Industrial firewall for automation engineers
In many traditionally grown production networks, the focus is on free data exchange across all components and systems. However, if all paths are open, viruses and malware can spread unhindered in the entire network. To prevent this it is recommended to segment the production network into manageable logical units - for example with the industrial firewall mbNETFIX.
mbNETFIX is a self-learning and easy to configure industrial firewall. It is used to secure and segment industrial networks and is especially designed for the mode of operation in industrial automation environments. The configuration is carried out using a specially designed software. At the same time mbNETFIX offers the necessary tools and features with that the firewall can be used easily and safely even by non-specialist personnel. It can be operated in bridge or gateway mode.
In bridge mode it is ideal for upgrading in existing networks. After delivery, it can be installed without any network changes and starts learning the current data traffic immediately.
In gateway mode individual areas of a network can be separated. The integrated learning mode simplifies the creation of filter tables.
For automation engineers
mbNETFIX has been developed to meet the challenges of today's IT and cyber security in networking of machines and systems – without having to call in a specialist for IT security. The firewall fits perfectly into the workflow of the automation company. In learning mode the firewall records all connections. The user then decides on the basis of the recorded packet table which connections are permitted and blocks all others. He is comfortably supported by the MapView function. Thanks to the graphical display, the user can see at a glance which connections are currently configured in the firewall and which network participants have been detected. In addition, the network architecture and activities can be documented.
For conditioning the data traffic, the firewall can filter out the permitted and prohibited data traffic based on the original MAC/IP addresses, the target MAC/IP addresses and the ports.
The concept is based on "Security by Design". In order to keep the attack vectors as small as possible, a web interface for configuration was intentionally omitted. The firewall is configured with software via the USB port. For IT experts an SSH interface is also available which can be activated as an option.