Encrypted Ethernet Tunnel Utilizing FIPS Certified Encryption Module



FT Family Encrypted Ethernet Tunnel

  • FIPS certified encryption module
  • The FT-6602/6606/6632/Soft creates encrypted tunnels
  • FT-6602 industrial temperature -20 to +50 C
  • FT-6606 0 to +40 C, FT-6632 10 +35 C
  • FT-6602 - 3 configurable ports (100BaseT)
  • FT-6606 - 3 configurable ports (1000BaseT)
  • FT-6632 - 1 Trusted port, 1 Untrusted ports (1000BaseT)
  • FT-Soft - Windows PC Software Client
  • Easy to setup and maintain
  • FT-6602 supports 13 Mbps up to 25 client units
  • FT-6606 supports 40 Mbps up to 25 client units
  • FT-6632 supports Up to 720 Mbps and up to 50 client units
  • Operates as server, client, or client & server
  • Extensive statistics, logging and diagnostics
  • Tunnels at the Layer 2 level, including multicast
  • Ethernet to Ethernet
  • Bridge/Tunnel supports 4,096 MAC addresses
  • Remote PCs appear to be on the local network
  • Bridges 802.1Q tagged V-LAN trunks
  • Extensive filtering on MAC, IP, and Protocols
  • Transports data either TCP/IP or UDP
  • UDP transport is ideal for voice and video
img
FT-6606 Front View
img
FT-6602 Rear View
img
FT-6632 Front View
img
FT-Soft Client Software

The FT-6602 was released in 2008 and was superseded by the FT-6606 in 2018. We're near the end of our inventory of this product and recommend the higher performing FT-6606 as a replacement in new applications.

Features
Description
Specifications
How To Order
General
Protocol Features
Indicators
Physical/Electrical
Printable PDF Data sheet
Application Notes and Manual


Common Applications

  • Utilities, gas and oil production, pipelines
  • Law Enforcement – Remote offices
  • Medical – Meets HIPPA requirements for securely sending medical data
  • Secure video and/or voice transmission
  • Financial industry
  • Helps nuclear utilities comply with NRC NEI-08-09 Requirments
  • Government applications for NIST/FIPS
  • Securely bridge networks over the Internet for lower line costs
  • Remote network monitoring via the Internet
  • Voice over IP radio dispatch using multicast

DESCRIPTION

The FT tunnels create an encrypted tunnel through IP networks. The FT-6602 features three Ethernet LAN ports and a serial port for initial setup, the FT-6632 offers 2 Ethernet ports and a serial port.

FT tunnels encrypt any ethernet data between private networks using the public Internet or any other network as the transport.

Each unit can be configered as a server, a client or simultaneous as both a client & server device. As a server, the FT-6602 and FT-6606 support up to 25 simultaneous client unitss. The FT-6632 support up to 50 clients.

The Ethernet user data transport between FT units may be either TCP/IP or UDP. UDP is preferred for wireless links, for voice and for video transport. An FT server can support UDP and TCP/IP client units simultaneously.

The FT-Soft client software allows any Windows workstation to connect to any FT server as a stand-alone client. This is quite useful for stand-alone dispatch workstations or portable notebook-based operations. Click here for more information on the FT-Soft software client.

The FT series uses a FIPS certified encryption module. AES is used for the bulk data encryption. SHA1 is used for signing and RSA 2048 for key exchange and authentication. A USB memory device is used for certificate information storage.

The FT-6602 Ethernet ports are all 10/100BaseT. The FT-6606 and FT-6632 Ethernet ports are 10/100/1000BaseT. The serial port may only be used for initial IP setup. The FT's are typically setup and always managed using a web browser. The server should have a fixed or known DHCP IP address. Clients can use DHCP or have fixed IP addresses.

The FT series operate through firewalls using only one port of your choice opened. It bridges all Ethernet protocols including IPX, IP, NetBEUI, and other proprietary or unroutable protocols. The FTs are straight-forward, easy to configure and maintain. They have state-of-the-art AES encryption security without the configuration complexity of VPN.

For encryption of serial RS-232 links not involving ethernet or IP, see our SE-6600 product line. For encryption of ethernet or IP links using non FIPS certified modules and other features, see our UT or XT series products.

Due to the encryption employed in these products, FT series products are export controlled items and are regulated by the Bureau of Industry and Security (BIS) of the U.S. Department of Commerce. Some models of the ET and FT series are classified as mass market encryption devices and may not be exported or shipped for re-export to restricted countries in Country Group E:1.


