Air-Gapped PLC Remote Access:
Troubleshoot Machines Without the Flight

Bypass restrictive IT firewalls safely without compromising corporate LAN security. Our solution delivers secure PLC remote access via air-gapped 4G VPN gateways, letting you diagnose and reprogram globally while reducing warranty travel by up to 90%.

Explore Remote Architecture ↓
Secure Outbound Connectivity | AES-256 OpenVPN/IPsec Encryption | Zero Inbound Firewall Ports Required

The Nightmare of On-Site Commissioning

The Factory IT Blockade

End-users will not let your machine onto their corporate LAN. Trying to get an IP address or port-forwarding rule from their IT department takes weeks of red tape and compliance audits.

“Bricking” the PLC

Using cheap consumer routers leads to dropped packets. A single connection loss during a Siemens TIA Portal or Allen-Bradley logic download can corrupt the controller entirely.

Blind Spots in Peripherals

The PLC only knows what it’s wired to. If a remote pump trips or a cabinet door is left open, you have zero visibility without flying a tech on-site for a simple visual check.

Our Strategy: Air-Gapped Cellular Tunnels

1. Independent 4G Cellular Backhaul

Provide your own internet using your local SIM or global roaming IoT cards. An air-gapped cellular gateway establishes a dedicated connection, creating a complete physical air-gap from the customer’s corporate network. Zero LAN conflicts, zero IT friction, and complete isolation from factory internal threats.

2. Rock-Solid VPN Encrypted Tunnels

Support for self-hosted OpenVPN/IPsec servers or the Valtoris Secure Cloud ensures that your PLC remote access path from TIA Portal or Studio 5000 directly to the machine is strictly encrypted (AES-256) and TCP-stable. No dropped downloads, no exposed IP addresses.

3. Out-of-Band Peripheral Monitoring (Modbus TCP)

Don’t waste expensive PLC I/O points. Use an edge I/O module to passively monitor cabinet temperatures, fluid levels, or external alarms over Ethernet, independent of the main controller’s operating cycle.

Remote Diagnostics Topology

Click the nodes to see how we bypass firewalls and establish direct control.

Interactive diagram illustrating secure PLC remote access architecture. An engineer uses TIA Portal or Studio 5000 from the office to connect via an encrypted OpenVPN/IPsec tunnel. This tunnel reaches a remote 4G cellular gateway installed in the factory, completely bypassing the local IT firewall. The gateway provides direct routing to the main PLC, local HMI screen via VNC, and an edge I/O module for monitoring auxiliary equipment status.
▷ SECURE MACHINE-TO-CLOUD TUNNELING
Your Office
TIA Portal / Studio 5000
Encrypted Cloud
OpenVPN / IPsec Tunnel
Cellular Gateway
4G Air-Gapped Connection
Main PLC
Logic & Control (Siemens/AB)
HMI Screen
VNC Remote Viewing
Edge I/O Module
Auxiliary Status & Alarms

Node Info

    The OEM Remote Ready Stack

    * Designed specifically for industrial control panels. Features DIN-rail mounting, 24V DC power inputs, and a wide operating temperature range to survive harsh factory environments.

    ComponentRole in Remote ArchitectureRecommended Hardware
    The Secure GatewayProvides cellular internet, manages OpenVPN/IPsec tunnels, and establishes reliable PLC remote access by handling port-forwarding to internal controllers. Valtoris VT-LTE400 →
    Peripheral MonitorModbus TCP/RTU I/O block (DI/DO/AI). Monitors cabinet doors, external pump limits, and triggers remote alarms without touching PLC logic. Valtoris 4CH-IO-ETH →

    Download the PLC Remote Routing Cheat Sheet

    Stop guessing IP configurations. Get our engineer-to-engineer PDF guide on setting up static routes, OpenVPN certs, and port forwarding for Siemens S7 and Allen-Bradley environments.

    VPN_Routing_Guide_PLC.pdf

    ✓ Practical routing tables, no sales pitch.

    We treat your inbox with respect. Direct PDF download upon submission.

    Stop Paying for Unnecessary Service Flights

    Order a Gateway to Test in Your Office Consult an Access Specialist