Microwall VPN, industrial Firewall, Ethernet bridge, NAT router and VPN WireGuard

A Microwall VPN is a network element that is inserted into an Ethernet network to separate (isolate) devices on the network or to restrict Ethernet communication to those devices. It is useful for connecting machines to a corporate Ethernet network or for connecting older computers and devices on the network that might be a security threat because they still have an older and poorly secured operating system. Another reason may be the need to define and clearly configure Ethernet communication to PLC systems, e.g. enabling the port only for OPC UA communication, for reading data into the production system, etc.  

Network your machines without complications

The Microwall VPN is equipped with a NAT router and is therefore suitable for connecting machines and production lines to a corporate Ethernet network. The connected devices do not need to be in the same IP range as the corporate Ethernet network. In practice, this means that you can use the Microwall VPN to connect machines to the enterprise Ethernet network that have the same IP address from the manufacturer. Often changing this default IP address is impossible or very expensive and an elegant solution will be to connect the machine via the Microwall VPN. 

Whitelist rules

The Microwall Bridge works on the whitelist principle, i.e. after placing it in the network it isolates all communication from port 1 to port 2. The principle of whitelisting is that everything is initially forbidden and we allow what we need. The devices that are to be isolated from the rest of the network are connected to port 2. Using rules, we gradually enable the necessary communication. Within the rules we define the IP address, ports, type of communication (TCP/UDP/FTP) and the direction in which they should communicate.

VPN WireGuard

You can use VPN WireGuard technology to remotely maintain, support, and remotely access devices located behind the Microwall VPN because the Microwall VPN device primarily acts as a VPN WireGuard server that you can remotely connect to from your computer as a VPN WireGuard client. VPN WireGuard is a modern and fast protocol for creating virtual private networks (VPNs). It was designed with simplicity and efficiency in mind, which sets it apart from other traditional VPN protocols such as OpenVPN or IPsec. WireGuard focuses on minimalism and code simplification, making it easy to audit and secure. One of the main features of WireGuard is its ability to provide high speed and low latency through efficient implementation and the use of modern cryptographic methods. This makes it ideal for a variety of applications such as mobile devices, virtual private networks (VPS) or connecting larger networks. WireGuard is also designed to be easy to deploy and manage, making it easy to use for both users and network administrators. These features have made WireGuard an increasingly popular choice for implementing VPN solutions. For details and up-to-date information on WireGuard, please visit www.wireguard.com.

Example of using Microwall VPN

• Connecting and networking machines (PLC systems) to the corporate Ethernet network.
  • the machines have the same IP addresses and networking would threaten address conflicts
  • the machines have different IP addresses, which are also different from the IP range of the corporate Ethernet network

• Connecting PLC systems to the corporate Ethernet network and setting clear security communication rules.
  
  • Example: we have a production machine with PLC S7-1500. This PLC runs a web interface and an OPC UA server to read data from the PLC. We only want to read data from the company network via OPC UA, the rest of the communication is undesirable for security reasons. The IP addresses of the PLC and the computers in the corporate network can have the same or different IP addresses.