W&T 55211 User manual
Manual
Startup and application
Microwall
Valid for the following models:
#55211: Microwall VPN
Firmware 1.30 or higher
#55212: Microwall IO
Firmware 1.10 or higher
Release 1.06 006/2022
W&T
www.WuT.de
W&T
© 06/2022 by Wiesemann und Theis GmbH
Microsoft and Windows are registered trademarks of Microsoft
Corporation.
WireGuard and the WireGuard logo are registered trademarks
of Jason A.Donenfeld
Subject to error and alteration:
Since we can make mistakes, none of our statements may be
used unchecked. Please report any errors or misunderstan-
dings you become aware of so that we can identify and cor-
rect them as quickly as possible.
Only carry out work on or with W&T products if you are de-
scribed here and have read and understood the instructions
completely. Unauthorized action can cause dangers. We are
not liable for the consequences of arbitrary action. In case of
doubt, please ask us or your dealer again!
This device contains software components that are licensed
under one or more open source licenses. For more informati-
on, refer to your device.
You can also obtain the source text from us in the form of a
data carrier at cost price for a period of three years after the
last delivery. Please contact us for this purpose at info@wut.
de.
W&T
Introduction
The Microwall VPN and Microwall IO are industrial-grade IPv4
router with two 1000BaseT network connections, integrated
whitelist-based firewall and a WireGuard VPN access. They
connect a network island, e.g. with automation components,
to a higher-level local network. Parallel to this, secure remote
access to the participants of the island network can take place
via the Wireguard VPN as a client or server. Suitable filter
rules at TCP/IP level protect all networks from unauthorized,
undesired and harmful communication.
The Microwall IO has 2 digital inputs and 2 digital outputs,
which allow the control of router/firewall functions and the
evaluation of messages in automation environments.
W&T
Content
1 Legal information and safety����������������������������������� 7
1.1 Legal notices .....................................................................8
1.2 Safety notices ..................................................................10
2 Hardware, interfaces and displays ������������������������ 13
2.1 Hardware installation........................................................14
2.2 Power supply....................................................................15
2.2.1 PoE- supply .................................................................15
2.2.2 External power supply ................................................15
2.3 Network Interfaces........................................................... 16
2.4 System and Error LED.......................................................18
2.4.1 System LED (green) .................................................18
2.4.2 Service LED (red) .....................................................18
2.5 Service button.................................................................. 19
3 Start-up ������������������������������������������������������������������ 21
3.1 IP assignment via DHCP ................................................... 22
3.2 Initial assignment of IP parameters with WuTility .............23
3.3 Start-up via the default IP address....................................26
3.4 Initial web page ...............................................................27
4 Web based management ���������������������������������������� 31
4.1 Start and navigation concept of the WBM ......................... 32
4.2 Login/Logout...................................................................33
4.3 Help and description texts ............................................... 34
5 DHCP server & Discover assistant ������������������������� 35
5.1 DHCP server.....................................................................36
5.2 Discover assistant............................................................38
6 Operating modes and rule configuration ��������������� 39
6.1 Mode NAT router ............................................................. 40
6.2 Mode Standard router .....................................................42
6.3 Mode Standard router with static NAT..............................44
6.4 IP inventories...................................................................46
6.4.1 Scan of Network 2.......................................................47
6.5 Creating firewall rules...................................................... 48
6.5.1 Using hostnames as the target of a rule ......................51
6.6 Examples Firewall rules....................................................52
6.6.1 Mode Standard router, Network 2 to Network 1 ..........52
6.6.2 Mode NAT-Router, Network 1 to Network 2.................54
W&T
7 Wireguard VPN server �������������������������������������������� 57
7.1 Overview WireGuard VPN Server .......................................58
7.2 Configuring the VPN environment....................................59
7.3 VPN client inventory......................................................... 61
7.3.1 New VPN clients - Standard configuration....................61
7.3.2 New VPN clients - Advanced configuration ..................63
7.4 VPN rules.........................................................................65
7.5 Step by step: VPN access for a mobile device ................... 68
8 Wireguard VPN client ��������������������������������������������� 75
8.1 Overview WireGuard VPN-Client........................................76
8.2 VPN client ........................................................................77
9 Wireguard-VPN Box-to-Box �������������������������������������� 81
