Ground Control Logo 19 Years of Satellite Communications | U.S. - 800.773.7168 | International +1.805.783.4600
BGAN M2M Firewall Banner 2
Home > SCADA / M2M Solutions > BGAN Main Page > Hughes 9502 BGAN > BGAN M2M Service  > BGAN M2M Security  >  BGAN M2M Firewall Service
BGAN M2M Service
BGAN M2M Coverage Area
Hughes 9502 Terminal - Main
Accessories M2M Equipment
BGAN M2M Firewall - Free
VPN and Private Networks
BGAN Main Page
Hughes 9502 with Enclosure
One Piece Hughes 9502
Tower Install
Hughes 9502 inside enclosure
Hughes 9502 Contents
Power and Ethernet Connections
Hughes 9502 One Piece on wall
Inside the one-piece 9502
  BGAN M2M Firewall Rules by Ground Control
BGAN Firewall rules are a free service offered to all Ground Control BGAN M2M subscribers

BGAN M2M Firewall Traffic Rules reside at the BGAN satellite teleports and effectively block all traffic except what you provide Ground Control in a whitelist of allowed IP addresses.  By default, ALL outgoing traffic from the BGAN terminal is open, and ALL incoming "initiated" traffic from the Internet is blocked. Incoming initiated traffic is allowed if a BGAN M2M SIM card is assigned a public IP address for an added cost of $20 per SIM each month, or is using IPSec VPN.

With M2M, if no public IP is used, a firewall can slash unauthorized outgoing BGAN usage by limiting what IP addresses the connected device may communicate with. Without a firewall, any destination on the Internet is open (note this "default" outgoing open setting is preferred by many clients). If your M2M is using a public IP, Ground Control requires that you provide a whitelist of approved IP addresses that may communicate with the device connected to the M2M terminal. Limiting incoming initiated traffic to this whitelist protects the BGAN terminal from malicious incoming scans that the subscriber would otherwise be financially responsible for. Simply ask your sales rep or write with how you wish to use the BGAN firewall with your M2M service.

BGAN M2M Firewall Rule Possibilities
Allow/deny any IP address or range of IP addresses for Whitelist/Blacklist.
Allow/deny Email by SMTP and/or POP3 and/or IMAP and/or secure SMTP.
Allow/deny TCP, UDP, ICMP, SKIP, GRE, ESP, and IP protocols.
Allow/deny HTTP (Web Browsing), and/or HTTPS.
Allow/deny FTP (File Transfer Protocol).
  ALL other traffic will be denied from the list of rules chosen above

Creating BGAN M2M Firewall Traffic Rules
To quickly understand how this service works, the below screen shows how one (or more) traffic rules would be created for each individual BGAN M2M SIM card.

BGAN Firewall

BGAN Traffic Whitelist

Multiple firewall rules will establish a more complete whitelist (or blacklist). Above is a typical whitelist that allows limited traffic FROM the Internet TO the BGAN terminal. Whitelists are a common rules since they limit traffic ONLY to certain IP addresses, such as between a remote BGAN terminal IP address and a corporate server IP address.

There are 4 possible traffic types that can be configured:
Whitelist to allow listed IP traffic from the Internet to the BGAN terminal
Whitelist to allow listed IP traffic from the BGAN terminal to the Internet
Blacklist to deny listed IP traffic from the Internet to the BGAN terminal
Blacklist to deny listed IP traffic from the BGAN terminal to the Internet

To establish firewall rules for your BGAN SIM card or for more information regarding setting up traffic rules, please email your Firewall whitelist, your Ground Control account number and the BGAN SIM card number to

Other BGAN M2M Security Options
Ground Control provides many ways to secure your BGAN connection, such as IPSec VPN, Co-Location, Point-to-Point, and Private Networks - more information

  BGAN Main Page   BGAN M2M Service Plans   All BGAN Terminals
  BGAN Coverage Map   BGAN FAQ   BGAN Firewall Rules
  BGAN Photo Gallery   BGAN In-Motion Terminals   BGAN Video Streaming
  Compare All Terminals   BGAN Launchpad   BGAN Optimization
  BGAN Security Options   BGAN Link Service   BGAN Service

Copyright © 2002-2021 Ground Control. All Right Reserved.