Secure systems management from classified networks


Oakdoor™ Management Gateway lets you manage systems in DMZ (demilitarized zone) networks. It allows software deployment and configuration via web-based interfaces and secure terminal sessions.

The Management Gateway enables secure file export to an internal server on the untrusted low-side of the unit, and browsing from the high-side classified network to a desktop server running on the low-side of the device.

From this low-side server, administrators can use VNC, RDP or SSH to access resources in the DMZ, or deploy software, for example through execution of ansible scripts.

Syslog data can be safely imported to the classified network via the transform-verify approach of the NCSC Safely Importing Data design pattern, in which hardware based syntax verification is performed by the Oakdoor™ Import Diode followed by semantic checking in software for valid syslog data.

Internet time (NTP) can be passed from the classified network down to the DMZ via the built-in Oakdoor™ Export Diode.

Secure network management of DMZs
via browse down across the classification boundary

Support for network services NTP and syslog

low CapEx and OpEx

Simple maintenance
from the high side of the network




Security enforcing functions

File import – hardware-based syntax verification (SISL–structured data, BMP–images for desktop framebuffer updates)
Secure file wrapping of unverified content
Signature checking of all exported content

High-side interface

Browse down using clientless access with LDAP user authentication
HTTPS file download

Logging interface

Low-side syslog server
High-side syslog client

Data interface

RJ45 with 10/100/1000 Base-T Ethernet

User interface

6 status/fault LEDs on front panel

Operating temperature range

0–30 °C

Operating humidity

10% – 90% RH, non-condensing

Data throughput

Up to 500 Mbit/s


Desk mount or 19-inch rack mount using supplied rack mounting kit

Power supply

12 V DC @ 3.5A via supplied power adaptor

Supply voltage

100 – 240 V AC 50/60 Hz

Maximum supply current

1.7 A

Electromagnetic compliance

2014/30/EU (EMC), EN 55024:2010+A1:2015, EN 55032:2015, Class A

RoHS compliance

2011/65/EU (RoHS) and EN 50581:2012

Safety compliance

IEC 62368-1:2014 (Second Edition)




2600 g

Dimensions (w x d x h)

350 mm x 212 mm x 44 mm (excluding rack mounting kit)


1-year hardware warranty


Safe Browse Software

Allows cross-domain access to a remote desktop server through the Oakdoor™ Gateway, enabling users to safely browse the internet from segregated networks:

  • access remote desktop systems
  • safe internet browsing across a network boundary
  • protocol breaks with hardware file content verification
  • protocol conversion and schema checking may run on commodity server hardware
  • coupling with Safe Data Software allows simultaneous data transfers.

Safe Data Software

Secure, reliable and fast transfer of large files across the Oakdoor™ Gateway. All unverified data, such as executables that have the potential to be malware, are safely wrapped by the Gateway hardware using the NCSC ‘Cloaked Dagger’ technique:

  • safe handling of imported content
  • assured delivery of large files
  • designed to run in parallel with Safe Browse Software.

Support packages

A range of support packages is available to ensure your cyber security is up to date:

  • software updates for the internal servers of the Oakdoor™ Gateways
  • technical support
  • integration support
  • support to integrate and configure the Oakdoor™ Gateways into your existing infrastructure
  • customised data transfer to securely transfer your specific data and protocols across the Oakdoor™ Gateway.


Our Oakdoor™ products will ensure your files, data and networks remain secure from cyber threats.



Secure control of
data release



Explore all Gateway