Transcript:
[0m:00s] Hey, I’m Mitchell. Welcome to another video in the RSP Education Series. In this video, we’re diving into one of the most critical features of any industrial wireless router—firewall rules. Whether you’re working with PLCs on a factory floor or monitoring RTUs at a remote site, securing your communication pathways is non-negotiable. Today, using the Semtech AirLink XR60 as our example, we’ll break down how firewall rules control traffic in and out of your network, how they protect systems from threats, ensure only approved devices can communicate, and support compliance with industrial security standards. If you like this kind of content and want more educational videos, please like and subscribe. This video is for educational purposes only. Always consult a professional for your application. RSP Supply is not liable for any misuse of this information. With that said, let’s get right into it.
[0m:57s] In industrial automation, routers use firewall rules to protect the network. These rules control what traffic can come in—called ingress—and what can go out—called egress. This setup helps stop hackers, block malicious software, and make sure only authorized devices can talk to each other. Firewalls are essential in environments like factories, power plants, and water treatment facilities, where networks connect PLCs, HMIs, RTUs, and IoT devices. By controlling traffic flow, firewalls protect against cyber threats, ensure safety, and keep operations running smoothly.
[1m:43s] The key elements of firewall rules include controlling ingress and egress traffic. Ingress rules prevent unauthorized systems or users—especially from the internet or business networks—from accessing critical OT devices such as PLCs or HMIs. Egress rules control outbound traffic to prevent malware from sending data to external sources. Firewalls also filter industrial communication protocols, allowing only trusted and necessary ones like Modbus TCP, PROFINET, DNP3, or OPC UA, while blocking unauthorized applications such as remote desktop or VNC unless explicitly approved.
[2m:27s] Network segmentation is another important security layer. Following standards like ISA/IEC 62443, networks are divided into zones to isolate OT from IT systems. A DMZ, or demilitarized zone, provides a buffer where remote access can be safely managed. For example, rules can be configured so that only specific IT devices can communicate with OT assets under controlled conditions. Deep packet inspection is another feature that allows the router to analyze network traffic in real time and detect suspicious behavior—like unusual Modbus commands from a PLC—so it can block harmful activity and prevent denial-of-service attacks.
[3m:17s] Firewall rules also play a role in secure remote access. Only encrypted VPN connections such as IPSec or OpenVPN are allowed, ensuring that remote engineers can reach PLCs or HMIs safely. Access can even be restricted to specific IP addresses for extra protection. Here are some common examples of industrial firewall rules. First, allowing communication from a corporate network to a PLC using Modbus TCP on port 502, which enables SCADA systems to communicate safely. Second, blocking all other traffic by default with a “deny all” rule, ensuring that nothing enters the OT network unless specifically approved. Third, creating a controlled rule for remote maintenance by allowing Remote Desktop Protocol (RDP) traffic on port 3389 only through a secure VPN.
[4m:42s] These examples demonstrate how firewall rules maintain both security and control by defining who can communicate, what can pass through, and how those interactions are monitored. The results are reduced cyber risk, compliance with security standards, and improved network reliability. To recap, firewall rules are essential for keeping your industrial network safe—especially when using advanced routers like the Semtech AirLink XR60. We covered how ingress and egress rules control incoming and outgoing traffic, how protocol filtering ensures clean communication, and how segmentation and VPN-based remote access protect your system from external threats. With the right firewall configurations in place, you’re not just protecting devices—you’re protecting uptime, reliability, and peace of mind across your entire operation. For a full line of Semtech AirLink XR60 routers and hundreds of thousands of other industrial automation products, visit RSPSupply.com, the internet’s top source for industrial hardware.