Important firewall rules
for configuring the W&T Microwall
These standard firewall rules help you to implement typical applications for the Microwall.
For the sake of simplicity we shall use the following configuration:
The isolated network segment has the network address 10.10.20.0/24 assigned to it, and the surrounding network has network 10.10.10.0/24.
In the following rules the device on the island always has the IP address 10.10.20.20, and the device in the surrounding network has IP address 10.10.10.10.
[+][-] File access from the island computer to a file server (TCP/IP)
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: any |
IP 10.10.10.10 Port: 445 |
[+][-] File access from island computer to a file server (NetBIOS)
If older computers - using Windows XP for example - also need to be access the Windows network, you must also approve the session-based NetBIOS transport protocol on Port 139/TCP in addition to the TCP port 445.
Please note that these older operating system versions are unsafe!
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: any |
IP 10.10.10.10 Port: 139 |
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: any |
IP 10.10.10.10 Port: 445 |
[+][-] Permit name resolution via DNS
Island network | UDP | Surrounding network |
IP: 10.10.20.20 Permit return direction: yes |
IP 10.10.10.10 Port: 53 |
[+][-] Obtain current time over the network (NTP)
Island network | UDP | Surrounding network |
IP: 10.10.20.20 Permit return direction: yes |
IP 10.10.10.10 Port: 123 |
[+][-] Access to a web interface in the island network
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: 80 |
IP 10.10.10.10 Port: any |
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: 443 |
IP 10.10.10.10 Port: any |
[+][-] Sending email from the island network
In the following rules it is assumed that the IP addresses of the mail servers are known.
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: any |
IP 10.10.10.10 Port: 587 |
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: any |
IP 10.10.10.10 Port: 465 |
[+][-] Access emails from within the island using IMAP
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: any |
IP 10.10.10.10 Port: 142 |
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: any |
IP 10.10.10.10 Port: 992 |
[+][-] Sending an SNMP trap from within the island
Island network | UDP | Surrounding network |
IP: 10.10.20.20 Permit return direction: no |
IP 10.10.10.10 Porto: 162 |
[+][-] SNMP polling from outside
Island network | UDP | Surrounding network |
IP: 10.10.20.20 Permit return direction: yes SNMP: yes |
IP 10.10.10.10 Port: 161 |
[+][-] Use Secure Shell to access an island device
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: 22 |
IP 10.10.10.10 Port: any |
[+][-] IoT communication using MQTT broker
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: any |
IP 10.10.10.10 Port: 1883 |
[+][-] Query MySQL database on the island
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: 3306 |
IP 10.10.10.10 Port: any |
[+][-] Permit W&T - Box-2-Box mode (Web-IO Digital 4.0)
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: 49157, 49158 |
IP 10.10.10.10 Port: any |
[+][-] Permit W&T OPC access (Web-IO Digital 4.0)
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Porot: 49159 |
IP 10.10.10.10 Port: any |
[+][-] Permit W&T ASCII protocol (Web-IO Digital 4.0)
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Porto: 42280 |
IP 10.10.10.10 Port: any |
[+][-] Permit W&T - Binary protocol
Island network | TCP | Surrounding network |
IP: 10.10.20.20 Port: 49153 - 49156 |
IP 10.10.10.10 Port: any |
-
The proof of the pudding is in the eating!
We are happy to provide you with a Microwall at no charge for a period of four weeks.
Request test unit -
Thomas Clever
t.clever@wut.de
You can reach our engineers by phone at +49 202/2680-110 (Mon.-Fri. 8 a.m. to 5 p.m.)