The Microwall Bridge from Wiesemann & Theis is an advanced solution for secure network segmentation in industrial and commercial environments. It protects sensitive systems through a fully IP-transparent design without requiring any changes to the existing IP configuration or routing structure. Its core principle is based on a consistent, whitelist-controlled firewall concept that allows only authorized connections, thereby significantly reducing the attack surface. With this technology, Wiesemann & Theis provides a practical and efficient implementation of Defence-in-Depth aligned with Industry 4.0 requirements.

The Microwall Bridge was specifically designed for retroactive segmentation of historically grown networks. This allows older machines or control systems to be effectively isolated without altering the existing network topology. Combining high security with ease of integration and maximum flexibility, it is ideal for protecting production systems, IoT devices, or technical infrastructure components.

IP-transparent segmentation without changes to the network configuration

Unlike traditional routers or firewalls that enforce new IP structures, the Microwall Bridge operates IP-transparently in so-called Layer 2 Bridge mode. All IP addresses and subnet parameters remain unchanged, meaning that both the adjacent network and the isolated subnet share identical IP address spaces.

Communication between segments takes place only based on explicitly defined filtering rules. These rules are defined by IP addresses and TCP/UDP port numbers, specifying precisely which connections are permitted. Optional user authorizations through login-based access can also be integrated. Unauthorized traffic is automatically blocked — broadcast storms, multicast packets, and unwanted traffic remain contained within their segment. This security principle ensures maximum controllability while maintaining full network transparency.

Simple integration with minimal effort

A key advantage of the Microwall Bridge is its minimal integration effort. Existing networks do not need readdressing or restructuring. The bridge is simply installed between the surrounding network and the isolated segment. Should a direct connection be required during commissioning or in an emergency, the uplink can easily be reconnected — without configuration changes.

This simple integration concept makes the Microwall Bridge especially attractive for existing installations where traditional network structures cannot be changed for stability reasons.

High-performance gigabit network architecture

The Microwall Bridge is equipped with two gigabit Ethernet interfaces (100/1000BaseT) and supports autosensing and auto-MDIX for maximum compatibility. The hardware is designed for data throughput of up to 900 Mbit/s, even with active filter rules. This makes it suitable for data-intensive industrial applications, control processes, and real-time communication where low latency is essential.

Thanks to its transparent bridge structure, network topology remains completely intact. No additional routing or NAT rules are required — a key advantage, especially for retrofitted protection of complex control networks.

Whitelist-based firewall for consistent security

The Microwall Bridge’s core security concept is built around a whitelist firewall. While conventional firewalls using blacklist models simply block unwanted connections, the Microwall Bridge allows only explicitly defined communication paths. This ensures full control of all incoming and outgoing connections. Rule management is handled via an intuitive web interface that is easy to operate, even for administrators without advanced network security expertise.

Integrated logging records all unauthorized communication attempts and provides data for analysis, offering full traceability of potential attacks or misconfigurations.

Comparison: Microwall Bridge vs. Microwall VPN/IO

The Microwall Bridge acts as an IP-transparent Layer 2 firewall, while the Microwall VPN and Microwall IO variants use traditional routing functionality. These router models are ideal for new installations or deployments with different IP address ranges — for example, production lines with standardized addressing schemes. With features like static NAT, identical IP structures can be implemented multiple times, such as for OEM machinery using identical configurations.

In contrast, the Microwall Bridge is the preferred choice in environments where existing IP structures must remain unchanged. Its emergency fallback — direct connection of uplink and isolated network — enables additional security without downtime.

Management, security, and monitoring

For safe operation, the Microwall Bridge offers a comprehensive set of management and protection features:

• Secure Boot: prevents loading of tampered firmware versions
• HTTPS-only configuration: access restricted to encrypted connections with individual certificate support
• Mandatory password protection: no default login credentials to prevent unauthorized access
• Port management: all system services can be disabled or limited to specific ports
• Firewall filtering: rules by IP and TCP/UDP ports, optionally with user authentication
• Logging and analytics: detailed recording of unauthorized network activity
• SNMPv2c/v3 support: integration into professional network management systems (read-only)

Commissioning is performed conveniently via the Wiesemann & Theis WuTility device finder or through DHCP. The Microwall Bridge can be integrated into existing networks within minutes.

Industrial and IT infrastructure applications

The Microwall Bridge is ideal for segmenting production networks, achieving OT/IT separation, and securing critical devices such as PLCs, controllers, cameras, or IoT gateways. In Industry 4.0 environments, it enables secure machine networking without altering existing structures. By suppressing unauthorized broadcasts, network overloads and communication storms are effectively eliminated.

It is particularly well-suited for applications requiring secure yet transparent data flow between machines and centralized control systems. Its integration enhances network resilience against cyberattacks and internal disruptions — with no need for complex reengineering or redesign.

Flexible power supply and industrial certifications

The Microwall Bridge can be powered either via Power-over-Ethernet (PoE) or an external 24–48V DC power input using screw terminals. This flexibility makes it suitable for a wide range of environments, from office networks to industrial control centers.

The device meets all relevant EMC and safety standards, including EN 61000-6-2 (immunity) and EN 55032:2015 + A1 Class B (emission), ensuring interference-free operation even in electromagnetically demanding environments.

Durability, reliability, and warranty

Designed for continuous 24/7 operation, the Microwall Bridge features a robust metal housing, compact dimensions, and DIN-rail mounting, making it ideal for industrial control cabinets. Wiesemann & Theis provides a five-year warranty, underscoring the product’s superior build quality and long-term stability.

Future-proof IP-transparent security for Industry 4.0

With the Microwall Bridge, Wiesemann & Theis delivers an innovative, practical, and highly secure solution for segmenting and protecting industrial networks. It combines easy integration, IP transparency, and a strictly whitelist-based firewall concept into a unique security approach. The existing network structure remains entirely intact — a major advantage for operators of long-standing plant architectures.

Whether for securing production networks, protecting critical IoT components, or achieving retroactive network segmentation, the Microwall Bridge is a versatile, robust, and future-proof tool for network administrators and industrial users seeking both security and efficiency.