The digital transformation of the industry, driven by the Industry 4.0 concept and now evolving into smart automation, represented major changes in how operations are managed, as systems previously operated on isolated networks, without external connection. This approach offered intrinsic protection but prevented the real-time exchange of information for process optimization.
The new era of operational intelligence, however, demands convergence with information technology, connecting field equipment to management systems and the cloud to enable data collection and analysis at scale.
In this context, gateways assume an essential role in operations, functioning as the bridge between the internal network and the external network. They enable data exchange and ensure interoperability between systems that use distinct architectures and communication languages. Their main function is the intelligent protocol conversion,translating legacy industrial languages, such as Modbus RTU/ASCII, into more modern IP-based protocols, such as Modbus TCP and MQTT, for example. With this, machines and processes already installed can integrate fluently with advanced supervision and control systems, such as SCADA solutions and cloud platforms.
The expansion of connectivity, on the other hand, brought a new and complex surface of vulnerabilities to cyberattacks. The absence of segmentation between OT and IT networks increases the exposure to threats and malware. In this scenario, the choice of a gateway goes far beyond the need for connectivity: the device needs to be rugged and, above all, secure, acting as a strategic control point between information security and operational security,ensuring the integrity and availability of physical processes.
In this article, we will show how integration with gateways can make industrial operations more agile and, at the same time, raise the level of cybersecurity of applications as a whole.
Gateway TLE: technology that unites high connectivity and industrial cybersecurity
The TLE3-21100, from Altus’s Connect Serieswas designed to act as a 4G IoT RTU in industrial applications, offering a complete solution for telemetry and secure remote access. The device is the union of mechanical ruggedness, interface flexibility, and a multi-layered security architecture.
The versatility of the TLE begins with its communication interfaces. It supports a vast range of protocols and has physical interfaces, allowing connection with IP-based network equipment and serial devices simultaneously.
- – Physical interfaces: the equipment has a 10/100Mbps Ethernet port for LAN connectivity, an RS-232/RS-485 serial interface to integrate legacy Modbus devices, and a 4G cellular WAN module for remote connectivity without geographic limits.
- – Wireless connectivity: in addition to cellular, the gateway has IEEE802.11n 1T1R Wi-Fi connectivity, which enables communication with PLCs and other devices on a wireless network, with the possibility of the gateway itself acting as an access point.
- – The true differentiator,however, lies in WAN connectivity. The intermittence of networks in remote areas is a recurrent challenge in telemetry applications. To overcome this limitation, the TLE was developed with an LTE module that supports 2 Micro SIMs, enabling a redundant connection. Should communication via SIM-A be interrupted, the gateway automatically switches to SIM-B, ensuring the continuity of data transmission in critical applications.
Ruggedness and reliability in adverse environments
The first line of defense in any industrial system is the physical integrity of the entire application. The TLE TLE is built with a rugged metal alloy casing, in compliance with the IP30 protection levelwhich makes it resistant to impacts and vibrations. Its capability to operate in a wide temperature range, from −30 ∘ C to 70 ∘ C, ensures its performance in harsh environments, such as those found in the agro-industry, water and wastewater and in metal and mining factories.
The certifications of compliance with European (CE, RoHS) and Brazilian (ANATEL) standards validate its quality and safety for commercialization and use in regulated environments.
Digital security far beyond connectivity
Connectivity, in itself, is not security. A network connection can become a significant risk vector if it is not properly protected. With this in mind, the TLE was designed with a rugged and proactive security architecture, ensuring that both the device and the network it protects are prepared to face digital threats.
And in addition to perimeter defenses, the gateway supports VPN technologies such as IPSec and OpenVPN,essential for extending local network security through a channel like the internet.
IPSec acts by encrypting and authenticating each IP packet to establish a secure tunnel, while OpenVPN uses protocols like SSL/TLS for key exchange and has the ability to traverse firewalls and NATs (Network Address Translation). This functionality is essential for secure remote access, enabling communication to be established confidentially and protected in scenarios such as Site-to-Site and Host-to-Site..
