|
|
|
|
BGAN Firewall Rules by Ground Control
BGAN Firewall rules are a free service offered to all Ground Control BGAN subscribers |
|
BGAN Firewall Traffic Rules reside at the BGAN satellite teleports and effectively block all traffic except what you provide Ground Control in a whitelist of allowed IP addresses. By default, ALL outgoing traffic from the BGAN terminal is open, and ALL incoming "initiated" traffic from the Internet is blocked (Note: incoming initiated traffic is only allowed if a BGAN SIM card is assigned a public IP address for an added cost of $25 per SIM each month, or is using IPSec VPN).
An effective firewall can slash unauthorized BGAN usage and save thousands of dollars by limiting what the BGAN terminal may connect with, like certain IP addresses and/or just email, or by any combination of rules possibilities in the table below. We highly recommend all of our subscribers use this free service. Simply ask your sales rep, or write support@groundcontrol.com for details on how you would like to use this service.
► |
Allow/deny any IP address or range of IP addresses for Whitelist/Blacklist. |
► |
Allow/deny Email by SMTP and/or POP3 and/or IMAP and/or secure SMTP. |
► |
Allow/deny TCP, UDP, ICMP, SKIP, GRE, ESP, and IP protocols. |
► |
Allow/deny HTTP (Web Browsing), and/or HTTPS. |
► |
Allow/deny FTP (File Transfer Protocol). |
|
ALL other traffic will be denied from the list of rules chosen above |
To quickly understand how this service works, the below screen shows how one (or more) traffic rules would be created for each individual BGAN M2M Sim Card.
 |
|
 |
Multiple firewall rules will establish a more complete whitelist (or blacklist). Above is a typical
whitelist that allows limited traffic FROM the Internet TO the BGAN terminal. Whitelists are a common rules since they limit traffic ONLY to certain IP addresses, such as between a remote BGAN terminal IP address and a corporate
server IP address.
There are 4 possible traffic types that can be configured:
► Whitelist to allow listed IP traffic from the Internet to the BGAN terminal
► Whitelist to allow listed IP traffic from the BGAN terminal to the Internet
► Blacklist to deny listed IP traffic from the Internet to the BGAN terminal
► Blacklist to deny listed IP traffic from the BGAN terminal to the Internet
To establish firewall rules for your BGAN SIM card or for more information regarding setting up traffic rules, please email your Firewall whitelist, your Ground Control account number, and the BGAN SIM card number to support@groundcontrol.com
Ground Control also provides many other ways to secure your BGAN connection, such as IPSec VPN, Co-Location VPN, Point-to-Point VPN, and Private MPLS Networks - more
|
|
|
|