Secure file import and internet browsing to lower classification networks


Oakdoor™ Classification Gateway provides highly controlled two-way flows between segregated networks. This enables critical use-cases such as browse down and assured large file delivery. The Oakdoor™ Classification Gateway also allows export of pre-signed files that have gone through the Release Authorisation process as part of the NCSC Safely Exporting Data design pattern.

The Oakdoor™ Classification Gateway integrates the Safe Browse software, enabling users to securely browse across a trust boundary, such as from a trusted network down to the internet. The Classification Gateway uses two Oakdoor™ Data Diodes, which enable a secure connection to an external remote desktop server and a secure display of the untrusted network through a series of images. The diodes block all data other than the images, ensuring hidden malware and other attacks can’t reach the trusted network. Their hardware implements line-rate data syntax verification, protecting subsequent content checks performed in software.

Oakdoor™ Classification Gateway integrates the Safe Data application that allows import or export of files of unlimited size with assured delivery. Imported files are wrapped with the UK National Cyber Security Centre (NCSC) ‘Cloaked Dagger’ technique to allow safe handling of potentially malicious content.

Safe internet browsing
from trusted networks

No high-side application
access via browser

User authentication
required prior to internet browsing

NCSC CAPS approved
data diode platforms

low CapEx and OpEx




Security enforcing functions

File import – hardware based syntax verification (SISL–structured data, BMP–images for desktop framebuffer updates)
Secure file wrapping of unverified content
Signature checking of all exported content

High-side interface

Browse down using clientless high-side access with LDAP user authentication
HTTPS file download

Data interface

RJ45 with 10/100/1000 Base-T Ethernet

User interface

6 status/fault LEDs on front panel

Operating temperature range

0–30 °C

Operating humidity

10% – 90% RH, non-condensing

Data throughput

Up to 500 Mbit/s


Desk mount or 19-inch rack mount using supplied rack mounting kit

Power supply

12 V DC @ 3.5A via supplied power adaptor

Supply voltage

100 – 240 V AC 50/60 Hz

Maximum supply current

1.7 A

Electromagnetic compliance

2014/30/EU (EMC), EN 55024:2010+A1:2015, EN 55032:2015, Class A

RoHS compliance

2011/65/EU (RoHS) and EN 50581:2012

Safety compliance

IEC 62368-1:2014 (Second Edition)




2600 g

Dimensions (w x d x h)

350 mm x 212 mm x 44 mm (excluding rack mounting kit)


1-year hardware warranty


Safe Browse Software

Allows cross-domain access to a remote desktop server through the Oakdoor™ Gateway, enabling users to safely browse the internet from segregated networks:

  • access remote desktop systems
  • safe internet browsing across a network boundary
  • protocol breaks with hardware file content verification
  • protocol conversion and schema checking may run on commodity server hardware
  • coupling with Safe Data Software allows simultaneous data transfers.

Safe Data Software

Secure, reliable and fast transfer of large files across the Oakdoor™ Gateway. All unverified data, such as executables that have the potential to be malware, are safely wrapped by the Gateway hardware using the NCSC ‘Cloaked Dagger’ technique:

  • safe handling of imported content
  • assured delivery of large files
  • designed to run in parallel with Safe Browse Software.

Support packages

A range of support packages is available to ensure your cyber security is up to date:

  • software updates for the internal servers of the Oakdoor™ Gateways
  • technical support
  • integration support
  • support to integrate and configure the Oakdoor™ Gateways into your existing infrastructure
  • customised data transfer to securely transfer your specific data and protocols across the Oakdoor™ Gateway.


Our Oakdoor™ products will ensure your files, data and networks remain secure from cyber threats.



Explore all Gateway