In the increasing interconnection of industrial systems, protecting sensitive networks is of critical importance. The Microwall VPN from Wiesemann & Theis combines a powerful firewall with the advantages of modern VPN technology to securely segment machines, controllers, and entire production networks while enabling remote maintenance. With support for the WireGuard protocol, it ensures high data security and performance for Industry 4.0 environments.

Whether for securing existing networks, establishing secure remote access, or implementing flexible network architectures – the Microwall VPN is a versatile and easily integrable security gateway. It operates on a whitelist-based communication principle that only permits authorized connections, resulting in a significantly smaller attack surface than conventional network routers.

Whitelist-based communication for maximum security

The security architecture of the Microwall VPN is based on a strict whitelist concept. Only explicitly approved communication paths between the isolated and corporate networks are allowed – all others are automatically blocked. Rules for inbound and outbound traffic can be precisely defined based on source and destination addresses and TCP/UDP port numbers. For outgoing connections, hostnames can also be used to simplify dynamic network integration.

This approach drastically reduces the attack surface and reliably protects against unauthorized traffic, broadcast storms, and network overloads. As a result, critical applications operate more stably and securely against manipulation.

Secure commissioning with Discover Mode

While many routers allow all outbound traffic by default, the Microwall VPN follows the Zero Trust principle. In its Discover Mode, it records all communication attempts within the isolated network, including hostnames and destination ports. Administrators can then selectively approve which connections to allow. Unauthorized activities are blocked and logged.

This approach simplifies the commissioning of new systems, especially in complex or poorly documented networks and when integrating third-party machines. The Discover Mode ensures transparency and enables secure, traceable network analysis.

Secure remote access with WireGuard VPN

A key highlight of the Microwall VPN is its integrated WireGuard VPN functionality, offering a modern, high-performance, and easy-to-configure remote access solution. The device can act as either a VPN server or client, allowing flexible connections between service networks, remote facilities, or maintenance workstations.

WireGuard stands out for its high speed and simple key management. With data throughput rates of up to 300 Mbit/s in VPN mode and robust 256-bit encryption, the system delivers the perfect balance of security and efficiency. External devices – whether Windows, macOS, Android, or Linux-based – can securely access machines or controllers within the isolated network via an encrypted VPN tunnel.

The Microwall VPN also supports box-to-box connections, enabling two Microwall devices to link securely via VPN. This feature allows safe connectivity between remote production sites, service networks, or machine islands.

Flexible network architecture through multiple operating modes

The Microwall VPN supports two distinct operating modes to adapt to different network environments:

• NAT Router Mode: The entire isolated network appears within the corporate network under a single IP address, similar to a DSL router. This allows multiple machine islands with identical IP structures to operate in parallel – ideal for manufacturers using standardized network layouts.
• Standard Router Mode: The isolated network, including its individual IP addresses, is integrated into the higher-level network via static routes. With static NAT, 1:1 host mapping is possible, meaning devices appear as part of the corporate network while remaining securely segregated.

Both modes provide flexible options for aligning security strategies, network topologies, and customer requirements. As a result, the Microwall VPN is suitable for both new installations and existing infrastructures.

High-performance network interfaces

Equipped with two gigabit Ethernet ports (100/1000BaseT) featuring autosensing and auto-MDIX, the Microwall VPN supports data throughput of up to 900 Mbit/s in router mode and up to 300 Mbit/s in VPN mode. Its low latency makes it ideal for time-critical control applications, remote I/O systems, and data-intensive machine communication.

The innovative Secure Boot mechanism ensures only trusted firmware can be loaded. Combined with encrypted HTTPS configuration, individual certificate support, and password protection, the device provides a secure and tamper-proof communication infrastructure.

Management, logging, and security

The Microwall VPN offers a variety of professional administration and monitoring features:

• Secure Boot: protection against unauthorized or modified firmware
• HTTPS configuration: access via TLS-encrypted web interface with optional certificates
• Mandatory password enforcement: no default login credentials, ensuring stronger access security
• Deactivatable system services: reduction of potential attack surfaces
• Whitelist firewall: filtering based on IP addresses, ports, and hostnames using DNS proxy
• Logging: recording of all connection attempts and firewall events
• SNMPv2c/v3 support: integration into network monitoring systems for status checks and alerts

Configuration and commissioning are facilitated via the WuTility tool or automatically through DHCP, greatly simplifying initial setup.

Application scenarios in industrial environments

The Microwall VPN is ideal for manufacturers, system integrators, and service providers seeking to combine remote access, network segmentation, and advanced security in one device. Typical use cases include:

• Remote maintenance: secure support access via WireGuard VPN for remote machines and control systems
• Machine security: isolation of sensitive production systems from external networks
• IoT communication: protection of data-driven IoT processes and cloud connections
• Production network segmentation: separation of network zones without reconfiguring IP plans
• OEM machine integration: standardized IP concepts for series machines, regardless of customer infrastructure

Flexible power supply and industrial compliance

The device can be powered via Power-over-Ethernet (PoE) or an external 24–48V DC supply. Its robust metal housing and DIN rail mounting design make it suitable for industrial environments. Certifications per EN 61000-6-2 and EN 55032:2015 + A1 confirm compliance with EMC standards and interference-free performance.

Continuous operation and warranty

The Microwall VPN hardware is engineered for continuous 24/7 operation. Its architecture ensures stable partitioning and consistent performance. An internal, battery-backed real-time clock enables precise time logging, regularly synchronized via NTP. Wiesemann & Theis offers a standard five-year warranty, emphasizing long-term reliability.

Secure VPN communication for Industry 4.0

The Microwall VPN is a modern firewall solution that combines high-level network security and remote access capabilities. With WireGuard VPN, NAT routing, whitelist firewall, and Discover Mode, it provides a robust and future-ready security infrastructure for industrial environments.

Whether for securing individual machines, connecting remote sites, or safely integrating IoT devices, the Microwall VPN is an indispensable tool for organizations aiming to merge connectivity and protection in a unified, reliable solution.