Ground Control Logo 19 Years of Satellite Communications | U.S. - 800.773.7168 | International +1.805.783.4600
BGAN Firewall Rules Banner
Home >  Products > Portable & Carry Systems > BGAN Main Page   > BGAN Security  > BGAN Firewall Rules
BGAN Main Page
All BGAN Terminals
BGAN Service Plans
BGAN Coverage Map
Compare All Terminals
BGAN Photo Gallery
BGAN Firewall Rules
BGAN Launchpad
BGAN In-Motion Terminals
BGAN Link Service
BGAN M2M Service
BGAN Security Options
BGAN Video Streaming
BGAN Optimization
BGAN Security
BGAN VPN Security
BGAN Portable Broadband - Remote User
BGAN Can be used while in a moving vehicle
MCD-4800 On a Ship
BGAN Satellite Internet Vehicle Use
  BGAN Firewall Rules by Ground Control
BGAN Firewall rules are a free service offered to all Ground Control BGAN subscribers
BGAN Firewall Traffic Rules reside at the BGAN satellite teleports and effectively block all traffic except what you provide Ground Control in a whitelist of allowed IP addresses.  By default, ALL outgoing traffic from the BGAN terminal is open, and ALL incoming "initiated" traffic from the Internet is blocked (Note: incoming initiated traffic is only allowed if a BGAN SIM card is assigned a public IP address for an added cost of $25 per SIM each month, or is using IPSec VPN).

An effective firewall can slash unauthorized BGAN usage and save thousands of dollars by limiting what the BGAN terminal may connect with, like certain IP addresses and/or just email, or by any combination of rules possibilities in the table below. We highly recommend all of our subscribers use this free service. Simply ask your sales rep, or write for details on how you would like to use this service.

BGAN Firewall Rule Possibilities
Allow/deny any IP address or range of IP addresses for Whitelist/Blacklist.
Allow/deny Email by SMTP and/or POP3 and/or IMAP and/or secure SMTP.
Allow/deny TCP, UDP, ICMP, SKIP, GRE, ESP, and IP protocols.
Allow/deny HTTP (Web Browsing), and/or HTTPS.
Allow/deny FTP (File Transfer Protocol).
  ALL other traffic will be denied from the list of rules chosen above

Creating BGAN Firewall Traffic Rules
To quickly understand how this service works, the below screen shows how one (or more) traffic rules would be created for each individual BGAN M2M Sim Card.

BGAN Firewall
BGAN Traffic Whitelist

Multiple firewall rules will establish a more complete whitelist (or blacklist). Above is a typical whitelist that allows limited traffic FROM the Internet TO the BGAN terminal. Whitelists are a common rules since they limit traffic ONLY to certain IP addresses, such as between a remote BGAN terminal IP address and a corporate server IP address.

There are 4 possible traffic types that can be configured:
Whitelist to allow listed IP traffic from the Internet to the BGAN terminal
Whitelist to allow listed IP traffic from the BGAN terminal to the Internet
Blacklist to deny listed IP traffic from the Internet to the BGAN terminal
Blacklist to deny listed IP traffic from the BGAN terminal to the Internet

To establish firewall rules for your BGAN SIM card or for more information regarding setting up traffic rules, please email your Firewall whitelist, your Ground Control account number, and the BGAN SIM card number to

Other BGAN Security Options
Ground Control also provides many other ways to secure your BGAN connection, such as IPSec VPN, Co-Location VPN, Point-to-Point VPN, and Private MPLS Networks - more

BGAN Main Page BGAN Service Plans All BGAN Terminals
BGAN Coverage Map BGAN FAQ BGAN Prepaid Vouchers
BGAN Photo Gallery BGAN In-Motion Terminals BGAN Video Streaming
Compare All Terminals BGAN Launchpad BGAN Optimization

Copyright © 2002-2021 Ground Control. All Right Reserved.