BGAN Firewall Traffic Rules reside at the BGAN satellite teleports and effectively block all traffic except what you provide Ground Control in a whitelist of allowed IP addresses. By default, ALL outgoing traffic from the BGAN terminal is open, and ALL incoming “initiated” traffic from the Internet is blocked (Note: incoming initiated traffic is only allowed if a BGAN SIM card is assigned a public IP address for an added cost of $25 per SIM each month, or is using IPSec VPN).
An effective firewall can slash unauthorized BGAN usage and save thousands of dollars by limiting what the BGAN terminal may connect with, like certain IP addresses and/or just email, or by any combination of rules possibilities in the table below. We highly recommend all of our subscribers use this free service. Simply ask your sales rep, or email email@example.com with details on how you would like to use this service.
All other traffic will be denied from the list of rules chosen above.
The below screen shows how one or more traffic rules can be created for each individual BGAN M2M SIM card.
Multiple firewall rules will establish a more complete whitelist or blacklist. Above is a typical whitelist that allows limited traffic from the internet to the BGAN terminal. Whitelists are a common rule since they limit traffic to certain IP addresses, such as between a remote BGAN terminal IP address and a corporate server IP address.
To establish firewall rules for your BGAN SIM card or for more information about setting up traffic rules, please email your firewall whitelist, your Ground Control account number, and the BGAN SIM card number to firstname.lastname@example.org.
Ground Control also provides many other ways to secure your BGAN connection, such as IPSec VPN, co-location VPN, point-to-point VPN, and private MPLS networks. More information on BGAN Network Security.