Microwall IO - Firewall router with VPN and digital IO

Secure communication for machines and systems

Secure communication = secure operation - The Microwall VPN is a firewall that uses appropriate rules to protect your critical machines or systems from undesired or harmful access. Communication from and to the island is restricted to what is essential for operation, thereby significantly reducing the potential attack area. Harmful events such as load spikes, broadcast storms etc. remain locally limited and have no effects on the other respective segment.

Secure commissioning - In contrast to many other routers which often permit unrestricted outgoing data communication, the Microwall VPN blocks any cross-network data traffic. In Discover mode outgoing communication attempts of the island-side connected devices and including the associated host name of the destination server are documented. Permitted destinations are used with a mouse click to create a release rule, whereas undesired communication remains blocked.

Secure remote access via VPN - For remote maintenance and remote access to the island network the Microwall VPN provides a WireGuard®-VPN endpoint which can be operated actively as a VPN client or passively as a VPN server.

Digital in- and outputs for control and reporting -The digital inputs enable event-based activation of VPN access or switching rule groups for the firewall. Then for example when there are equipment faults the operator or equipment controller itself can open the VPN connection to the manufacturer through a switching contact.

More info: Learn more about how the Microwall VPN works here.

Operating modes:

The Microwall VPN remotes sensitive components or subnets into a separate island network and separates it from the higher level company intranet. For remote maintenance, remote support, etc. a WireGuard VPN server is available which provides selected VPN clients with secure and dedicated firewall protected access to the island stations.

All connections between the networks must use rules based on source/destination IP and the used TCP/UDP port numbers to obtain an express release. For outgoing connections host names can be used as a destination within the rules. Communication of undocumented and/or undesired services is prohibited and harmful events such as overload are kept away from the island.

NAT router mode

Similar to a traditional DSL internet connection, the entire island network is incorporated via just an IP address of the intranet into the network there. No intervention into the routing concept of the intranet is necessary. Operation of multiple island networks having the same IP ranges is also possible in this mode. This gives machines and systems manufacturers the possibility of operating internal network with a uniform series IP configuration - no cumbersome adaptations to the customer’s infrastructure.

Standard router mode

The Microwall VPN operates like a traditional router, while the island network appears in the intranet in the form of static routing. Static NAT can also be used for 1:1 mapping of intranet addresses to fixed IPs in the island network. These island hosts thereby become quasi-local components of the intranet while still enjoying the protection of appropriate firewall rules.

Discover mode

Connection attempts on the island side to connected hosts are recorded and logged including whatever destination host names were used. For desired connections, a release rule is created just by a mouse click. Unknown, undesired or harmful connections remain blocked.

WireGuard VPN

The Microwall VPN uses the WireGuard platform as a VPN solution for remote access. Compared with other VPN solutions this offers advantages such as high data throughput and simple management with a high level of security and stability. Details and current information about WireGuard can be found at https://www.wireguard.com. The Microwall VPN can provide a VPN client or VPN server terminal point on your intranet connection. Depending on the application external WireGuard clients can dial in to the islands or the Microwall connects as a VPN client - for example into your service network.