Microwall IO (Firewall)


Secure communication for machines and systems

The Microwall IO routes these device islands securely and easily into the company intranet. Simple and intuitive filter rules protect sensitive island communication from harmful events in the intranet and from undesired access. Remote maintenance and remote access to the devices in the island network plus management of the Microwall VPN can be accomplished over a WireGuard VPN tunnel both as VPN server and VPN client.

The digital in- and outputs allow you to integrate remote maintenance and firewall-specific Microwall IO actions into automation and process environments. A PLC output or simple button/switch can for example provide VPN access, control certain firewall rules or check on the status of network interfaces. The outputs enable external visualization of messages and events such as an activated VPN access.

Manufacturer: Wiesemann & Theis / Country of Origin: Germany


  • 2x Ethernet 100/1000BaseT
    • Autosensing/Auto-MDIX
  • 2 switching inputs
    • 24V digital inputs
  • 2 switching outputs
    • 24V digital outputs
    • Drive up to 500 mA

Management and connectivity:

  • Remote configuration
    • Simply startup via WuTility or DHCP
    • Secure Web-based management using HTTPS only
    • All service/management services can be disabled
  • 2 digital inputs + 2 digital 24V outputs
    • Inputs control VPN, firewall rules and network interfaces
    • Outputs report for example VPN connections
  • Can be used as standard router or NAT router
    • Integration into the routing concept of the intranet
    • Integration of the islands via a single Intranet IP
    • Static NAT for 1:1 mapping of intranet IPs on island hosts
  • WireGuard VPN – Client & Server
    • Server: Secure VPN dial-in to the islands using Windows, Linux, Android, MacOS and IOs clients
    • Access control of the VPN clients via firewall
    • Client: VPN connection in your manufacturer/service network
  • Whitelist-based firewall
    • Filter rules based on IPv4 addresses and TCP/UDP port numbers
    • Separate firewall for VPN clients
  • Logging
    • Identification of undesired communication attempts
  • High data throughput
    • Network connection via Gigabit-Ethernet
    • max. 930 mbps in router mode, max. 300 mbps VPN
    • High-performance hardware platform for less latencies

Power supply:

  • External power
    • Screw terminals, 24V-48V DC
  • Power-over-Ethernet (PoE)
    • Phantom power using data pairs
    • Power over unused wire pairs

Standards & more

  • Conforms to standards both in office and industrial environments:
    • High noise resistance for industrial environments
    • Low noise emission for residential and business areas
  • 5 year guarantee


The Microwall IO casts sensitive components or sub-networks into a separate island network and isolates the latter from the higher level company intranet. For remote maintenance, remote support, etc. a WireGuard VPN server is available which provides selected VPN clients with secure and dedicated firewall-protected access to the island components.

All connections between the networks must be given express permission via rules based on source/destination IP and the TCP/UDP port numbers used. Communication with undocumented and/or undesired services is prohibited and harmful events such as overload kept from the island.

Filter rules and VPN management

The firewall rules and VPN management are administered simply and clearly using the Microwall IO web pages and are uniformly whitelist-based. This blocks any communication which is not expressly permitted in the form of a rule.

Digital in- and outputs for control and reporting

The digital inputs enable event-based activation of VPN access or switching rule groups for the firewall. Then for example when there are equipment faults the operator or equipment controller itself can open the VPN connection to the manufacturer through a switching contact.

Use as NAT or standard router

Similar to a traditional DSL internet connection, the entire island network is incorporated into the network there via just a single IP address of the intranet. No intervention into the routing concept of the intranet is necessary. Operation of multiple island networks having the same IP ranges is also possible in this mode. Machine and equipment builders can then also operate internal networks using a uniform series IP configuration – no cumbersome adjustments to the customer infrastructure necessary.

In Standard Router mode the island network is incorporated into the routing concept of the intranet by means of static routing for example. Static NAT can also be used for 1:1 mapping of intranet addresses to fixed IPs in the island network. These island hosts thereby become quasi-local components of the intranet while still enjoying the protection of appropriate firewall rules.

WireGuard VPN

As a VPN solution for remote access to the island network the Microwall IO uses the WireGuard platform. Compared with other VPN solutions this offers advantages such as high data throughput and ease of management with the same high level of security and stability. Details and current information about WireGuard can be found at https://www.wireguard.com. The Microwall IO can provide a VPN client or VPN server terminal point on your intranet connection. Depending on the application external WireGuard clients can dial in to the island or the Microwall connects like a VPN client – for example to your service network.


Connections and displays:

  • Network:
  • Digital outputs:
    • 2 x Digital Out 6V-30V, 500mA
    • Short-circuit-protected
  • Digital inputs:
    • 2 x Digital In
    • max. input voltage +/-30V
    • protected against reverse connection within this range
    • Switching threshold 8V +/- 1.5V
    • “On” current = 2.2 mA
  • Data throughput:
    • Router mode (unidirectional TCP): max. 930MBit/s
    • VPN tunnel (unidirectional TCP): max. 300MBit/s
  • Galvanic isolation:
    • Network connections min. 1500 V
  • Power supply:
    • Power-over-Ethernet (PoE) or
    • DC 24V .. 48V (+/-10%) and
    • AC 18Veff .. 30Veff (+/-10%)
  • Connections:
    • 1 x 6 position screw terminal, plug-in, I/Os, RM 3.5mm
    • 1 x 2 position screw terminal, plug-in, ext. power, RM 5.08mm
    • 2 x RJ45 for network
  • Current consumption:
    • PoE Class 2 (3.84 W to 6.49 W)
    • or for external supply:
    • typ. 160mA @24V DC
    • max. 200mA @24VDC
  • Indicators:
    • 2x LED System and Services
    • 4x LED I/O Status

Housing and other data:

  • Housing:
    • Plastic compact housing for top-hat rail mount
    • 105x45x75mm (l x w x h)
  • Enclosure rating:
    • IP20
  • Weight:
    • ca. 180g
  • Ambient temperature:
    • Storage: -40..+85°C
    • Operating 0..+50°C (no stack mounting)
  • Permissible relative humidity:
    • 5..95% RH, non-condensing
  • Scope of delivery:
    • 1x Microwall IO
    • 1x Quick Guide
Weight 0.2 kg