Encrypted Ethernet Tunnel Utilizing FIPS Certified Encryption Module

FT Family Encrypted Ethernet Tunnel

  • FIPS certified encryption module
  • The FT-6602/6632/Soft creates encrypted tunnels
  • FT-6602 industrial temperature -20º to +70º C
  • FT-6632 +10º to +40º C
  • FT-6602 AC and DC power supply options
  • 10/100BaseT Ethernet ports
  • FT-6602 - 1 Trusted port, 2 Untrusted ports (100BaseT)
  • FT-6632 - 1 Trusted port, 1 Untrusted ports (1000BaseT)
  • FT-Soft - Windows PC Software Client
  • Easy to setup and maintain
  • FT-6602 server mode supports up to 25 clients
  • FT-6632 supports up to 50 client FT units
  • Operates as server, client, or client & server
  • Extensive statistics, logging and diagnostics
  • Tunnels at the Layer 2 level, including multicast
  • Ethernet to Ethernet
  • Bridge/Tunnel supports 4,096 MAC addresses
  • Remote PCs appear to be on the local network
  • Bridges 802.1Q tagged V-LAN trunks
  • Extensive filtering on MAC, IP, and Protocols
  • Transports data either TCP/IP or UDP
  • UDP transport is ideal for voice and video
FT-6602 Front View
FT-6602 Rear View
FT-6632 Front View
FT-Soft Client Software

How To Order
Protocol Features
Printable PDF Data sheet
Application Notes and Manual

Common Applications

  • Utilities, gas and oil production, pipelines
  • Law Enforcement – Remote offices
  • Medical – Meets HIPPA requirements for securely sending medical data
  • Secure video and/or voice transmission
  • Financial industry
  • Remote office PCs sharing an FT-6602
  • Government applications for NIST/FIPS
  • Securely bridge networks over the Internet for lower line costs
  • Remote network monitoring via the Internet
  • Voice over IP radio dispatch using multicast


The FT-6602/6632 creates an encrypted tunnel through IP networks. The FT-6602 features three Ethernet LAN ports and a serial port for initial setup, the FT-6632 2 Ethernet ports and a serial port.

The FT-6602/6632 encrypts data between private networks using the public Internet or any other network as the transport.

The FT-6602/6632 can be a server, a client or a client & server device. As a server, the FT-6602 supports up to 25 simultaneous clients. The FT-6632 support up to 50 clients.

The FT-6602/6632 Ethernet user data transport may be either TCP/IP or UDP. UDP is preferred for wireless links, for voice and for video transport. An FT server can support UDP and TCP/IP simultaneously.

The FT-Soft client software allows any Windows workstation to connect to any FT server as a stand-alone client. This is quite useful for stand-alone dispatch workstations or portable notebook-based operations. Click here for more information on the FT-Soft software client.

The FT series uses a FIPS certified encryption module. AES is used for the bulk data encryption. SHA1 is used for signing and RSA 2048 for key exchange and authentication. A USB memory device is used for certificate information storage.

The FT-6602 Ethernet ports are all 10/100BaseT. The FT-6632 Ethernet ports are 10/100/1000. The serial port can be used for initial IP setup. The FT's are typically setup and managed using a browser. The server has a fixed IP address. Clients can use DHCP or have fixed IP addresses.

The FT series operate through firewalls with only one port of your choice opened. It bridges all Ethernet protocols including IPX, IP, NetBEUI, and other proprietary protocols. The FTs are straight-forward, easy to configure and maintain. They have state-of-the-art AES encryption security without the configuration complexity of VPN.

For encryption of serial RS-232 links not involving ethernet or IP, see our SE-6600 product line. For encryption of ethernet or IP links using non FIPS certified modules and other features, see our ET series or UT series products.

Due to the encryption employed in these products, FT and ET series products are export controlled items and are regulated by the Bureau of Industry and Security (BIS) of the U.S. Department of Commerce. Some models of the ET and FT series are classified as mass market encryption devices and may not be exported or shipped for re-export to restricted countries in Country Group E:1. They are shippable to most other countries.



Protocol Features




FT-6602 FT-6632



How it works

The FT family products create an encrypted tunnel which passes Ethernet packets between two trusted LAN segments. All ethernet protocols are bridged between the FT units. The FT only operates in conjunction with other FT units. One unit is required for each location. Multiple client units may be connected to the same host unit, and a client may be connected to multiple host units (daisy-chained operation). A host unit may be configured to block client-unit to client-unit connections, or to allow them. All FT series units are compatible.

Download a copy of the manual.

This is a quick-start guide and "cookbook" configuration guide.

Download a copy of the quick-start guide.

The FT series is the FIPS 140-2 encryption module version of our ET series encrypted tunnels. While these applications notes reference the ET series products, the FT series operation and capabilityes are similar.

The Facts, Please.

Read the encryptor FAQ for quick answers to questions others have asked. Just click here.

All DCB ethenet encryptors operate similarly, with differences being in the protocols, capabilities, and authentication methods. Since the topology is comparable for all of them, we show application notes for all these products together.

UT Product Security In Perspective
This document provides an overview of the UT security perspective as well as best practices for configuring UT encryptors.

