Secure machine networks are becoming mandatory with the European Machinery Regulation and IEC 62443. The Industrial NAT Gateway and machine firewall Wall IE from Helmholz is an equally effective and pragmatic solution for networked machines and production facilities.
The Industrial Security Gateways of the Wall IE series from Helmholz protect machine networks through network segmentation and secure integration into the production network.
(Image: Helmholz)
The topic of machine safety now concerns everyone. At its core, it's about securely integrating machine networks into the overarching production network. The key term here is "Secure OT"—secure operational technology consisting of software and hardware for managing, securing, and controlling industrial control systems, devices, and processes.
In light of growing data communication, there is no way around the separation or segmentation of networks. Concepts with trust zones and secure zone transitions (Zones & Conduits) have proven to be particularly effective for this purpose. This is why IEC 62443 also prescribes a corresponding protection concept: According to this, it is often not appropriate for large or complex systems to apply the same level of protection to all components, as these are subject to different threats and risks. These differences can be represented through the concept of "security zones."
At this point, the question arises as to how such a Zones & Conduits protection concept for networked machines can be specifically implemented. Medium-sized mechanical engineering companies and their customers, in particular, typically seek practical solutions that are not only safe and reliable but also streamlined, efficient, and easy to use without additional external support.
Example network architecture with the Security Gateway WALL IE: Integration of machine networks into the production network via NAT, Bridge, or NAPT mode for secure network segmentation.
(Image: Helmholz)
Such a solution is the NAT Gateway Wall IE from Helmholz. Easily and permanently installed between the machine and the production network, the robust and particularly compact security gateway combines bridge and firewall functions to the extent actually required.
Specifically, Wall IE protects networks by precisely regulating which participant is allowed to exchange data with which device. The prerequisite for this is a packet filter functionality: This allows access between the production network and the automation cell to be restricted. With WALL IE, IP addresses, ports, MAC addresses, and the type of telegram can be filtered in both directions.
All Machines Firmly in View
At the same time, Wall IE also enables the adaptation of the machine's existing IP addresses to the IP addresses in the factory network through NAT (Network Address Translation). Each device in the machine that should be visible externally is assigned an IP address within the factory's address space. Devices in the machine that are not intended to communicate with the outside world are simply excluded. The use of NAT also makes it possible to integrate multiple identical automation cells with the same address range into the production network without having to reconfigure the machines.
In the event that there are not enough IP addresses available in the factory network, the WALL IE can also be integrated into the production network with a single IP address. Access to the devices in the machine is then handled via port forwarding. Filtering and protection always function in both directions. This also allows a factory network to be protected from compromised devices within the machine.
Wall IE Can Also Be Used as a Bridge
As another special feature, the Wall IE can also be used as a bridge in addition to the NAT operating mode. In Bridge Mode, the network participants of the machine already have IP addresses in the same range as the factory network. All filter functions are active, but NAT is deactivated in this case.
The Wall IE was introduced ten years ago and is now active in over 15,000 applications. Mostly driven by customer requests, its functionality has been steadily growing since then. Among the latest innovations is the implementation of 802.1X for authentication. This new feature allows the end customer in the factory network to ensure that no unauthorized devices become active in the network.
