use case — industrial equipment

Remote access to PLCs behind firewalls

Commission, debug, and support industrial equipment inside a customer's network — without asking their IT for a single open port or a site-to-site VPN.

the problem

Plant networks are locked down — as they should be

Every inbound port is a finding in the next security audit. Requests to open one take weeks, vendor VPN boxes multiply in the cabinet, and the machine builder still ends up driving to site. Tollan's agent connects outbound only, so the plant firewall stays exactly as closed as IT wants it.

01 — install

Put an agent next to the line

Download a preconfigured agent or mint an enrollment token, run one installer, and the device connects itself. It runs on the industrial PC or edge gateway you already have in the machine network.

02 — route

Route the services you support

One agent can expose anything on the device network — cameras, PLCs, gateways — each service behind its own route. The PLC's web UI, an HMI, or a diagnostics endpoint each get their own hostname.

03 — gate

Decide who gets in

Attach IP allowlists, basic auth, or mutual-TLS to a route as edge access rules. Your service team reaches the machine; nobody else does.

built for OT reviews

Answers for the security questionnaire

  • Every device holds its own CA-issued certificate. The private key is generated on the device and never leaves it.
  • Revoke a device and its live tunnels drop in seconds — the relay re-checks certificate status continuously. An engineer leaving the project is one click, not a site visit.
  • Passthrough traffic is never decrypted at the relay. We route by TLS SNI without reading a single byte of your payload.
  • Console accounts get role-based access, optional TOTP two-factor, and an append-only audit trail.

The full detail — what we can and cannot see — is on the security page.

Put your first machine online

Free tier, no card required. Fleet pricing when you scale.