Redundancy Techniques Using DCB Tunnel Devices and Software.
Users have come to rely on DCB tunnel products to implement secure networks for mission critical applications in which downtime must be kept to a minimum. Thus it is not unusual for customers to ask questions about techniques that may be applied to make the tunnel network more robust. This document describes some of those techniques with examples.

Quick-start guide to the XT-3306.
This application note guides the new XT-3306 user from opening the boxes to having a working encrypted tunnel between two XT-3306 units on a test bench. Step-by-step instructions make it quick and painless to learn the configuration process. One difference between the XT and the UT/ET families is that the XT allows the selection of TCP and UDP protocols for the tunnel path.

Troubleshooting guide for the above Quick-start.
If it didn't go well and doesn't immediately work, this guide offers some troubleshooting hints. Most people won't need this, but it's here if you do.

Encrypted Bridge Installation Option
An application note describing an appliance-like installation that allows the Tunnel to be located anywhere on the local LAN. Known around DCB as the "Single-Port Installation".

Using the UT Encrypted Bridges and UT-SOFT with IP Multicast.
Discusses applying the UT products to transport VOIP multicast via non-multicast wide area networks. Examples showing IP voice dispatch radios for public service agencies. The UT supports multi-cast IP over normal uni-cast networks and allows a private multi-cast network to span multiple IP networks. The UT-SOFT software client allows any PC to be a securely connected node on a remote network

Motorola MIP 5000 VoIP Radio Console VPN Solution Guide
This Motorola produced MIP 5000 VoIP Radio Console VPN Solution Guide features a virtual private network (VPN) solution that has been tested with MIP 5000 VoIP Radio Console. The VPN solution uses a pair of encrypted Ethernet bridges to provide a secure Ethernet tunnel between the dispatch center and a remote MIP 5000 console. The secure Ethernet tunnel supports a remote console operator receiving audio from and transmitting audio to radio channels and other MIP 5000 consoles using AES encryption.

UT Tunnel Installation Note - "Living On a Wild Feed... Safely"
This short application note summarizes the options and requirements for directly connecting the untrusted interface of UT encrypted tunnels to the Internet. Yes, the UT tunnels may be safely living on the wild side of your firewalls and if properly configured appear to be a "black hole" to your adversaries!

Using the UT for Remote Management Applications Since the UT along with UT-Soft enables a remote workstation to have a virtual presence on a remote LAN segment, it's quite useful for network monitoring and analysis, similar to a RMON without the headaches. Download an application note that discusses using UT-Soft and our UT servers for remote LAN network montoring.

The UT series operates similarly to our ET series encrypted tunnel. The main difference between the two product lines is that the UT uses UDP/IP protocol for the tunnel link while the ET uses TCP/IP for the tunnel link protocol. The following ET application notes apply to the UT as well as the ET series.

ET Encrypted Bridge Quick-Start Installation Guide
A cookbook style quick start guide to installing the ET Encrypted Bridges. Illustrates common usage examples with fill-in-the-blank instructions.

ET-3302/6600 Encrypted Bridge Applications
Some ways the ET products are being used to tunnel IP traffic in the real world.

ET Encrypted Bridge Installation Option
An application note describing an appliance-like installation that allows the ET to be located anywhere on the local LAN. Known around DCB as the "Single-Port Installation".

Using the ET Encrypted Bridges with 801.Q VLANs
Discusses configuring the ET products to handle 801.Q VLAN traffic. The ET supports 801.Q VLAN tagged packets, and allows a VLAN to span multiple IP networks.

Using the ET Encrypted Bridges with IP Multicast.
Discusses applying the ET products to transport VOIP multicast via non-multicast wide area networks. Examples showing IP voice dispatch radios for public service agencies. The ET supports multi-cast IP over normal uni-cast networks and allows a private multi-cast network to span multiple IP networks.

Automating Dial-Up Router and Bridge PPP Connections
An application note that details one common method of automating the use of DCB routers and bridges to dial multiple remote locations on a scheduled or automated basis.

Applications Drawing

Questions? Phone us toll free at 800-432-2638

Due to the nature of this product,
we prefer that you phone us and discuss your application prior to ordering this product.

Item Number Description Price Buy Now!
FT-6602 Encrypted Ethernet Tunnel Appliance with Three Ethernet Ports $ 1,495 Qty:
FT6602-12VDC 9-18 VDC external power supply option for FT-6602 $ 75 Qty:
FT6602-24VDC 18-36 VDC input external power supply option for FT-6602 $ 75 Qty:
FT6602-48VDC 36-72 VDC external power supply option for FT-6602 $ 75 Qty:
FT6602-125VDC 125 VDC external power supply option for FT-6602 $ 125 Qty:
FT-6632 Encrypted Ethernet Tunnel Appliance with Gigabit Ethernet Ports $ 8,695 Qty:
FT-SOFT Encrypted Ethernet Tunnel Client Software $ 249 Qty:

Data Comm for Business Inc.
2949 County Road 1000 E
Dewey, Il 61840
Voice: 217-897-6600
Toll Free: 800-4-DCB-NET
Toll Free: 800-432-2638
Email: Contact Page
Web: www.dcbnet.com
Fax: 217-897-8023
All DCB web pages copyright ©1995- Data Comm for Business, All rights reserved.
EtherPath®, EtherSeries®, EtherPoll®, EtherBridge® and EtherModem® are Registered Trademarks of Data Comm for Business, Inc.