Microwall VPN (Firewall)


The Microwall VPN routes your device islands securely and simply into the company intranet. Simple and intuitive filtering rules protect sensitive island communication from harmful events in the intranet and from unauthorized access. Remote maintenance and access to the stations in the island network and management of the Microwall VPN can be performed over the integrated WireGuard VPN server.

Manufacturer: Wiesemann & Theis / Country of Origin: Germany


  • 2x Ethernet 100/1000BaseT
    • Autosensing/Auto-MDIX

Management and connectivity:

  • Remote configuration
    • Simple startup using WuTility
    • Secure Web-based management using HTTPS only
    • All service/management services can be disabled
  • Mode: Standard router
    • Integration into the routing concept of the intranet
  • Mode: NAT router
    • Integration of the islands via a single Intranet IP
  • Wireguard VPN server
    • Secure and simple remote maintenance of the island devices and the Microwall
    • Access control of VPN clients via firewall
  • Whitelist-based firewall
    • Filter rules based on IPv4 addresses and TCP/UDP port numbers
    • Your own firewall for the VPN
  • Logging
    • Identification of undesired communication attempts
  • High data throughput
    • Network connection via Gigabit-Ethernet
    • max. 930 mbps in router mode, max. 300 mbps VPN
    • High-performance hardware platform for less latencies

Power supply:

  • External power
    • Screw terminals, 24V-48V DC
  • Power-over-Ethernet (PoE)
    • Phantom power using data pairs
    • Power over unused wire pairs

Standards & more

  • Conforms to standards both in office and industrial environments:
    • High noise resistance for industrial environments
    • Low noise emission for residential and business areas
  • 5 year guarantee

The Microwall VPN remotes sensitive components or subnets into a separate island network and separates it from the higher level company intranet. For remote maintenance, remote support, etc. a WireGuard VPN server is available which provides selected VPN clients with secure and dedicated firewall protected access to the island stations.

All connections between the networks must be given express permission via rules based on source/destination IP and the TCP/UDP port numbers used. Communication with undocumented and/or undesired services is prohibited and harmful events such as overload kept from the island.

Filter rules and VPN management

The firewall rules and VPN management are administered simply and clearly using the Microwall VPN web pages and are uniformly whitelist-based. Any communication which is not expressly permitted in the form of a rule is blocked.

NAT router mode

Similar to a traditional DSL internet connection, the entire island network is incorporated via just an IP address of the intranet into the network there. No intervention into the routing concept of the intranet is necessary. Operation of multiple island networks having the same IP ranges is also possible in this mode. This gives machines and systems manufacturers the possibility of operating internal network with a uniform series IP configuration – no cumbersome adaptations to the customer’s infrastructure.

Standard router mode

The Microwall VPN works like a traditional router with the island network made known in the intranet in the form of static routes.

WireGuard VPN

As a VPN solution for remote access to the island network the Mircowall VPN uses the WireGuard platform. Compared with other VPN solutions this offers among other things high data throughput and simple management while providing a high level of security and stability at the same time. Details and current information about WireGuard can be found at https://www.wireguard.com. The Microwall provides the VPN server on your intranet connection. Selected WireGuard clients (Windows, Linux, MacOS, iOS, Android) can be provided with firewall protected access to stations in the safe island.

Connections and displays:

  • Network:
    • 2x 100/1000BaseT Autosensing/Auto-MDIX
    • RJ45
    • IPv6 on request
  • Data throughput:
    • Router mode (unidirectional TCP): max. 930MBit/s
    • VPN tunnel (unidirectional TCP): max. 300MBit/s
  • Electrical isolation:
    • Network connections min. 1500 V
  • Supply voltage:
    • Power-over-Ethernet (PoE) or
    • DC 24V .. 48V (+/-10%) and
    • AC 18Veff .. 30Veff (+/-10%)
  • Supply connection:
    • Plug-in screw terminal, 5.08mm spacing
    • Labeled “L+” and “M”
  • Current consumption:
    • PoE Class 2 (3.84 W to 6.49 W)
    • or for external supply:
    • typ. 150mA @24V DC
    • max. 200mA @24VDC
  • Indicators:
    • 2x LEDs for network status
    • 1x LED for Error

Housing and other data:

  • Enclosure:
    • Plastic compact housing for top-hat rail mount
    • 105x22x75mm (LxWxH)
  • Enclosure rating:
    • IP20
  • Weight:
    • approx. 120g
  • Ambient temperature:
    • Storage: -40..+85°C
    • Operating 0..+50°C (no stack mounting)
  • Permissible relative humidity:
    • 5..95% RH, non-condensing
  • Scope of delivery:
    • 1x Microwall VPN
Weight 0.2 kg