Firewall Concept for Remote Monitoring of Water Jet Cutting Machines.



Many years of expertise, an international presence and global service make KMT Waterjet the ideal partner for all companies that successfully implement water jet cutting technologies. The objective of the project is to improve the existing global service by allowing the operating status of every STREAMLINE™ ultra-high pressure pump to be diagnosed centrally, and all service-related control activities to be performed securely and reliably online via the Internet. Hirschmann™ was selected because their products meet the requirements of the industry, are extremely reliable and available worldwide.



The objective of the project was to reach KMT high-pressure pump systems globally from a central location, to manage them via a secure connection, to map software updates and remote service in order to minimize the service costs and offer customers better support.

Project parameters

Ethernet technology was selected for networking the PLC and HMI systems of the KMT high-pressure pumps, as the requirements stipulated great scalability and no restrictions due to cable infrastructures. Also, secure connection and secure dial-in via a firewall system were to be integrated.


Each high-pressure pump system should have at least three Ethernet connections for connecting the HMI and PLC and the local firewall system. The local firewall fulfills a dual function. It prevents unauthorized access to the pumps locally (filter for IP or MAC addresses) and converts IP addresses (NAT - Network Address Translation), as all high-pressure pumps worldwide must have the same IP addresses on the HMI and PLC for service reasons. In order to eliminate the need to employ trained personnel locally (configuration of IP addresses), an ACA 21 USB adapter was used for redundant storage of the firewall parameters, which only has to be reconnected in the event of a fault, thus minimizing the restore times. In order to allow secure dial-up connections to the pumps, a second firewall system with a VPN option (Virtual Private Network) is incorporated in the control center of the respective customer. This firewall is identical to the local firewall and also equipped with an ACA 21 USB. This guarantees a consistent service concept and extremely high security, even for access via the Internet.


Network topology

  • EAGLEmGuard with VPN and SPIDER 5TX EEC for connection

Quantity structure

  • 1x EAGLEmGuard firewall with VPN

Why Hirschmann™?

  • Project support by business partners and Hirschmann™ Consulting
  • Consistency of the product switches, EAGLE firewall system, ACA 21, etc.
  • Extremely high security standard of EAGLE firewall systems
  • Simple configuration and replacement, even without specialist staff (service costs)
  • Hotline support and global availability