Secure remote access with key switch

The industrial
Security Router

Give your customer the key for remote access.

mbnet.rokey Highlights

With an integrated key switch, this remote access router offers all the essential security features recommended by BSI and other worldwide security authorities. Let us convince you.

Key-controlled Remote Access

The three positions of the key let you decide when remote users may access the router and when they are allowed to reach the devices behind it.

Onboard Security Chip

The hardware-based secure element cannot be read out. It is used to secure all processes and to encrypt your passwords and data.

Active Session warning

Use an onboard DO to enable a local audible or visual alarm and notify local staff of an active remote access session on the unit.

Unique Password

Each hardware device that leaves the factory has its own unique password.

Signed Firmware

The Secure Boot concept ensures that the router only boots with signed and trusted firmware.

Supports SIMPLY.connect

Setting up a new router has never been easier. SIMPLY.connect enables you to make a guided setup in three steps: Log in, scan, done. No more complex configuration.

remarkable Features

 

N

Supports SIMPLY.connect

i

Local Data Acquisition

Optional serial or MPI/PROFIBUS connectivity

Onboard 4 DI’s, 2 DO’s

Edge-upgradable

Nano-SIM slot (only for LTE)

Need more information?

mbNET.rokey Booster

Get even more out of your mbNET.rokey with our new features (from firmware 8.2.0).

802.1x Client (Radius)
SNMPv3
MQTT Bridge
LAN Segmentation

802.1x Client
Authentification

Security at the highest level: 802.1x for mbNET.rokey
802.1x is the standard for port-based network security controls developed by the Institute of Electrical and Electronics Engineers (IEEE). This standard ensures seamless integration into existing IT infrastructures and enables secure authentication and authorized connection to the local network. Briefly: Access control to a network before an IP address is assigned.

Multiple authentication methods
The mbNET.rokey supports a variety of secure authentication methods, including EAP-TLS, EAP-PEAP, EAP-TTLS and EAP-FAST. This ensures that your network security is always up to date.

Perfect for challenging IT environments
This feature is essential for administrators and allows machine and plant builders to easily integrate mbNET.rokey into factories where complex network infrastructures such as Cisco architectures with EAP-FAST are already in use. Integrate your hardware effortlessly into any IT environment!

from HW02

SNMPv3: Simple Network
Management Protocol

Discover the SNMP support for mbNET.rokey as of version 8.2.0! This new feature ensures that network administrators can seamlessly integrate important key figures and status information from the mbNET.rokey into their network monitoring. With SNMP, mbNET.rokey offers a robust solution that meets the highest standards.

The following MIBs (Management Information Base) are now available: Device type, serial number, firmware version, Ethernet port status, operating time, CPU load, RAM utilization as well as security-related information such as openVPN connection activity, connected users and number of firewall drops.

This data is crucial for the early detection and prevention of potential security risks. Integrate your mbNET.rokey seamlessly into your existing network monitoring.

from HW02

MQTT Bridge

From now on, all internally used MQTT topics of the router and the associated data can be easily mirrored to an external MQTT broker. This innovative solution enables seamless integration and synchronization of data between internal systems and external applications or cloud services. The captured data is securely and efficiently transferred to an external MQTT broker hosted outside the machine network.

The security of the data transfer is guaranteed by SSL/TLS in conjunction with CA certificates. This feature is particularly interesting for all users of a mymbCONNECT24 portal.

from HW02

LAN segmentation /
port-based VLANs

With the new LAN segmentation, our mbNET.rokey enables machine network architects to seamlessly and efficiently set up four separate local LAN segments directly on the remote access router. These segments are completely isolated when activated and are given individual IP address ranges, which significantly increases flexibility and control over your network infrastructure.

If communication between the segments is desired, this must first be actively configured. This ensures that only required and targeted data traffic is permitted. Layer 3 routing guarantees that ARP requests and unwanted broadcasts remain within the respective LAN segments, which optimizes both the performance and security of your network.

Optimize your machine network with the LAN segmentation of the mbNET.rokey!

from HW06

NEW
FEATURES
discover now

License Model

Basic

Features

Single

License

tec.boost

License Bundle

Basic

Features

included by
default

Single

License

choose your
favourite feature

tec.boost

License Bundle

all tec.boost features
in one bundle

Bugfixes

Basic

Features

Single

License

tec.boost

License Bundle

Security Patches

Basic

Features

Single

License

tec.boost

License Bundle

future tec.boost Features

Basic

Features

Single

License

tec.boost

License Bundle

automatically with firmware upgrade on the device
(features depend on HW version)

can be pre-activated on delivery

Basic

Features

Single

License

tec.boost

License Bundle

802.1x Client (Radius)

Basic

Features

Single

License

tec.boost

License Bundle

SNMPv3

Basic

Features

Single

License

tec.boost

License Bundle

MQTT Bridge

Basic

Features

Single

License

Single License

tec.boost

License Bundle

LAN Segmentation

Basic

Features

Single

License

Single License

tec.boost

License Bundle

Radius Server (LAN-side)

Basic

Features

Single

License

Coming soon

tec.boost

License Bundle

Coming soon

Product versions

Type Item no. WAN Wireless technology LAN RS-232/RS-485 MPI/PROFIBUS VPN*
RKH 210 1.210.200.06.00 1x 4x 1x
RKH 216 1.216.200.06.00 1x 4x
RKH 235 1.235.200.05.00 1x 4x 1x
RKH 259 (EU) 1.259.220.06.00 1x LTE Cat.1 & Cat.4 4x
RKH 259 (US) 1.259.130.06.00 1x LTE Cat.1 & Cat.4 4x

* IPSEC, PPTP, L2TP, OpenVPN

Optional Features
Product name Item no. Description
tec.boost License Bundle 1.900.000.00.00 License Bundle for a mbNET.rokey including SNMP, 802.1X, MQTT Bridge, LAN Segmentation
LAN Segmentation 1.904.000.00.00 Single License LAN Segmentation for a mbNET.rokey
MQTT Bridge 1.905.000.00.00 Single License MQTT Bridge for a mbNET.rokey

Downloads

You want to learn more about this product?
Visit our download portal and check out the latest brochures and all essential documents.

Find your sales partner

Find your personal contact person in your area.

Start your remote services

Are you looking for an all-in-one solution? Try our web-based remote access portal today.

u

We are here to help you

Questions? We can help you. For direct support, you can also call us.

Stay informed

Subscribe here to get updates on IoT and remote access solutions, products and features and get the latest cybersecurity updates.

You have questions?

Write us!

Allgemeine Anfrage EN

Callmeback

As an expert for secure remote access, IIoT and industrial security, we are committed to the highest standards in cyber security and the protection of industrial control systems.

With certifications such as IEC 62443-4-1, we are demonstrating a strong commitment to quality, security and trust in our development processes and products.

Our DNA: 100% IT-Security
for more than 25 years.