

License

Single License

tec.boost

License Bundle

LAN Segmentation

Basic

Features

Single

License

Single License

tec.boost

License Bundle

Radius Server (LAN-side)

Basic

Features

Single

License

Coming soon

tec.boost

License Bundle

Coming soon

Product versions

mbNET with WAN/LAN
Type Item no. WAN Wireless
technology
LAN RS-232/
RS-485
MPI/
PROFIBUS
VPN*
MDH 816 1.116.200.06.00 1x 4x Open VPN
MDH 835 1.135.200.06.00 1x 4x 1x 1x Open VPN
MDH 871 1.171.200.06.00 1x 4x 2x
MDH 876 1.176.200.06.00 1x 4x 1x 1x
mbNET with LTE
Type Item no. WAN Wireless technology LAN RS-232/
RS-485
MPI/
PROFIBUS
VPN*
MDH 850 (EU) 1.150.220.05.00 1x LTE Cat.1 & Cat.4 4x 2x
MDH 850 (US) 1.150.130.06.00 1x LTE Cat.1 & Cat.4 4x 2x
MDH 855 (EU) 1.155.220.06.00 1x LTE Cat.1 & Cat.4 4x 1x 1x
MDH 855 (US) 1.155.130.06.00 1x LTE Cat.1 & Cat.4 4x 1x 1x
MDH 859 (EU) 1.159.220.06.00 1x LTE Cat.1 & Cat.4 4x Open VPN
MDH 859 (US) 1.159.130.06.00 1x LTE Cat.1 & Cat.4 4x Open VPN
mbNET with WLAN
Type Item no. WAN Wireless technology LAN RS-232/
RS-485
MPI/
PROFIBUS
VPN*
MDH 811 1.111.200.06.00 1x IEEE 802.11 b/g/n 4x 2x
MDH 831 1.131.200.06.00 1x IEEE 802.11 b/g/n 4x 1x 1x
MDH 841 1.141.200.06.00 1x IEEE 802.11 b/g/n 4x Open VPN

* IPSEC, PPTP, L2TP, OpenVPN

Optional Features
Product name Item no. Description
tec.boost License Bundle 1.900.000.00.00 License Bundle for a mbNET including SNMP, 802.1X, MQTT Bridge, LAN Segmentation
LAN Segmentation 1.904.000.00.00 Single License LAN Segmentation for a mbNET
MQTT Bridge 1.905.000.00.00 Single License MQTT Bridge for a mbNET

Downloads

You want to learn more about this product?
Visit our download portal and check out the latest brochures and all essential documents.

Find your sales partner

Find your personal contact person in your area.

Start your remote services

Are you looking for an all-in-one solution? Try our web-based remote access portal today.

u

We are here to help you

Questions? We can help you. For direct support, you can also call us.

Stay informed

Subscribe here to get updates on IoT and remote access solutions, products and features and get the latest cybersecurity updates.

You have questions?

Write us!

Allgemeine Anfrage EN

Callmeback

As an expert for secure remote access, IIoT and industrial security, we are committed to the highest standards in cyber security and the protection of industrial control systems.

With certifications such as IEC 62443-4-1, we are demonstrating a strong commitment to quality, security and trust in our development processes and products.

Our DNA: 100% IT-Security
for more than 25 years.