With increasing digitalization and automation, the importance of network security and system integration continues to grow. The Microwall IO from Wiesemann & Theis combines high-security firewall technology with practical input and output interfaces for event-driven processes. It is designed for operators of critical systems and automation environments who want to combine security, transparency, and remote access in one compact product.

This innovative solution not only protects sensitive network segments from unauthorized access but also enables targeted control of switching processes. The integration of WireGuard VPN, a whitelist-based firewall concept, and digital I/O interfaces makes the Microwall IO a multifunctional network tool for the demands of Industry 4.0 and the Internet of Things (IoT).

Reliable protection of critical systems through a whitelist firewall

The Microwall IO safeguards machines, systems, and control components using a strict whitelist rule set. Only predefined IP address and TCP/UDP port combinations are permitted to communicate – all other connections are blocked. This significantly reduces the attack surface, and all unknown connections are effectively denied.

The system also supports DNS-based hostnames, allowing dynamic destinations within an existing network to be easily authorized. Following the zero-trust principle, it prevents unauthorized traffic or network overloads from impacting production environments. Local isolation further ensures that faults within an island network cannot compromise adjacent network areas.

Discover Mode – secure integration of new devices

To safely and easily integrate new systems, the Microwall IO includes a Discover Mode. In this mode, all communication attempts initiated by devices within the isolated subnet are recorded. Administrators can then selectively approve which connections are necessary, automatically generating firewall rules with one click while blocking all other communication.

Discover Mode is particularly useful during the commissioning of complex machine systems or when incorporating new IP devices into existing automation networks. It saves time, increases transparency, and ensures that only authorized connections remain active.

Secure remote access via WireGuard VPN

A core component of the Microwall IO is its integrated WireGuard VPN functionality. This modern VPN technology ensures encrypted connections with transfer rates of up to 300 Mbit/s and minimal latency. The device can function as both a VPN server and client, supporting connections to maintenance networks or service technicians independent of location.

Thanks to its straightforward key management, lightweight protocol design, and compatibility with common operating systems (Windows, macOS, Linux, iOS, Android), WireGuard is an ideal solution for remote access applications. Using the box-to-box function, two Microwall devices can be securely linked, enabling VPN connections between production islands or remote sites.

Event-driven automation with digital inputs and outputs

A key distinguishing feature of the Microwall IO is its two digital inputs and outputs using 24V logic. These enable intelligent interaction between network security and industrial process control.

• The inputs can act as triggers to initiate defined network actions, such as activating or deactivating VPN tunnels, switching firewall rule sets, or modifying interface states.
• The outputs provide status messages such as active VPN connections or security alerts to external systems. They can interface with PLCs, signal lamps, control panels, or machine controllers.

This integration bridges automation and IT security, allowing flexible adaptation to customized control concepts. For instance, a detected machine failure could automatically trigger a secure remote maintenance tunnel, or an output signal could inform operators of active network connections.

Flexible operating modes: NAT router and standard router

The Microwall IO supports two routing modes to fit diverse network environments:

• NAT Router Mode: The entire isolated network is represented under a single address within the corporate network – ideal for operating multiple identical systems with the same IP configurations.
• Standard Router Mode: The isolated network is connected to the corporate network via static routes, with Static NAT enabling direct 1:1 IP mapping. This preserves transparency without compromising security.

Both modes provide a balanced level of security and compatibility, greatly simplifying integration into existing infrastructures.

High-performance gigabit connections for industrial applications

Equipped with two gigabit Ethernet interfaces (100/1000BaseT), the Microwall IO achieves high transmission rates of up to 900 Mbit/s in router mode. Autosensing and Auto-MDIX simplify cabling. The combination of high bandwidth and low latency ensures reliable performance, essential for industrial controls and time-critical automation processes.

Management, security, and access control

To meet the highest security standards, the Microwall IO includes an extensive set of management functions:

• Secure Boot: protects against tampered firmware and unauthorized software
• HTTPS configuration: access exclusively via encrypted connections with individual certificates
• Mandatory password protection: no default login credentials to prevent misuse
• Deactivatable local services: reduces potential attack surfaces
• Firewall automation: rule triggers configurable via digital inputs and web interface
• Logging: records all communication attempts and system events
• SNMPv2c/v3: integration into professional network monitoring systems (read-only)

Initial setup is performed using the WuTility software or a DHCP configuration assistant, simplifying deployment significantly.

Application areas of the Microwall IO

• Industrial plants: securely connecting sensitive machinery using protected network links
• Remote maintenance: automatic VPN activation upon service requests or system alerts
• Automation networks: controlling security actions via PLC signals (inputs/outputs)
• IoT security: protecting networked sensors from unauthorized access
• Smart factory: enabling communication between production islands with secure separation via VPN tunnels

Power supply and industrial suitability

The device can be powered via Power-over-Ethernet (PoE) or 24–48V DC through screw terminals. Its compact, industrial-grade enclosure and DIN rail design simplify installation in control cabinets or technical hubs. Compliant with EN 61000-6-2 (immunity) and EN 55032:2015 + A1 (emissions), the Microwall IO is designed for interference-free operation in harsh industrial environments.

Reliability and long-term operation

The Microwall IO is built for continuous 24/7 operation and ensures high availability. A battery-backed real-time clock provides precise timestamps for consistent logs. With a five-year warranty, Wiesemann & Theis demonstrates a strong commitment to quality, stability, and longevity.

Security and control united in one device

The Microwall IO combines network security, remote access, and process control in a single compact product. With WireGuard VPN, a whitelist firewall, and digital I/O interfaces, it extends traditional firewall security with practical control and automation features for industrial environments.

Whether protecting machinery, integrating into process automation systems, or enabling secure remote maintenance via VPN – the Microwall IO from Wiesemann & Theis offers a future-ready platform where network protection and automation work seamlessly together.