W&T connects
Interfaces for TCP/IP, Ethernet, RS-232, RS-485, USB, 20mA, glass and plastic fiber optic cable, http, SNMP, OPC, Modbus TCP, I/O digital, I/O analog, ISA, PCI
Topic page

Firewall control using switches

I/O control for industrial firewalls

Little man using a switch to activate a firewall

Thanks to I/O control the firewall can be controlled directly from the automation environment. This saves coordination effort and time.

Be flexible with problems or maintenance

Managing industrial firewalls can require great effort. This is not only due to the high relevance of an appropriate security level and the corresponding duty of care of those responsible. It is also complicated by the fact that in the event of a problem or maintenance, several players from IT and OT have to react at once. Coordination between these (very different) areas and tying up unnecessary resources can be avoided if firewalls are equipped with I/O control: This is because it enables remote maintenance or other firewall-specific events to be triggered flexibly and quickly via a switch or PLC output. In this way, various actions can be performed directly from the automation environment. The following actions can correspond to the status change of digital inputs of a firewall:

Activate VPN access via PLC output or simple switch

For security reasons, machine operators usually require remote maintenance access to be active only when necessary. When problems arise in familiar processes, support is then needed from the company’s own IT or even externally. In this case, operators can enable (and also restrict) remote access to the machine, for example, by activating a VPN access - only by activating a simple switch.

Diagram: Machine obtains VPN access

Switching firewall rule sets

In normal operation, only individual selected firewall releases are active, which, for example, allow an intranet PC to operate a machine with NC programs. If, in a special case, an additional port needs to be enabled for access to the machine configuration, this can also be done directly via a simple switch by the person operating the machine on site. When machines normally operate completely autonomously on a network island to keep the attack surface to a possible minimum, this is also a way to grant and revoke a short-term release for communication with the intranet for a specific purpose.

External visualization of events

For example, to ensure that remote access shutdown is not forgotten, a digital output of the firewall can signal the opening of remote access visually or acoustically.


  • #55212

    New Product photo: Microwall IO
    Microwall IO

    with innovative I/O control for VPN access

  • Support

    Person with headset
    Could you use some assistance?
    We’re here for you!

    You can reach our applications engineers at +49 202-2680-110

  • Background information

    Sheet graphic
    Firewalls, segmentation and islandization

    Concepts for improving IT security