Additionally, functions such as extended logging and improved user management have been implemented. Further features, such as Ping and Traceroute, will be integrated into the web interface in the future. Moreover, Helmholz continuously adapts the firmware of the Wall IE to the specific requirements of IEC 62443-4-2. The configuration of the Wall IE can be downloaded, saved, and edited at any time if needed. In 2026, the certification according to IEC 62443 will also be completed by the testing company TÜV.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
:quality(80)/p7i.vogel.de/wcms/a5/e6/a5e646776e849dba4e3b797644666b05/0131517170v1v1.jpeg "The sawing technology specialist Kasto announces that it has developed a new generation of controls that makes sawing even easier. And it has already been successfully tested in practice. Here's a quirky look at it and much more information in the text ... (Image:Kasto)")
:quality(80)/p7i.vogel.de/wcms/13/dc/13dca50a0f1535a38d43f5e2087ef8f4/0131506309v1v1.jpeg "Those dedicated to metal machining and who truly need or want to automate the process cannot, according to Sandvik Coromant, avoid machining tools equipped with sensors. Here, the Swedes explain why this is the case ... (Image: Sandvik Coromant)")
:quality(80)/p7i.vogel.de/wcms/5f/55/5f55ea91cb41cb8f276954617b5ed14f/02-wir-sind-top-zufrieden-3840x2158v1v1.jpeg "The fiber laser cutting system comes standard with an automatic, motorized change table with sectional extraction – for efficient material handling, which is supplemented by Plansky's in-house crane. (Image:Microstep)")
:quality(80)/p7i.vogel.de/wcms/3f/95/3f95f5c37c0ba723a784f4d990bb2cfd/0131547403v1.jpeg "Thin cables made of carbon nanotubes (CNT): they could replace heavy copper cables. (Image:Imdea)")
:quality(80)/p7i.vogel.de/wcms/7f/42/7f42affb75dfaa7226d60346e5454489/im7a6513-rampe-6720x3778v1v1.jpeg "As part of the benchmark, the ability of humanoids to self-stabilize is examined through movements with various walking paths on a ramp. (Image: Image: Fraunhofer IPA/Rainer Bez)")
:quality(80)/p7i.vogel.de/wcms/90/76/9076bc54222b086bfd2b53f38e4a5764/wallie-schild-netzwerk-maschine-background-2516x1414v1v1.png "The Industrial Security Gateways of the Wall IE series from Helmholz protect machine networks through network segmentation and secure integration into the production network. (Image: Helmholz)")
:quality(80)/p7i.vogel.de/wcms/15/6b/156b013495ebac6bb3cd3b632558de81/0131509379v1.jpeg "Depending on the degree of autonomy, AI agents also need appropriate safety limits and monitoring—without restricting their tasks too much. (Image:Gemini / AI-generated)")
:quality(80)/p7i.vogel.de/wcms/ed/ff/edff054136ab9655f85ffe7d942489ca/0131338815v1.jpeg "(Image:AI-generated)")
:quality(80)/p7i.vogel.de/wcms/ee/1a/ee1a263c18a55cfdde8520eefb8a22d4/bild-201-72dpi-922x519v1v1.jpeg "Dorothee Bär (Federal Minister for Research, Technology, and Space) presented the Electrifying Ideas Award to: Dr. Helmut Kreiser (GSI Helmholtz Centre), Philipp Müller (Rittal), and Dr. Thomas Weber (etalytics). Also in the picture: ZVEI President Daniel Hager (ZVEI). (from left to right) (Image: Rittal)")
:quality(80)/p7i.vogel.de/wcms/30/76/30763f7287a8d7b73f1a4aa3a0bb6a36/mark3d-markforged-digitalforge-1-800x533-800x450v1v1.jpeg "MarkForged has developed a range of technologies for additive manufacturing (AM), the Digital Forge platform, to make the benefits of additive manufacturing more reliable and accessible, even for the most demanding manufacturing tasks. (Image: MarkForged)")