Check out a detailed view of the TLE's integrated firewall features
The TLE has an integrated SPI firewallwhich serves as the base of its defense. Different from a simple filter that analyzes packets individually, the SPI firewall inspects the context of the communication. It monitors the state of each network connection (established, related, or new) and enables only packets that belong to a legitimate and already initiated communication session to pass.
This smart approach protects the network against attacks that attempt to mask malicious traffic in active communication sessions, such as some types of denial of service attacks. And security is reinforced by granular access control policies, such as:
- – Filtro de pacotes (Packet Filter): this functionality enables granular and precise control of network traffic. The administrator can create rules to permit or block packets based on parameters such as the ingress and egress interface, the source and destination IP address, and the protocol (TCP, UDP, etc.) and service port. This capability is fundamental for the segmentation of OT and IT networks, ensuring that only traffic authorized for supervision or control purposes can pass. For example, a rule can be configured to allow only a SCADA server with a specific IP to communicate with the PLCs on the network, blocking all others.
- – Controle por MAC (MAC Control): acting on the lowest network layer, MAC control offers a powerful way to restrict network access based on the physical address of each device. The administrator can create white lists or black lists to authorize or block specific devices, ensuring that only recognized and approved equipment can connect. It is a security layer that prevents unauthorized devices from entering the industrial network.
Intrusion Prevention System (IPS) and stealth mode
Defense goes beyond simple traffic filtering. Proactive security means anticipating and neutralizing threats before they can cause any damage, and for this, the TLE features the following functions:
- – Função IPS (Intrusion Prevention System)the TLE has an IPS function for cybersecurity, which acts as an active security layer, monitoring and protecting the network against malicious activities. In contrast to an IDS (Intrusion Detection System), which only records suspicious activity, the TLE's IPS acts proactively, automatically identifying and blocking known attacks and malicious behaviors, such as SYN Flood, UDP Flood, ICMP Flood, and Port Scan. This functionality prevents a denial of service attack from overloading the gateway and preventing it from operating.
- – Modo furtivo (Stealth Mode): this functionality adds a layer of "digital invisibility" to the gateway. When activated, the device stops responding to external port scans. This means that, for an external attack, the gateway and the network behind it appear not to exist, making them less visible and reducing the "attack surface".
The combination of these features demonstrates that the TLE 's security is a rugged defense architecture: from perimeter protection (MAC Control) to proactive intelligence (IPS) , the goal is to ensure maximum availability for the industrial environment.
Never lose your data: the data logging function in critical scenarios
In industrial environments, especially in remote locations, WAN connectivity can be intermittent due to external factors such as network instability or power failures. In these moments of disconnection, the loss of production data can be a serious problem, compromising predictive analysis, compliance reports, and the diagnosis of operational faults.
The TLE’s data logging function do TLE is a smart solution to this challenge, acting as a "memory protector" that guarantees data integrity, even when the connection to the remote server fails.
The TLE supports different data logging modes, but the Off-line Proxy mode is the most relevant for the disconnection scenario. In a connection failure, the gateway takes over the data collection from the field devices slaves) according to pre-defined acquisition rules. This data is then securely stored on a MicroSD card on the device itself. When the connection is re-established, the administrator can export the log files, allowing the information gap to be filled without the need for production to be interrupted..
This functionality transforms a potential data loss into just a matter of synchronization delay. The capacity to log data locally ensures the continuity of information collection, which is the basis for operational intelligence in any industry and makes telemetry in remote areas more reliable.
The opportunity for modernization now
The TLE gateway is a complete solution that unites flexible connectivity, resilience for operating in extreme environments, and a rugged security architecture. It is a tool for companies that wish to modernize their automation, integrate systems, and ensure the continuity and integrity of data in an increasingly connected scenario.
And as part of our commitment to democratize technologies for smart automation, we want to make this solution accessible to you. For this reason, the TLE3-21100 is available at a special promotional price,, valid from the end of September until the end of October, an opportunity to strengthen the future of your automation.
