Skip to Content
  1. All products
  2. Industrial Cybersecurity
  3. ABD4002-PROFW
  4. Industrial Cybersecurity
Pricelist: Default EUR pricelist Pricelist
Pricelist: Default EUR pricelist Pricelist

ABD4002-PROFW

The most complete security appliance in the Anybus Defender range. The 4002 with PRO/FW license unlocks the full feature set — everything in NAT/FW and DPI/FW, plus advanced VPN (WireGuard, OpenSSL, IPsec), traffic shaping, advanced routing protocols, load balancing with multi-WAN support, captive portal and high availability redundancy.

Built for organizations that need enterprise-grade OT security with no compromises: Deep Packet Inspection on Ethernet/IP CIP and Modbus with auto-learn, virtual patching of legacy devices via Snort and Suricata IPS, deny-by-default stateful firewalling, versatile NAT, transparent bridging, OT asset discovery, RADIUS/LDAP/AD authentication and policy scheduling.

Ideal for multi-site deployments with secure plant-to-plant OT connections via encrypted VPN tunnels, centrally managed through the optional Anybus Cybersecurity Console. Rugged fan-less metal enclosure with DIN rail mounting. 2x 1 Gbit RJ45 Ethernet with VLAN support.

4,350.00 € 4,350.00 € (Tax excluded)
4,350.00 € (Tax excluded)

Add to cart
Terms and Conditions
Contact Us
How it worksKey use casesTechnical SpecsDocumentation

How it works

1
Install
Mount on DIN rail, connect WAN and LAN between your IT/OT boundary, between sites, or in front of critical assets
2
Discover & learn
Asset scanner identifies all OT devices. DPI auto-learns industrial traffic patterns and suggests firewall rules
3
Configure
Set up firewall rules, DPI policies, VPN tunnels, traffic shaping and HA via the web GUI — or manage centrally via the Console
4
Enforce & monitor
Full protection active: DPI, IPS, VPN, traffic shaping and HA — with real-time notifications and API integration



Key use cases

Deep Packet InspectionInspect Ethernet/IP CIP and Modbus traffic at the application layer — control exactly which commands pass through
Virtual patchingProtect legacy PLCs and HMIs that can no longer receive updates — Snort and Suricata IPS with customizable signatures
Secure plant-to-plant VPNEncrypted OT connections between facilities using WireGuard, OpenSSL or IPsec tunnels
High availabilityRedundant deployment with automatic failover — no single point of failure for your OT security
Load balancing & multi-WANDistribute traffic across multiple uplinks for resilience and performance
Traffic shapingPrioritize critical OT traffic and limit bandwidth for non-essential communications

 

Technical Specs

License typePRO/FW — Perpetual
Stateful firewallYes — deny by default
NATSimple NAT wizard, 1:1, 1:many
Bridge / transparent modeYes
VLAN supportYes — logical segmentation
Certificate managementYes
Deep Packet InspectionEthernet/IP CIP, Modbus — auto-learn capable
Intrusion Protection (IPS)Snort & Suricata — customizable signatures
Virtual patchingYes — protect unpatched legacy devices
VPNWireGuard, OpenSSL & IPsec
Remote client VPNYes
RADIUS / LDAP / AD authenticationYes
DHCP server & forwardingYes
Rules/policy schedulerYes — by date, time and duration
Captive portalYes
Routing protocolsRIPv1 & v2, BGPv4
Load balancingYes — multi-WAN
Traffic shapingYes
High availabilityYes — redundancy with automatic failover
Asset discovery & inventoryYes — OT/ICS specific, with accuracy score
NotificationsEmail, syslog, Telegram Messenger, Pushover
Central managementOptional — Anybus Cybersecurity Console


WAN1x RJ45 Gigabit Ethernet
LAN1x RJ45 Gigabit Ethernet
VLANSupported — additional logical segments


Web GUIOn-board web interface with use-case wizards
Rule creationOne-click from firewall logs + floating rules
APIIntegrated RESTful API
CLISSH / Console access
DiagnosticsTraffic diagnostics, debug tools, ARP & bandwidth monitoring


Input voltage24V DC
Current consumption (max)840 mA
Power consumption (max)20W


IP ratingIP20
Housing materialMetal — fan-less
MountingDIN rail (EN 50022)
Dimensions (L x W x H)114.6 x 118.2 x 64.5 mm
Weight680 g
Operating temperature0°C to +60°C
Humidity0–85% non-condensing


CEYes
RoHSYes (2011/65/EU)
WEEEYes
Country of originUSA


 

PRO/FW is the complete package. Includes everything from NAT/FW (stateful firewall, NAT, bridging, asset discovery) and DPI/FW (Deep Packet Inspection, IPS, VPN, DHCP, scheduling), plus PRO-exclusive features: captive portal, advanced routing (RIP, BGP), load balancing with multi-WAN, traffic shaping and high availability redundancy. For simpler deployments, see the NAT/FW or DPI/FW licenses.


Documentation

anybus-defender-4002-datasheet-20240502.pdf

Anybus Defender Documentation

Build the perfect configuration

Everything you need to complete your setup!

Your Dynamic Snippet will be displayed here... This message is displayed because you did not provide enough options to retrieve its content.