Introduction

Overview

The MetaDefender Industrial Firewall (MD-IF) is a ruggedized industrial firewall designed to meet the stringent demands of mission-critical OT and ICS infrastructure. It is available in multiple models with high-speed Ethernet ports, and can operate in transparent Layer 2 (inline) mode or Layer 3 routing mode, with stateful packet inspection on every port.

Enhanced by Firewall Learning Mode (FLM), it monitors and analyzes network traffic and automatically generates candidate security policies. These policies can be implemented as protocol-specific Deep Packet Inspection (DPI) rule sets to block anomalies, zero-day vulnerabilities, and DoS/DDoS attacks.

Key capabilities include:

• Stateful packet inspection across all ports, in transparent or routing mode.
• Protocol-specific Deep Packet Inspection (DPI) for industrial protocols, with filtering down to the function/command-code level.
• Firewall Learning Mode (FLM) — automated traffic baselining that proposes security policies before enforcement.
• DoS/DDoS protection at the OT boundary.
• Network segmentation and connectivity — VLAN segmentation, NAT, static and dynamic routing (RIP, OSPF), and VPN (IPSec / OpenVPN).
• Resilient deployment — high availability via VRRP and an integrated hardware bypass for fail-open operation.
• Centralized management and monitoring — web UI, REST API, remote syslog, and SNMP, with optional central management.

License

There are two kinds of license:

• Standard: Supports all protocols except GE protocols.
• GE: Supports all protocols, including GE protocols.

The license is indicated when you purchase.

Protocols and activities

MetaDefender Industrial Firewall supports various Layer 7 protocols, and each protocol supports the following activities:

• Read Only
• Read/Write
• Full Access

The meaning of each activity differs depending on the protocol. Refer to the Protocols and Activities page for the full list of supported protocols and their associated activities.