SPECIFICATIONS

General


Protocol Features


Performance:



Indicators


Physical/Electrical

FT-6602 FT-6606 FT-6632

Environmental


APPLICATIONS

How it works

The FT family products create an encrypted tunnel which passes Ethernet packets between two trusted LAN segments. All ethernet protocols are bridged between the FT units. The FT only operates in conjunction with other FT units. One unit is required for each location. Multiple client units may be connected to the same host unit, and a client may be connected to multiple host units (daisy-chained operation). A host unit may be configured to block client-unit to client-unit connections, or to allow them. All FT series units are compatible.

Download a copy of the manual.

This is a quick-start guide and "cookbook" configuration guide for the FT series hardware.
Download a copy of the quick-start guide.

This is a quick-start guide and "cookbook" configuration guide for the FT-Soft software client.
Download a copy of the quick-start guide.

The FT series is the FIPS 140-2 encryption module version of our ET series encrypted tunnels. While these applications notes reference the ET series products, the FT series operation and capabilityes are similar.

Just The Facts, Please.

Read the encryptor FAQ for quick answers to questions others have asked. Just click here.
Quick-start guide to the XT-3305.
This application note guides the new XT-3305 user from opening the boxes to having a working encrypted tunnel between two XT-3305 units on a test bench. Step-by-step instructions make it quick and painless to learn the configuration process.

Troubleshooting guide for the above Quick-start.
If it didn't go well and doesn't immediately work, this guide offers some troubleshooting hints. Most people won't need this, but it's here if you do.


All DCB ethenet encryptors operate similarly, with differences being in the protocols, capabilities, and authentication methods. Since the topology is comparable for all of them, we show application notes for all these products together.

DCB's Encryption Product Export Statement
Some of our encryption products are export controlled items and are regulated by the Bureau of Industry and Security (BIS) of the U.S. Department of Commerce. Some are classified as mass market encryption devices and may not be exported or shipped for re-export to restricted countries in Country Group E:1. They are exportable to most other countries. Read our Encryption Product Export Statement here for more specifics.

Using XT Tunnels with IP Radio Dispatch Systems.
Radio installers rely on DCB tunnel products to implement secure networks for mission critical applications. DCB Encryptors (XT, UT, and ET roducts) enable IP dispatching across multiple networks. They remove the multi-cast problem faced in many IP network installations so are frequently used along with Telex, Motorola, Kenwood, Harris, Zetron, AVTEC, and other two-way radio consoles. This document describes some of those techniques with examples we've seen at PSAPs and other dispatch centers.

Tunnel Product Security In Perspective.
Our encrypted tunnel appliances provides a LAN -to- LAN encrypted tunnel between locations. It employs a layer three (UDP/IP or TCP/IP) connection between two or more tunnel devices to create a secure, AES encrypted tunnel. For export purposes, the Some models are considered a Mass Market Encryption Device by the Department of State Bureau of Industrial Security and are export limited.

This product line meets HIPPA and most government standards for non-classified data transfer. However, it is not NIST FIPS 140-2 approved. For a FIPS 140 approved product, the (more expensive) FT line of encryption appliances is required. This note discusses the security implications of using our encrypted tunnels.


Redundancy Techniques Using DCB Tunnel Devices and Software.
Users have come to rely on DCB tunnel products to implement secure networks for mission critical applications in which downtime must be kept to a minimum. Thus it is not unusual for customers to ask questions about techniques that may be applied to make the tunnel network more robust. This document describes some of those techniques with examples.
Quick-start guide to the XT-3306.
This application note guides the new XT-3306 user from opening the boxes to having a working encrypted tunnel between two XT-3306 units on a test bench. Step-by-step instructions make it quick and painless to learn the configuration process. One difference between the XT and the UT/ET families is that the XT allows the selection of TCP and UDP protocols for the tunnel path.

Troubleshooting guide for the above Quick-start.
If it didn't go well and doesn't immediately work, this guide offers some troubleshooting hints. Most people won't need this, but it's here if you do.

Quick-start guide to the UT-3302.
This application note guides the new UT-3302 user from opening the boxes to having a working encrypted tunnel between two UT-3302 units on a test bench. Step-by-step instructions make it quick and painless to learn the configuration process.

Troubleshooting guide for the above UT-3302 Quick-start.
If it didn't go well and doesn't immediately work, this guide offers some troubleshooting hints. Most people won't need this, but it's here if you do.

Encrypted Bridge Installation Option
An application note describing an appliance-like installation that allows the Tunnel to be located anywhere on the local LAN. Known around DCB as the "Single-Port Installation".

