Segmentation: Router- vs. Bridge Mode

Bridge: Microwall Bridge

The Microwall Bridge operates transparently as far as the IP ranges are concerned. This means the IP ranges (Net-IDs) of the surrounding network and the island side are identical. Nevertheless, cross-network connections are only possible after establishing express release rules based on the respective involved IP addresses and TCP/UDP port numbers.

Preferred application:

The low-effort post-segmentation is historically grown, flat network hierarchies.

Advantages:

Low integration effort in subsequent segmentation of network ranges. No intervention in the network setup of the island slaves or the applications running there is necessary. The island is for example managed only by an Ethernet switch and the Microwall Bridge is connected to the surrounding network in its uplink.

Very simple emergency fallback to a direct connection (e.g. at commissioning or device failure): The uplink cable of the island is simply directly connected to the surrounding network.

Simple configuration of the release rules based on IP addresses and TCP/UDP port numbers using the Web interface of the Microwall.

Drawbacks:

No saving of IP addresses in the surrounding network possible.

Inventorying of released island slaves possible via ARP from the surrounding network.

 

Router: Microwall VPN and Microwall IO

Both the Microwall VPN and the Microwall IO work like traditional routers from the perspective of the infrastructure, i.e. they connect different networks from the IP point of view. Data traffic between these networks is controlled and secured using a Microwall-internal firewall with explicit release rules.

Preferred application:

New installations of equipment by manufacturers/integrators/operators. Here for example the same IP setup can be used in serial production for all devices/equipment as a factory setting. For the operator this reduces the effort for integrating his network to the Microwall configuration.

Advantages:

With functions such as Static-NAT the island network can be completely hidden from the surrounding network on all protocol levels (Ethernet, IP).

Multiple islands having the same IP address range can be incorporated into the surrounding network.

Simple configuration of the release rules based on IP addresses and TCP/UDP port numbers using the Web interface of the Microwall.

Drawbacks:

Later isolation of slaves absolutely requires changing their IP configuration (IP address, subnet mask, gateway). Especially when multiple island slaves are involved the effort can become extensive by virtue of various configuration paths/tools and converting the communicating applications.

Any emergency fallback to a direct connection to the surrounding network requires the same effort.

LEARN more…

Cart

loader
Top