Microwall IO (Firewall)

Microwall IO (Firewall)

$1,095

Secure communication for machines and systems

The Microwall IO routes these device islands securely and easily into the company intranet. Simple and intuitive filter rules protect sensitive island communication from harmful events in the intranet and from undesired access. Remote maintenance and remote access to the devices in the island network plus management of the Microwall VPN can be accomplished over a WireGuard VPN tunnel both as VPN server and VPN client.

The digital in- and outputs allow you to integrate remote maintenance and firewall-specific Microwall IO actions into automation and process environments. A PLC output or simple button/switch can for example provide VPN access, control certain firewall rules or check on the status of network interfaces. The outputs enable external visualization of messages and events such as an activated VPN access.

Manufacturer: Wiesemann & Theis / Country of Origin: Germany

SKU:

55212

Interfaces:

  • 2x Ethernet 100/1000BaseT
    • Autosensing/Auto-MDIX
    • High data throughput
    • max. 900 mbps in router mode, max. 300 mbps VPN
  • 2 switching inputs + 2 switching outputs
    • 24V inputs + outputs
    • Outputs drive up to 500mA

Connectivity:

  • 2 digital inputs + 2 digital 24V outputs
    • Inputs control VPN, firewall rules and network interfaces
    • Outputs report for example VPN connections
  • Mode: Standard router
    • Integration into the routing concept of the intranet
    • Static NAT can be used for 1:1 mapping of intranet IPs on island hosts.
  • Mode: NAT router
    • Integration of the islands via a single Intranet IP
  • Discover mode
    • Assisted and secure commissioning of new/unknown devices
    • Recording of outgoing connection attempts including DNS host names
    • Creating release rules with the click of a mouse
  • WireGuard VPN server & VPN client
    • Secure VPN connection to the island for Windows, Linux, Android, MacOS, IOS clients, Microwalls
    • Access control of VPN clients using dedicated firewall
    • Optional control of the tunnel using digital inputs
    • Digital outputs indicate the VPN status
    • In Client mode VPN connection to your manufacturer/service network
  • WireGuard VPN Box-to-Box
    • VPN tunnel between two Microwalls
    • Secure connection of island networks using the intra/internet

Management & Security:

  • Secure firmware concept with Secure Boot
    • No uploading of manipulated firmware or third-party firmware
  • Configuration via HTTPS-Only Mode
    • Supports individual certificates
    • Fast startup using WuTility or DHCP
    • Required password without default login
  • Port management for all local services
    • All service/management services can be configured/deactivated
  • Consistent whitelist-based firewall concept
    • Filter rules based on IPv4 addresses, host names and TCP/UDP port numbers
    • Rule sets can be controlled using digital inputs
    • Dedicated firewall for incoming VPN connections
  • Logging
    • Identification of undesired communication attempts
  • Network management systems
    • Optional support for SNMPv2c/3 (read)

Power supply:

  • External power
    • Screw terminals, 24V-48V DC
  • Power-over-Ethernet (PoE)

Standards & more

  • Conforms to standards both in office and industrial environments:
    • High noise resistance per EN 61000-6-2
    • Low noise emission per EN 55032:2015 + A1 Cl. B, EN 61000-3-2 & EN 61000-3-3
  • 5 year guarantee

The Microwall IO casts sensitive components or sub-networks into a separate island network and isolates the latter from the higher level company intranet. For remote maintenance, remote support, etc. a WireGuard VPN server is available which provides selected VPN clients with secure and dedicated firewall-protected access to the island components.

All connections between the networks must use rules based on source/destination IP and the used TCP/UDP port numbers to obtain an express release. For outgoing connections host names can be used as a destination within the rules. Communication of undocumented and/or undesired services is prohibited and harmful events such as overload are kept away from the island.

NAT router mode

Similar to a traditional DSL internet connection, the entire island network is incorporated via just an IP address of the intranet into the network there. No intervention into the routing concept of the intranet is necessary. Operation of multiple island networks having the same IP ranges is also possible in this mode. This gives machines and systems manufacturers the possibility of operating internal network with a uniform series IP configuration – no cumbersome adaptations to the customer’s infrastructure.

Digital in- and outputs for control and reporting

The digital inputs enable event-based activation of VPN access or switching rule groups for the firewall. Then for example when there are equipment faults the operator or equipment controller itself can open the VPN connection to the manufacturer through a switching contact.

Standard router mode

The Microwall IO operates like a traditional router, while the island network appears in the intranet in the form of static routing. Static NAT can also be used for 1:1 mapping of intranet addresses to fixed IPs in the island network. These island hosts thereby become quasi-local components of the intranet while still enjoying the protection of appropriate firewall rules.

Discover mode

Connection attempts on the island side to connected hosts are recorded and logged including whatever destination host names were used. For desired connections, a release rule is created just by a mouse click. Unknown, undesired or harmful connections remain blocked.

WireGuard VPN

The Microwall IO uses the WireGuard platform as a VPN solution for remote access. Compared with other VPN solutions this offers advantages such as high data throughput and simple management with a high level of security and stability. Details and current information about WireGuard can be found at https://www.wireguard.com. The Microwall IO can provide a VPN client or VPN server terminal point on your intranet connection. Depending on the application external WireGuard clients can dial in to the islands or the Microwall connects as a VPN client – for example into your service network.

Connections and displays:

  • Network:
  • Digital outputs:
    • 2 x Digital Out 6V-30V, 500mA
    • Short-circuit-protected
  • Digital inputs:
    • 2 x Digital In
    • max. input voltage +/-30V
    • protected against reverse connection within this range
    • Switching threshold 8V +/- 1.5V
    • “On” current = 2.2 mA
  • Data throughput:
    • Router mode (unidirectional TCP): max. 900MBit/s
    • VPN tunnel (unidirectional TCP): max. 300MBit/s
  • Galvanic isolation:
    • Network connections min. 1500 V
  • Power supply:
    • Power-over-Ethernet (PoE) or
    • DC 24V .. 48V (+/-10%) and
  • Connections:
    • 1 x 6 position screw terminal, plug-in, I/Os, RM 3.5mm
    • 1 x 2 position screw terminal, plug-in, ext. power, RM 5.08mm
    • 2 x RJ45 for network
  • Current consumption:
    • PoE Class 2 (3.84 W to 6.49 W)
    • or for external supply:
    • typ. 160mA @24V DC
    • max. 200mA @24VDC
  • Indicators:
    • 2x LED System and Services
    • 4x LED I/O Status

Housing and other data:

  • Housing:
    • Plastic compact housing for top-hat rail mount
    • 105x45x75mm (l x w x h)
  • Enclosure rating:
    • IP20
  • Weight:
    • ca. 180g
  • Ambient temperature:
    • Storage: -40..+85°C
    • Operating 0..+50°C (no stack mounting)
  • Permissible relative humidity:
    • 5..95% RH, non-condensing
  • Scope of delivery:
    • 1x Microwall IO
    • 1x Quick Guide

 

 

MANUAL / TOOLS / FIRMWAREACCESSORIES

Related

BlitzFunk Client (inkl. Antennas)

$2,075

BlitzFunk Access Point (inkl. Antennas)

$3,290

PCI Card 2x RS232/RS422/RS485

$470

Pt-100 cable sensor Class B outdoor

$105