W&t 55211 User manual

Manual

Startup and application

Microwall

Valid for the following models:

#55211: Microwall VPN

Firmware 1.30 or higher

#55212: Microwall IO

Firmware 1.10 or higher

Release 1.06 006/2022

W&T

www.WuT.de

W&T

Microsoft and Windows are registered trademarks of Microsoft

Corporation.

WireGuard and the WireGuard logo are registered trademarks

of Jason A.Donenfeld

Subject to error and alteration:

Since we can make mistakes, none of our statements may be

used unchecked. Please report any errors or misunderstan-

dings you become aware of so that we can identify and cor-

rect them as quickly as possible.

Only carry out work on or with W&T products if you are de-

scribed here and have read and understood the instructions

completely. Unauthorized action can cause dangers. We are

not liable for the consequences of arbitrary action. In case of

doubt, please ask us or your dealer again!

This device contains software components that are licensed

under one or more open source licenses. For more informati-

on, refer to your device.

You can also obtain the source text from us in the form of a

data carrier at cost price for a period of three years after the

last delivery. Please contact us for this purpose at info@wut.

de.

W&T

Introduction

The Microwall VPN and Microwall IO are industrial-grade IPv4

router with two 1000BaseT network connections, integrated

whitelist-based ﬁrewall and a WireGuard VPN access. They

connect a network island, e.g. with automation components,

to a higher-level local network. Parallel to this, secure remote

access to the participants of the island network can take place

via the Wireguard VPN as a client or server. Suitable ﬁlter

rules at TCP/IP level protect all networks from unauthorized,

undesired and harmful communication.

The Microwall IO has 2 digital inputs and 2 digital outputs,

which allow the control of router/ﬁrewall functions and the

evaluation of messages in automation environments.

