Firewall for Manufacturers: A 2025 Review

Manufacturing networks face unique challenges, and not every firewall is built to handle them. Many enterprise firewalls come bloated with unnecessary features and outdated complexity—an IT manager’s worst nightmare. Let’s focus on what manufacturers actually need in a firewall for 2025.

What to Look for in a Firewall Solution

1. Simplicity

A firewall should protect your network, not complicate it. Overly complex systems with bloated management interfaces and obscure settings invite misconfiguration—a top cause of breaches.

Choose a firewall that prioritizes simplicity. From small enterprise solutions like Meraki or Fortinet, to more technology advanced like MikroTik, and even personal use oriented like PFsend or Firewalla —solutions that offer powerful Layer 3 (L3) functionality without the bloat. 

Key takeaway: If your firewall takes a team of consultants to properly configure, it’s already failed you.

2. Layer 3 Protection

L3 protection is the baseline for any firewall. It establishes the first inside-outside layer of protection that every manufacturer needs. L3 filtering lets you manage traffic based on IP addresses (and ports, even though firewall providers love to misname their UI and say “protocols”…) — no fluff, just effective perimeter control.

Key takeaway: create a strong first barrier - deny all inbound - without overengineering. This first barrier is here to cut 98% of low sophistication risks.

3. Security: Update fast and add another layer of protection from another vendor

Here’s a harsh truth: some firewall vendors have had a rough few years, racking up CVEs (common vulnerabilities and exposures) that put their customers at risk. Our recommendation is to implement a second firewall in-line from a different vendor, to radically reduce the risk of exploits like we have seen all summer of 2024 on Fortinet gateway.

That’s also where simplicity comes in, if both firewalls are simple, you are in a good posture, if both are complex, you won’t be home in time for dinner. That’s also where you can implement DMZ-like solutions, cough cough Trout, to protect from that risk.

3. Layer 4-7 Protection

With most traffic getting encrypted nowadays, L3 alone won’t cut it. You should look into higher OSI Layer protection.

Our recommendation? Look into proxies to add a strong protection barrier at the higher levels and to give you visibility. Unfortunately RSA and out-of-band analysis are going deprecated, and inline proxies are the way to go for sensitive assets. Software-based solutions - like software-defined airgap - can provide the scalability that’s required here. 

Why Manufacturing Networks Are Special

Manufacturers face challenges that general-purpose firewalls have challenges to address:

1. Larger Sites: Manufacturing facilities usually require more space than services, with equipment and devices spread across larger building or multiple buildings.
   
   
2. Third-Party Equipment: From CNC machines to HVAC systems, manufacturers rely heavily on third-party devices, many of which require remote access for maintenance.
   
   
3. Shared IT Devices: Manufacturing employees often share computers or terminals, making it harder to track and authenticate user activity. 

Practical Firewall Recommendations for Manufacturers

1. Start Simple at the Perimeter

Install a straightforward firewall immediately after your ISP gateway. The primary job here is basic inbound and outbound filtering. You don’t need a complicated setup—just rules that define what comes in and what goes out.

Critical tip: Disable management access from the WAN interface. This is one of the most common and dangerous misconfigurations we still see in manufacturing networks.

2. Use Routed LANs for Internal Segmentation

Treat your internal network as untrusted. Combine VLANs for devices like Wi-Fi access points with routed LANs for internal communications.

• Why Routed LANs? They offer better security (segmentation), visibility (source/destination IP analysis), and performance (no broadcast storms).
• One VLAN for your wifi: Create a VLAN to regroup your access point and allow continuous connectivity while roaming through a building.
• Then scale with routed LANs. Leverage routing and Layer 3 mechanisms to enable east-west communication within your network—whether it’s a computer connecting to a printer, a machine interfacing with an ERP system, or a PLC communicating with SCADA. 

3. Authenticate Users and Machines

Shared IT devices are common in manufacturing, but they create security blind spots. You need to know who is accessing your systems, not just what.

Here’s how:

• Enable Personal Logins: If you use platforms like Microsoft 365 or Google Workspace, implement individual employee logins for shared devices.
• Integrate with Identity Providers: Centralized identity management makes tracking and controlling access easier, ensuring accountability across your network.
• Use physical keycard solutions to authenticate a workforce with gloves & glasses.

Final Thoughts: Cut the Complexity, Secure the Network

Good network security is like a Kouign-amann: simple, layered, resilient. Begin with a straightforward firewall that handles the essentials, then enhance it with an additional network solution (like Trout 😉) to enable internal segmentation, improve visibility, and performance.

Keep it simple. Keep it secure.