9.1 Overview WireGuard VPN Box-to-Box................................82
9.1.1 Configuration example VPN Box-to-Box.......................82
10 Digital inputs and outputs (only Microwall IO)�����89
10.1 Digital inputs................................................................. 90
10.1.1 Wiring of the digital inputs .......................................90
10.2 Digital outputs...............................................................92
10.2.1 Wiring of the digital outputs .....................................92
11 Security & Maintenance������������������������������������������ 93
11.1 Security notes ................................................................ 94
11.1.1 Function and typical use ...........................................94
11.1.2 Requirements for integrators and operators..............94
11.1.3 Installation location ..................................................95
11.1.4 Commissioning.........................................................95
11.1.5 Operation and configuration .....................................96
11.1.6 Service, maintenance and decommissioning..............99
11.2 Up-/Download Configuration data................................100
11.3 Firmware updates ........................................................ 102
11.3.1 Where is the latest firmware available? ....................102
11.3.2 Firmware update with WuTility ................................103
11.3.3 Firmware Update via Web-Based Management .........104
11.4 Individual certificates...................................................106
11.5 Emergency access to the Microwall ..............................108
11.6 Reset to default settings .............................................110
Appendix������������������������������������������������������������������� 111
Technical data and form factor ............................................112
Microwall VPN, #55211......................................................112
Microwall IO, #55212.........................................................113
Index ������������������������������������������������������������������������� 114
W&T
7
W&T
Subject to error and alteration
1 Legal information and safety
8
W&T
1�1 Legal notices
Warning concept
This manual contains notices that must be observed for your
personal safety as well as to prevent damage to equipment.
The notices are emphasized using a warning sign. Depending
on the hazard level the warning notices are shown in
decreasing severity as follows.
1DANGER
Indicates a hazard which results in death or severe injury if no
appropriate preventive actions are taken.
1WARNING
Indicates a hazard which results in death or severe injury if no
appropriate preventive actions are taken.
1CAUTION
Indicates a hazard that can result in slight injury if no
appropriate preventive actions are taken.
1NOTE
Indicates a hazard which can result in equipment damage if
no appropriate preventive actions are taken.
If more than one hazard level pertains, the highest level
of warning is always used. If the warning sign is used in a
warning notice to warn of personal injury, the same warning
notice may have an additional warning of equipment damage
appended.
Qualified personnel
The product described in this manual may be installed and
placed in operation only by personnel who are qualified for
the respective task.
9
W&T
Subject to error and alteration
The documentation associated with the respective task
must be followed, especially the safety and warning notices
contained therein.
Qualified personnel are defined as those who are qualified
by their training and experience to recognize risks when
handling the described products and to avoid possible
hazards.
Disposal
Electronic equipment may not be disposed of with normal
waste, but rather must be brought to a proper electrical scrap
processing facility.
The complete declarations of conformity for the devices de-
scribed in the instructions can be found on the respective In-
ternet data sheet page on the W&T homepage at http://www.
wut.de.
Symbols on the product
Symbol Explanation
CE mark
The product conforms to the requirements
of the relevant EU Directives.
WEEE mark
The product may not be disposed of with
normal waste, but rather in accordance
with local disposal regulations for electri-
cal scrap.
10
W&T
1�2 Safety notices
General notices
This manual is intended for the installer of the Microwall
described in the manual and must be read and understood
before starting work. The devices are to be installed and put
in operation only by qualified personnel.
Intended use
1DANGER
The Microwall VPN is an industrial-grade IPv4 router with two
1000BaseT network ports, integrated whitelist-based firewall
and a Wireguard VPN client/server. It connects a network
island to a superordinate local network. At the same time,
secure remote access to the participants of the island network
can be provided via the WireGuard VPN. Suitable filter rules on
TCP/IP level protect all networks from unauthorized, undesi-
red and harmful communication.
The Microwall IO has 2 digital inputs and 2 digital outputs,
which allow the control of router/firewall functions and the
evaluation of messages in automation environments
Any other use or modification of the described devices is not
intended.
Electrical safety
1WARNING
Before beginning any kind of work on the Microwall you must
completely disconnect it from power. Be sure that the device
cannot be inadvertently turned on again!
The Microwall may be used only in enclosed and dry rooms.
The device should not be subjected to high ambient tempera-
tures or direct sunlight, and it should be kept away from heat
This manual suits for next models
1
Table of contents