W&T

Content

1 Legal information and safety�� 7

1.1 Legal notices .....................................................................8

1.2 Safety notices ..................................................................10

2 Hardware, interfaces and displays �� 13

2.1 Hardware installation........................................................14

2.2 Power supply....................................................................15

2.2.1 PoE- supply .................................................................15

2.2.2 External power supply ................................................15

2.3 Network Interfaces........................................................... 16

2.4 System and Error LED.......................................................18

2.4.1 System LED (green) .................................................18

2.4.2 Service LED (red) .....................................................18

2.5 Service button.................................................................. 19

3 Start-up �� 21

3.1 IP assignment via DHCP ................................................... 22

3.2 Initial assignment of IP parameters with WuTility .............23

3.3 Start-up via the default IP address....................................26

3.4 Initial web page ...............................................................27

4 Web based management �� 31

4.1 Start and navigation concept of the WBM ......................... 32

4.2 Login/Logout...................................................................33

4.3 Help and description texts ............................................... 34

5 DHCP server & Discover assistant �� 35

5.1 DHCP server.....................................................................36

5.2 Discover assistant............................................................38

6 Operating modes and rule conﬁguration �� 39

6.1 Mode NAT router ............................................................. 40

6.2 Mode Standard router .....................................................42

6.3 Mode Standard router with static NAT..............................44

6.4 IP inventories...................................................................46

6.4.1 Scan of Network 2.......................................................47

6.5 Creating ﬁrewall rules...................................................... 48

6.5.1 Using hostnames as the target of a rule ......................51

6.6 Examples Firewall rules....................................................52

6.6.1 Mode Standard router, Network 2 to Network 1 ..........52

6.6.2 Mode NAT-Router, Network 1 to Network 2.................54

W&T

7 Wireguard VPN server �� 57

7.1 Overview WireGuard VPN Server .......................................58

7.2 Conﬁguring the VPN environment....................................59

7.3 VPN client inventory......................................................... 61

7.3.1 New VPN clients - Standard conﬁguration....................61

7.3.2 New VPN clients - Advanced conﬁguration ..................63

7.4 VPN rules.........................................................................65

7.5 Step by step: VPN access for a mobile device ................... 68

8 Wireguard VPN client �� 75

8.1 Overview WireGuard VPN-Client........................................76

8.2 VPN client ........................................................................77

9 Wireguard-VPN Box-to-Box �� 81

9.1 Overview WireGuard VPN Box-to-Box................................82

9.1.1 Conﬁguration example VPN Box-to-Box.......................82

10 Digital inputs and outputs (only Microwall IO)��89

10.1 Digital inputs................................................................. 90

10.1.1 Wiring of the digital inputs .......................................90

10.2 Digital outputs...............................................................92

10.2.1 Wiring of the digital outputs .....................................92

11 Security & Maintenance�� 93

11.1 Security notes ................................................................ 94

11.1.1 Function and typical use ...........................................94

11.1.2 Requirements for integrators and operators..............94

11.1.3 Installation location ..................................................95

11.1.4 Commissioning.........................................................95

11.1.5 Operation and conﬁguration .....................................96

11.1.6 Service, maintenance and decommissioning..............99

11.2 Up-/Download Conﬁguration data................................100

11.3 Firmware updates ........................................................ 102

11.3.1 Where is the latest ﬁrmware available? ....................102

11.3.2 Firmware update with WuTility ................................103

11.3.3 Firmware Update via Web-Based Management .........104

11.4 Individual certiﬁcates...................................................106

11.5 Emergency access to the Microwall ..............................108

11.6 Reset to default settings .............................................110

Appendix�� 111

Technical data and form factor ............................................112

Microwall VPN, #55211......................................................112

Microwall IO, #55212.........................................................113

Index �� 114

W&T

Subject to error and alteration

1 Legal information and safety

W&T

1�1 Legal notices

Warning concept

This manual contains notices that must be observed for your

personal safety as well as to prevent damage to equipment.

The notices are emphasized using a warning sign. Depending

on the hazard level the warning notices are shown in

decreasing severity as follows.

1DANGER

Indicates a hazard which results in death or severe injury if no

appropriate preventive actions are taken.

1WARNING

Indicates a hazard which results in death or severe injury if no

appropriate preventive actions are taken.

1CAUTION

Indicates a hazard that can result in slight injury if no

appropriate preventive actions are taken.

1NOTE

Indicates a hazard which can result in equipment damage if

no appropriate preventive actions are taken.

If more than one hazard level pertains, the highest level

of warning is always used. If the warning sign is used in a

warning notice to warn of personal injury, the same warning

notice may have an additional warning of equipment damage

appended.

Qualiﬁed personnel

The product described in this manual may be installed and

placed in operation only by personnel who are qualiﬁed for

the respective task.

W&T

Subject to error and alteration

The documentation associated with the respective task

must be followed, especially the safety and warning notices

contained therein.

Qualiﬁed personnel are deﬁned as those who are qualiﬁed

by their training and experience to recognize risks when

handling the described products and to avoid possible

hazards.

Disposal

Electronic equipment may not be disposed of with normal

waste, but rather must be brought to a proper electrical scrap

processing facility.

The complete declarations of conformity for the devices de-

scribed in the instructions can be found on the respective In-

ternet data sheet page on the W&T homepage at http://www.

wut.de.

Symbols on the product

Symbol Explanation

CE mark

The product conforms to the requirements

of the relevant EU Directives.

WEEE mark

The product may not be disposed of with

normal waste, but rather in accordance

with local disposal regulations for electri-

cal scrap.

W&T

1�2 Safety notices

General notices

This manual is intended for the installer of the Microwall

described in the manual and must be read and understood

before starting work. The devices are to be installed and put

in operation only by qualiﬁed personnel.

Intended use

1DANGER

The Microwall VPN is an industrial-grade IPv4 router with two

1000BaseT network ports, integrated whitelist-based ﬁrewall

and a Wireguard VPN client/server. It connects a network

island to a superordinate local network. At the same time,

secure remote access to the participants of the island network

can be provided via the WireGuard VPN. Suitable ﬁlter rules on

TCP/IP level protect all networks from unauthorized, undesi-

red and harmful communication.

The Microwall IO has 2 digital inputs and 2 digital outputs,

which allow the control of router/ﬁrewall functions and the

evaluation of messages in automation environments

Any other use or modiﬁcation of the described devices is not

intended.

Electrical safety

1WARNING

Before beginning any kind of work on the Microwall you must

completely disconnect it from power. Be sure that the device

cannot be inadvertently turned on again!

The Microwall may be used only in enclosed and dry rooms.

The device should not be subjected to high ambient tempera-

tures or direct sunlight, and it should be kept away from heat

This manual suits for next models

Table of contents

Popular Firewall manuals by other brands

Fortinet

Fortinet FSM-500F Configuration guide

Cisco

Cisco Meraki MX100 installation guide

Cisco

Cisco S190 quick start guide

Fortinet

Fortinet FortiGate Voice Series install guide

SecureLogix

SecureLogix ETM System installation guide

Huawei

Huawei USG6000 Series Upgrade guide

NETGEAR

NETGEAR ProSafe FVX538 Reference manual

Lanner

Lanner FW-8877 user manual

Nexcom

Nexcom DNA 1150 user manual

Cisco

Cisco 3110 Hardware installation guide

Fortinet

Fortinet FortiGate-60 series install guide

ADTRAN

ADTRAN NetVanta 2300 Specifications

Swisscom

Swisscom Internet Backup manual

SonicWALL

SonicWALL NSa 5700 quick start guide

DPtech

DPtech FW1000 SERIES Maintenance manual

FEITIAN

FEITIAN MultiPass FIDO product manual

Trend Micro

Trend Micro Deep Edge quick start guide

Smoothwall

Smoothwall S10 Appliance Getting started guide

W&T 55211 User manual

Popular Firewall manuals by other brands