NetWall USG

One-way security gateway for IT and OT

NetWall USG provides real-time access to OT data and enables secure data transfer to the OT environment without compromising the security and integrity of your critical production systems.

NetWall USG provides

  • Lossless, unidirectional data communication
  • Isolates OT/ICS assets from cyber attacks
  • Prevents malicious C&C communications from OT networks
  • Segregates and protects networks, devices, CADA, DCS, HMI and PLCs
  • Seamless integration with OPSWAT MetaDefender Kiosk and Vault
  • Secure transfer of software updates and other files to a protected domain

NetWall USG – Guaranteed delivery of data

No data loss

The mechanism that guarantees data delivery ensures reliable operation and saves valuable bandwidth.

No overruns

An anti-overload mechanism eliminates data overflow, retransmissions and synchronization problems.

Without a return path

A networked serial connection between a pair of NetWall USG servers enforces unidirectional data flow.

Scalable industrial cyber security

OPSWAT NetWall USG consists of two 1U server devices with a non-network serial connection between them

Easy implementation

The pre-configured platform deploys quickly and seamlessly.

High scalability

Choose a bandwidth of 50Mbit, 100Mbit, 1Gbit or 10Gbit – all software can be selected to meet current and future requirements.

Easy to use

Ready to use within minutes after a one-time setup. No auditing or firewall configuration is required.

Full support for industrial protocols

It includes OPC DA, A&E and UA, as well as Modbus/TCP, file transfer and TCP/UDP sockets.

Transparency for users

Fast and faithful data replication means that there is no need to change the work procedures of corporate users.

Ensures regulatory compliance

Ensures compliance with industry cyber security standards:
NERC CIP, NIST CSF, ICS, 800-82, 800-53, IEC 62443
NRC 5.71, CFATS, ISO 27001, 27032, 27103, ANSSI, IIC SF and others.

Protection against industrial attack techniques presented by MITRE ATT&CK for ICS.

Secure file transfer from IT to OT resources

NetWall vs. Firewall, router rules and VLANs

True one-way behavior, with no routable connections to the protected zone.

Function OPSWAT NetWall Other network solutions
Routing configuration
Interruption of protocol, complete removal from TCP/IP connection
Meets the functional requirements of data diodes
Guaranteed delivery with non-rejectable data traffic
No complex rule-building
Guaranteed prevention of malware propagation
No ARP, BGP, TCP/IP handshake.

NetWall vs. hardware data diodes

Reliable data transfer and replication without compromise.

Function OPSWAT NetWall Data Diodes
One-way gate
Complete interruption of the protocol
Support all industrial protocols without the need for manufacturer's HW and SW
Guaranteed data delivery
Efficient data synchronization and replication
Improving throughput (reducing the number of transmission repetitions)
Same hardware for bandwidths from 50 Mbit/s to 10 Gbit/s
Hardware dongle for administrator access
Quick and easy implementation
Cost-effectiveness through competitive subscription options