Microwall Bridge

Secure and IP-transparent Network Segmentation with the Microwall Bridge from Wiesemann & Theis

The Microwall Bridge from Wiesemann & Theis is a cutting-edge solution for network segmentation in industrial environments, protecting sensitive systems without making changes to the existing IP configuration or routing. Through its IP-transparent operation and a strictly whitelist-based firewall concept, it allows the secure segmentation of critical network areas while keeping the network structure unchanged. Especially suitable for retrofitting historically grown networks, the Microwall Bridge offers easy integration, intuitive configuration, and maximum security for Industry 4.0 applications. This article highlights the technical features, possible applications, and benefits of this innovative solution.

IP-transparent Segmentation Without Configuration Effort

The Microwall Bridge enables network segmentation through a protocol-transparent operation that requires no changes to the IP configuration or the routing concept of the existing network. As a bridge, it operates IP-transparently, so the IP ranges (Net-IDs) of the surrounding network and the island network remain identical. However, inter-network connections are only possible after explicit sharing rules are set up, based on IPv4 addresses and TCP/UDP port numbers. Upon request, rules can also be activated based on specific user logins. This whitelist-based firewall concept ensures that only explicitly desired communication between the island and the surrounding network is allowed, greatly reducing the attack surface. Harmful events such as traffic spikes or broadcast storms remain locally confined, ensuring secure communication and protection of critical systems.

A key advantage of the Microwall Bridge is its minimal integration effort. For example, the island is simply aggregated via an Ethernet switch, and the Microwall Bridge is placed in the uplink to the surrounding network. In the case of device failure or during commissioning, the Microwall Bridge offers an easy emergency fallback: the uplink cable of the island can be directly connected to the surrounding network without any adjustments. This flexibility makes the Microwall Bridge ideal for retrofitting historically grown, flat network hierarchies.

High-performance Network Connectivity

The Microwall Bridge is equipped with two Gigabit Ethernet interfaces (100/1000BaseT) with autosensing and Auto-MDIX, enabling high data throughput of up to 900 Mbit/s. The powerful hardware platform ensures low latencies, which is crucial for time-sensitive industrial applications. As it is implemented as a bridge, the network structure remains transparent, and no changes to IP addresses or routing tables are required. This greatly facilitates integration into existing networks, especially when retrofitting plants or machine parks. The high bandwidth and reliability make the Microwall Bridge an efficient solution for network control in demanding environments.

Whitelist-based Firewall for Maximum Security

The core of the Microwall Bridge is its strictly whitelist-based firewall mechanism. Unlike traditional firewalls, which often only block unwanted connections, the Microwall Bridge only allows explicitly approved communication. Filter rules based on IPv4 addresses and TCP/UDP port numbers (optionally with user login support) are configured via an intuitive web interface, making setup easy even for less experienced administrators. An integrated logging system records unwanted communication attempts to identify and analyze potential security incidents. This reduces the attack surface and protects sensitive systems from unauthorized or harmful access, making the Microwall Bridge a robust solution for secure communication in industrial networks.

Comparison with Microwall VPN and Microwall IO

In contrast to the Microwall Bridge, which operates as an IP-transparent bridge, the Microwall VPN and Microwall IO function as classic routers that connect two different IP networks. These router models are particularly suitable for new installations where manufacturers or integrators want to use uniform IP setups in series production. Features like static NAT allow island networks to be completely hidden, and multiple islands with identical IP address ranges are possible. The Microwall Bridge, however, is the preferred choice when no changes to the IP setup are to be made or a simple emergency fallback to a direct network connection is needed. For applications requiring additional features like VPN or digital in/out connections, the Microwall VPN or Microwall IO are better suited.

Management and Security

The Microwall Bridge offers a secure and user-friendly management concept with the following features:

• Secure-Boot: Prevents the uploading of manipulated or foreign firmware to protect the device foundation.
• HTTPS Configuration: Configuration is only possible via HTTPS, with support for individual certificates for maximum security.
• Mandatory Password: No default login to prevent unauthorized access.
• Port Management: All local services can be configured or disabled to minimize the attack surface.
• Whitelist-based Firewall: Filter rules based on IPv4 addresses and TCP/UDP port numbers, optionally with user login support.
• Logging: Logging of unwanted communication attempts for security analysis.
• SNMP Support: Optional support for SNMPv2c/3 (read-only) for integration into network management systems.

Quick commissioning is done via WuTility or DHCP, which simplifies the setup in existing networks. These features make the Microwall Bridge a secure and efficient solution for network administrators.

Versatile Applications

The Microwall Bridge is especially designed for retrofitting historically grown, flat network hierarchies. In Industry 4.0, it protects sensitive machines and systems from unauthorized access by isolating them into a separate island network without changing the existing IP configuration. Manufacturers and operators of plants benefit from the easy integration as no changes to the network structure or ongoing applications are required. The Microwall Bridge is also suitable for securing IoT devices, segmenting production networks, and logging network events. With the simple emergency fallback, it is ideal for environments where flexibility and operational security are crucial.

Flexible Power Supply and Compliance with Standards

The Microwall Bridge is powered either via Power-over-Ethernet (PoE) or an external power supply (24V-48V DC) via a screw terminal. This flexibility simplifies installation in various environments, from offices to industrial plants. The device is compliant with standards and offers high immunity to interference according to EN 61000-6-2, as well as low electromagnetic emissions according to EN 55032:2015 + A1 Class B, EN 61000-3-2, and EN 61000-3-3. These features ensure reliable and interference-free operation, even in demanding industrial environments.

Please note: The power supply is not included in the delivery.

Durability and Reliability

The Microwall Bridge is designed for continuous operation and comes with a five-year warranty. Its robust construction and the option for DIN rail mounting make it ideal for use in industrial environments. The powerful hardware platform ensures low latencies and high reliability, even with high data volumes. These features underline the longevity and stability of the device, even under demanding conditions.

A Future-proof Solution for IP-transparent Segmentation

The Microwall Bridge from Wiesemann & Theis is a powerful and secure solution for network segmentation and the protection of sensitive systems in industrial environments. With its IP-transparent operation, whitelist-based firewall concept, and Gigabit Ethernet interfaces, it provides a flexible platform for Industry 4.0, secure communication, and the retrofitting of existing networks. The simple integration without changes to the IP setup, the low configuration effort, and the emergency fallback make it ideal for network administrators and plant manufacturers. Whether for securing IoT devices, segmenting production networks, or logging network events, the Microwall Bridge is an indispensable tool for professional users.