How to Select the Appropriate Industrial Firewall

07 December 2025

Introduction:

The advent of a new class of vulnerabilities targeting industrial automation systems is a key problem for convergent networks. Due to a lack of basic security practises, legacy networks are particularly vulnerable to malicious network assaults or unexpected operations. Once infiltrated, these legacy networks can act as back doors, allowing attackers and unauthorised individuals to obtain access to the plant network via enterprise or other industrial networks.

A good awareness of the security difficulties and strong defence methods are essential to address network security issues for industrial control systems. For the protection of vital equipment and expanding security coverage on automation networks at multiple locations, device cells, function zones, and plant sites, a "defense-in-depth" technique can be implemented to industrial control systems.

The correct industrial network security equipment might be the difference between success and failure. When going on a job like this, there are seven things to keep in mind:

1.There is no need to alter the network.

Due to concerns such as IP address reconfiguration, network topology changes, and compatibility with existing networks, deploying a new firewall into industrial control networks can be a difficult procedure. The first step is to figure out which firewall type is best for your network.

To accommodate varied network topologies, a firewall often offers two filtering options: routed and transparent (or bridged). There are two ways to connect:

· A routed firewall protects networks connected to its two logical interfaces by acting as an L3 node. A routed firewall can handle activities like network address translation (NAT) and port forwarding as part of the IP process. Although a routed firewall offers the maximum capability and flexibility, it may necessitate extensive network configuration.

· In a control network where network traffic is exchanged inside a single subnet, a transparent firewall is useful for safeguarding critical devices or equipment. A transparent firewall does not obstruct routing and can be installed in the network without the need to reconfigure the IP subnet.

2. Filtering latency and performance:

Response time is a significant aspect in most industrial control applications. Latency is caused by the data-filtering operations that occur when firewalls are installed in a control network.

Based on the benchmark of filtering data with just one firewall rule, many vendors claim that their firewalls have the best performance.

Hundreds of firewall rules may be used to filter traffic in a control network in the real world, casting doubt on the firewall's true performance. Control data interruptions should be avoided as much as possible, and as much throughput as possible between controllers and I/O devices should be allowed via an industrial firewall. Data-filtering performance must also be consistent across a wide range of control traffic packet types and sizes. A response time in milliseconds is required in general automation applications such as process control, distributed control systems (DCS), and data acquisition to enable real-time operations.

3. Filtering of industrial protocols:

For data transmission, most industrial protocols employ transmission control protocol/Internet protocol (TCP/IP) or user datagram protocol (UDP). To prevent unauthorised access to essential equipment, general firewalls can filter data at the IP or media access control (MAC) layer. Firewalls used to block all inbound traffic and only allow one-way or round-trip traffic with firewall whitelists (a list of emails and Websites considered to be spam-free). Whitelisting, on the other hand, prevents all unlawful hosts while allowing all permitted hosts access at the IP or MAC layer.

4. Industrial-strength design for extreme conditions:

Firewalls are frequently used in cabinets in industrial applications due to tough circumstances such as high temperatures and vibration. The tough design of the firewall is just as crucial as its performance in this scenario. A firewall for industrial applications should adhere to the industry's norms, which may differ depending on the business, such as oil and gas, transportation, railroads, or factory automations.

5. Logging and reporting of firewall events:

Event logging is crucial for ensuring that the firewall rules are deployed and working effectively, regardless of the type of industrial firewalls being used.

Logs also allow administrators to keep track of what's going on in the control network. A good log file maintenance plan, on the other hand, provides for the review of any security events or issues days, weeks, or even months after they happen. Administrators can use these logs to assess the effectiveness of current firewall policies, resulting in ongoing security improvements.

6. Firewall rules can be easily deployed in bulk:

Hundreds or thousands of firewalls can be implemented in industrial applications to manage data traffic and safeguard field equipment from unwanted attacks. A firewall whitelist, which is the most generally used method, only accepts traffic on a network.

This begs the question of how simple it is to update the firewall rules for the various firewalls in use if a new service is added to a control network. Batch command (command-line

interface) and centralised firewall management software are the two methods for large deployment of firewall rules. Both technologies are simple to use and effective for mass deployment. The network administrator's preference will determine whether one or the other is used. Both alternatives should be included in an industrial firewall system.