:quality(80)/p7i.vogel.de/wcms/1e/fc/1efc25a1554bc033f09e9903bf90780b/ultramid-advanced-t1000-2127x1196v1v1.jpeg "Tests on PPA test specimens have shown that the patented hot welding process can produce resilient welded joints after very short heating times of around ten seconds. (Image:BASF)")
:quality(80)/p7i.vogel.de/wcms/07/7c/077c64538a0fb0ed75ba355989bc69d1/magnesiumschaum-aus-muschelschalenpulver--magnesium-und-calcium-5234x2942v1v1.jpeg "The magnesium foam (center) consists of ground mussel shell powder (left), calcium and magnesium (right). (Image:Hereon/Rabea Osol)")
:quality(80)/p7i.vogel.de/wcms/83/ea/83eab3dde73d8a43c5bfa7cec2b53636/0131541608v2v1.jpeg "Globally, the supplier industry is struggling. The reasons are unfavorable exchange rates, weaker demand for electric vehicles outside of China, and increasing geopolitical and economic pressures. (Image: freely licensed on Pixabay)")
:quality(80)/p7i.vogel.de/wcms/99/f7/99f76f2710829c1b79753c484880067e/0131575259v2v1.jpeg "Energy Service Hub in Chizhou: The facility is the first to utilize the technology of the joint venture. (Image:Bosch)")
:quality(80)/p7i.vogel.de/wcms/8f/e0/8fe0e3334e43ae9250d8935daba7037a/0131571653v2v1.jpeg "BMW and Mistral AI aim to advance AI in crash simulation. (Image:BMW)")
:quality(80)/p7i.vogel.de/wcms/72/87/7287e5452e1c171885653ec6f4f9d750/0131490299v1.jpeg "HTEC and Motion Applied combine expertise to further develop technological solutions for different industries (Image:HTEC Group)")
:quality(80)/p7i.vogel.de/wcms/bc/a6/bca6ad4daac3cfa1cdffa04c725d791b/0131558106v1.jpeg "Electronic skin for industry: Sensors integrated into gloves capture the wearer's finger movements and transmit them in real-time to a robotic gripper. (Image:mc/VCG)")
:quality(80)/p7i.vogel.de/wcms/b1/5f/b15fd41b2b33dbeb4cc687bab3f7aece/0131567723v2v1.jpeg "Microsoft plans to fundamentally improve the memory safety of the programming language by the release of C# 16. The development team is guided by paradigms known from Rust. (Image: Dall-E / AI-generated)")
:quality(80)/p7i.vogel.de/wcms/e5/ec/e5ecd0db602320f5df17db00e3fc20a6/0131484998v1.jpeg "He Tingbo, President of Huawei's Semiconductor Business Unit, at the IEEE International Symposium on Circuits and Systems (ISCAS) 2026 in Shanghai. (Image:Huawei)")
:quality(80)/p7i.vogel.de/wcms/84/92/8492ee5225836eb133e915b80203d0b3/0131485222v1.jpeg "Data sovereignty under control: How the IT architecture determines the usability of machine data for AI. (Image:Atos)")
:fill(fff,0)/images.vogel.de/vogelonline/companyimg/76800/76895/65.jpg "FAULHABER_120mm.jpg ()")
:fill(fff,0)/p7i.vogel.de/companies/69/88/69882c428938e/tmts2026-ticec-banner-en-2000px.png "tmts2026-ticec-banner-en-2000px (https://www.tmts.tw/en)")
:fill(fff,0)/p7i.vogel.de/companies/69/de/69de1b7403b0d/simtos-logo.jpeg "simtos-logo (SIMTOS)"){kind=logo}
:quality(80):fill(efefef,0)/p7i.vogel.de/wcms/68/1a/681a17d912565/elatec-wp7-cybersecurity.png "Elatec WP7 Cybersecurity")
:quality(80)/p7i.vogel.de/wcms/b7/36/b736dfebc16c42d6901d0d0e1f390493/3d-druck-20factory-20--20ki-20generiert-1920x1079v1.png "3d-druck-20factory-20--20ki-20generiert-1920x1079v1 (Source: AI-generated)")
:quality(80)/p7i.vogel.de/wcms/6b/0d/6b0d694b060190016a4db18401fa55eb/0129937458v1.jpeg "0129937458v1 (Picture: ©AI-generated)")
:quality(80)/p7i.vogel.de/wcms/49/29/4929e9145217933764207c891eab9024/0126622587v1.jpeg "In the future, companies must establish effective risk management focused on network security, access control, and incident response. (Image:Softing Industrial)")