Press release BoxID: 670145 (PHOENIX CONTACT Cyber Security AG)
  • PHOENIX CONTACT Cyber Security AG
  • Rudower Chaussee 13
  • 12489 Berlin

mGuard Cybersecurity now with OPC Inspector and Conditional Firewall

(PresseBox) (Hannover / Germany, ) At Hannover Messe 2014, Innominate will present the upcoming version mGuard 8.1 of its security appliance firmware with unique new functions for industrial cybersecurity. Its new module mGuard OPC Inspector masters the complex connection tracking of OPC dialogues across their changing ports and connection directions, thus enabling an effective control and filtering of OPC based on the stateful inspection firewall principle. For OPC communication via mGuard routers, even NAT methods such as masquerading or 1:1 NAT mapping can be used thanks to a special deep packet inspection technique - a true world first and little sensation for experienced OPC users.

With the new Conditional Firewall functionality, pre-defined situational firewall rule sets can literally be activated at the push of a button. By various simple triggering events, asset operators can thus switch between firewall rule sets for different operating conditions, e.g., when different connections shall be allowed or denied during production, maintenance, or remote servicing situations.

Given the threat to industrial systems by ever more targeted attacks with malware, there is also increased user interest in the mGuard Integrity Monitoring functionality. This option provides for the surveillance of industrial PCs against potential infections and manipulations and has been further improved in its usability. Besides physical mGuard appliances, all of the functions mentioned are also available in another showcased new software product, mGuard eVA, the embedded Virtual Appliance for Windows PCs.

Background Information

The classic OPC protocol has been criticized long time for the IT security deficits and notorious firewall unfriendliness it inherited from Microsoft's DCOM model. Also, while OPC communication via routers is allowed, the masquerading or rewriting of addresses by network address translation (NAT) often desired for the integration of machinery and equipment into upper level networks has not been feasible without the help of additional OPC tunnels so far.

With OPC Unified Architecture (OPC-UA), a newer generation of OPC based on updated foundations is available which avoids the above deficits. However, the penetration of the market and installed base with this new technology is progressing slowly. Particularly in existing brown field plants, OPC classic will continue to be deployed for many years to come. Without add-on products, conventional firewalls will remain ineffective for OPC, resulting in poor network security of these applications.

Website Promotion


Innominate, a Phoenix Contact Company, is a leading supplier of components and solutions for controlled and secured communication in industrial networks. The German company specializes in the protection of networked industrial systems and the secure remote diagnosis and maintenance of machinery and equipment over the Internet. Its mGuard product line of network security appliances provides router, firewall, virtual private network (VPN), as well as quality of service (QoS) functionalities and helps with intrusion detection and antivirus protection. The mGuard portfolio is complemented by highly scalable device management software and a Cloud-based Remote Services Portal. Innominate products are marketed worldwide under the mGuard brand through system integrators and OEM partners. Further information can be found at