Using the UT Encrypted Bridges and UT-SOFT with IP Multicast.
Discusses applying the UT products to transport VOIP multicast via non-multicast wide area networks. Examples showing IP voice dispatch radios for public service agencies. The UT supports multi-cast IP over normal uni-cast networks and allows a private multi-cast network to span multiple IP networks. The UT-SOFT software client allows any PC to be a securely connected node on a remote network

Motorola MIP 5000 VoIP Radio Console VPN Solution Guide
This Motorola produced MIP 5000 VoIP Radio Console VPN Solution Guide features a virtual private network (VPN) solution that has been tested with MIP 5000 VoIP Radio Console. The VPN solution uses a pair of encrypted Ethernet bridges to provide a secure Ethernet tunnel between the dispatch center and a remote MIP 5000 console. The secure Ethernet tunnel supports a remote console operator receiving audio from and transmitting audio to radio channels and other MIP 5000 consoles using AES encryption.

UT Tunnel Installation Note - "Living On a Wild Feed... Safely"
This short application note summarizes the options and requirements for directly connecting the untrusted interface of UT encrypted tunnels to the Internet. Yes, the UT tunnels may be safely living on the wild side of your firewalls and if properly configured appear to be a "black hole" to your adversaries!

Using the UT for Remote Management Applications Since the UT along with UT-Soft enables a remote workstation to have a virtual presence on a remote LAN segment, it's quite useful for network monitoring and analysis, similar to a RMON without the headaches. Download an application note that discusses using UT-Soft and our UT servers for remote LAN network montoring.

ET Encrypted Bridge Quick-Start Installation Guide
A cookbook style quick start guide to installing the ET Encrypted Bridges. Illustrates common usage examples with fill-in-the-blank instructions.


ET-3302/6600 Encrypted Bridge Applications
Some ways the ET products are being used to tunnel IP traffic in the real world.


Using the ET-6601 Encrypted Bridge with EVDO & Wifi
Discusses using the ET-6601 with high speed cellular modems and 802.11 Wifi wide area connections.

ET Encrypted Bridge Installation Option
An application note describing an appliance-like installation that allows the ET to be located anywhere on the local LAN. Known around DCB as the "Single-Port Installation".


Using the ET Encrypted Bridges with 801.Q VLANs
Discusses configuring the ET products to handle 801.Q VLAN traffic. The ET supports 801.Q VLAN tagged packets, and allows a VLAN to span multiple IP networks.


Using the ET Encrypted Bridges with IP Multicast.
Discusses applying the ET products to transport VOIP multicast via non-multicast wide area networks. Examples showing IP voice dispatch radios for public service agencies. The ET supports multi-cast IP over normal uni-cast networks and allows a private multi-cast network to span multiple IP networks.

Automating Dial-Up Router and Bridge PPP Connections
An application note that details one common method of automating the use of IP-6600 routers and ET-6600 bridges to dial multiple remote locations on a scheduled or automated basis.


Applications Drawing


Questions? Phone us toll free at 800-432-2638

Due to the nature of this product,
we prefer that you phone us and discuss your application prior to ordering this product.

Item Number Description Price Buy Now!
FT-6606 Encrypted Ethernet Tunnel Appliance with Three Ethernet Ports $ 2,250 Qty:
9501095 12 VDC regulated external power supply option for FT-6606 $ 75 Qty:
9501096 24 VDC regulated external power supply option for FT-6606 $ 75 Qty:
9501097 36-72 VDC external power supply option for FT-6606 $ 75 Qty:
6013006 Optional DIN rail mounting clips for FT-6606 $ 14 Qty:
FT-6602 Encrypted Ethernet Tunnel Appliance with Three Ethernet Ports $ 1,495 Qty:
FT6602-12VDC 9-18 VDC external power supply option for FT-6602 $ 75 Qty:
FT6602-24VDC 18-36 VDC input external power supply option for FT-6602 $ 75 Qty:
FT6602-48VDC 36-72 VDC external power supply option for FT-6602 $ 75 Qty:
FT6602-125VDC 125 VDC external power supply option for FT-6602 $ 125 Qty:
FT-6632 Encrypted Ethernet Tunnel Appliance with Gigabit Ethernet Ports $ 8,695 Qty:
FT-SOFT Encrypted Ethernet Tunnel Client Software $ 249 Qty:

img
Data Comm for Business Inc.
2949 County Road 1000 E
Dewey, Il 61840
Voice: 217-897-6600
Toll Free: 800-4-DCB-NET
Toll Free: 800-432-2638
Email: Contact Page
Web: www.dcbnet.com
Fax: 217-897-8023
All DCB web pages copyright ©1995- Data Comm for Business, All rights reserved.
EtherPath®, EtherSeries®, EtherPoll®, EtherBridge® and EtherModem® are Registered Trademarks of Data Comm for Business, Inc.