Refrigerated Container Monitoring on a Trusted Marine Network: Secure BAPLIE Exchange with the MG460

A Robustel Application Example

Application Example – Fast Facts

Industry

Maritime (commercial vessels)

Product(s)

MG460 gateway with MG Core; RCMS (RobustLink, RobustVPN); optional Edge data handling where appropriate

Challenges

A vessel’s refrigerated container monitoring server needs the BAPLIE file—Bay Plan Logistical Information Exchange—from the ship’s Loading PC to map each reefer by bay, row, and tier. Under IACS Unified Requirements E26/E27, the Loading PC sits inside the vessel’s Trusted Network, while the monitoring server is outside it. Direct access breaks trust-boundary rules and conflicts with IEC 61162-460 segmentation principles.

Expected Outcomes

Enable a controlled, auditable file transfer across network trust zones without adding new shipboard computers or relaxing policy. Keep the monitoring system fully operational while maintaining compliance with IACS UR E26/E27 and IEC 61162-460, and produce evidence that stands up to internal audit and class surveys.

Keep reefers monitored while staying inside the rules

Container vessels depend on continuous oversight of refrigerated containers. The monitoring server relies on BAPLIE from the Loading PC so alarms and workflows use the exact deck position of each box. Recent cyber rules have changed how those systems can talk to each other: the Loading PC now lives in the Trusted Network, but the monitoring server does not.

With IACS UR E26/E27 raising the bar for onboard segmentation and IEC 61162-460 defining how marine networks should be secured, the old “direct share” approach is no longer acceptable. The MG460 creates a controlled path between untrusted and trusted segments so the BAPLIE transfer continues—without undermining the vessel’s security posture.

Business Challenges

Vessels now enforce strict trust zones across business, operational, and safety systems. The refrigerated container monitoring server must not freely browse the Trusted Network, yet the BAPLIE exchange remains critical for correct mapping and alerting.

  • Trust boundary enforcement: New rules require a mediated pattern for inter-zone traffic. A simple SMB share from the Loading PC to the monitoring server is no longer compliant.
  • BAPLIE continuity: Reefer monitoring needs timely, automated updates during port calls and cargo ops, not manual copy steps that add delay and risk.
  • Auditability and least privilege: Security and class teams expect tight scoping, logging, and proof that only the BAPLIE transfer is permitted—nothing broader.

Solution Overview

The MG460 is placed between the monitoring server’s segment and the Trusted Network segment that hosts the Loading PC. Using the MG460’s internal demilitarized zone (DMZ), and firewall policy, the design exposes a narrowly scoped service for BAPLIE exchange. Depending on ship policy, the Loading PC can push BAPLIE into the DMZ share, or the monitoring server can pull from it—either way, rules are bound to known hosts and required ports only. Operations teams manage rules centrally and retain complete logs to support audits and surveys.

  • DMZ-mediated transfer: The MG460 terminates the inter-zone exchange in its DMZ so neither side reaches directly across trust boundaries.
  • Host and service allow-lists: Policies restrict communication to specific IPs and only the services needed for file copy; all other traffic is dropped.
  • Segmentation aligned to class: Firewall rules and network separation reflect IACS UR E26/E27 trust boundary requirements
  • Operational logging: Connection attempts, transfers, and configuration changes are recorded to provide defensible evidence for compliance checks.
  • MG Core consistency: Opinionated defaults (services off unless required) reduce configuration drift and support repeatable, survey-friendly configurations.

Note: Specific data sources and interfaces are defined per equipment list and class-approved integration plan. The gateway does not alter certified instrumentation; it transports and protects data.

Expected Customer Outcomes

A practical, compliant bridge that preserves refrigerated container monitoring without weakening the vessel’s cyber defenses. BAPLIE stays available; trust boundaries stay intact and provable.

  • Operations Managers: Accurate mapping and alarms continue during cargo operations, reducing cargo-quality risk and intervention time.
  • Network/OT Engineers: Minimal-port, least-privilege rules and full logs simplify reviews, change control, and survey preparation.
  • Installers / System Integrators: A repeatable deployment template that avoids ad-hoc exemptions and cuts commissioning time on board.
  • Vessel IT / Security: Compliance with IACS UR E26/E27 and IEC 61162-460 without adding new servers or broad access exceptions.
  • Bridge and Deck Teams: Less manual handling; position-aware reefer monitoring “just works” through port calls and turnarounds.

Featured Products

Robustel MG460 Gateway
MG460 Gateway Product Page
MG Core Operating System
MG Core Software Page
RCMS Cloud Device Management
RCMS Software Page

Talk to an Expert

If your reefer monitoring workflow needs BAPLIE under IACS UR E26/E27 and IEC 61162-460, we can help design a controlled, auditable exchange pattern for your fleet.

Speak to an expert about rulesets, deployment templates, and change control that match your vessel policies.

Talk to a Robustel Expert