MPDS Firewall - Stratos Global Corporation
Contents
1. See Table 1 for an example of a network mask to N W bits conversion Table 1 Network Mask to Bits Conversion 255 255 0 0 16 255 255 248 0 21 255 255 255 192 26 255 255 128 0 17 255 255 252 0 22 255 255 255 224 27 255 255 192 0 18 255 255 254 0 23 255 255 255 240 28 255 255 224 0 19 255 255 255 0 24 255 255 255 248 29 255 255 240 0 20 255 255 255 128 25 255 255 255 252 30 e The TO field specifies what the destination receiver of the traffic is e PROTOCOL specifies ICMP UDP TCP GRE ESP IPSEC AH IPSEC SKIP or any Table 2 Used Protocols ID Name 1 CMP Internet Control Message 6 TCP Transmission Control 17 UDP User Datagram 47 GRE General Routing Encapsulation 50 ESP Encapsulating Security Payload 51 AH Authentication Header 57 SKIP SKIP e PORT NUMBER indicates the port number of the specified protocol This specifies the application such as FTP HTTP etc See Chapter 7 for a overview of well known protocol numbers and description Add Rules A Firewall Rule can be added by clicking the ADD RULES button This prompts for the following fields to be entered e From Terminal IP Address IP Address of the mobile user Terrestrial IP Address Any IP Address Terminal Network Mobile LAN MLAN Address Terrestrial Network Network Address Any Allows any IP Address Network e To Terminal IP Address IP Address of the mobile user Terrestrial IP Address Any IP Address Terminal Network Mobile LAN MLAN Addres2. including mobile and fixed satellite and microwave services More than 20 000 customers use Stratos products and industry leading value added services to optimize communications performance Stratos serves U S and international government military first responder NGO oil and gas industrial maritime aeronautical enterprise and media users on seven continents and across the world s oceans For more information visit www stratosglobal com For more information please contact Stratos Toll Free N America 1 800 563 2255 Worldwide 1 709 748 4226 TTY 1 709 748 4884 Fax Worldwide 1 709 748 4320 E mail info stratosglobal com Web Site www stratosglobal com
3. settings for the Stratos MPDS service e To change your password and security setting which will in turn affect the password you use to access the Stratos MPDS service e To get more information on Stratos s MPDS Service e To look for help on the MPDS Firewall settings To logout 4 1 Edit Options The Edit Options function allows you to change your own profile By selecting one of the two options in the menu along the left hand side you can e Edit your Personal Details e Set your Personal Firewall rules 4 1 1 Edit Customer Personal Details The user may edit their personal details by clicking on the Edit Customer Personal Details option The current details will be displayed and the user may edit these Once all edits have been made the user should click the UPDATE button to save the changes In this screen you can alter the following information e First Name e Surname e Email Address e Company Once edited the UPDATE button will commit the changes to the database The CANCEL UPDATE button will restore the original settings 4 1 2 Edit Service Profile Each user has one or more services associated with their login A service defines the type of network access a connection will have and includes the personal firewall settings Click on a service title to view the details of that service The Edit Service Profile allows you to e Configure add and remove Firewall Rules e Change the PPP Parameter settings Configur
4. the same Protocol is not allowed when the IP addresses overlap Table 3 Sample Applications Common Name Protocol Application Port Number Web Browsing TCP HTTP 80 File Transfer with FTP TCP FTP 21 Secure Browsing TCP HTTPS SSL 443 Telnet TCP Telnet 23 Sending E mail TCP SMTP 25 Retrieving E mail 1 TCP POP3 110 Retrieving E mail 11 TCP I MAP4 143 Configuring PPP Parameter Settings On click of CLICK HERE FOR PPP PARAMETERS button the PPP Parameters for the customer can be viewed updated or reset PPP Parameters of the customer displays the values for e Idle Timeout This defines the number of seconds with no network activity before the user s connection is closed If this is set to zero the user will not be timed out e Session Timeout This defined the maximum length in seconds of a connection After this length of time the connection will be closed e Maximum Transmission Unit MTU This defines the maximum size in bytes of the packets of information sent from the user s computer This can effect performance of the connection but unless there is a very good reason it should not be changed from the default Important Note Changing the MTU can have impact on the MPDS performance Updating PPP Parameters The PPP parameters can be updated by modifying the values and clicking the UPDATE button Reset PPP Parameters The PPP parameters can be reset to the default values by clicking the RESET TO DEFAULT VALUES button STR
5. the user terminal not only from the MPDS Firewall Service and log on again If you would deny yourself access to all websites you can still access the MPDS Firewall Service website You don t need to put the DNS Domain Name Server in the rules Some applications such as Microsoft Internet Explorer can incur additional satellite airtime charges by repeatedly sending receiving updates You can install an additional firewall between your Terminal and Laptop to prevent your applications from sending unwanted traffic A firewall doesn t protect you against viruses in emails and web pages An up to date virus scanner is also recommended as well as applying the latest fixes to your web browser and email program To be able to use an IPSec VPN you must either Have only the default rules in place or Put your VPN traffic in UDP NAT traversal and allow this through If you don t know the IP address es of a specific website or server only the domain name for example www Stratos net you can use a Web based nslookup utility Use http www zoneedit com lookup html to find the IP address es Notice that sometimes one name can have multiple IP addresses and that the IP addresses sometimes change A useful tool for calculating the IP network mask bit conversion can be downloaded from http www pkostov de ipcalc html More information on MPDS can be found on www stratosglobal com Stratos Customer Services can be reache
6. AT O S 13 16 w Interlace Welcome Microseft Internet txplerer provided by Kantic Beak e gt OD Favrtes Gedis J O Spe J Adare BY neem sta ear det Frorteardat E Options Changa Passorani Lagout Stentic tuwa Halip a xant c Changa Customer Pintle Banica Pintle tor Armand 1 inpacts PPP Parameters Service OS JAN Edt Customer Perxonal Details Edit Service Profile Figure 8 Default PPP Parameters Screen 4 2 Change Customer Password In the menu on the top of your screen you have the option to change your password The Password field excepts 6 till 15 amount of characters numbers 0 to 9 alphabets a to z and A to Z dot and underscore _ The new password is active after clicking the UPDATE button 4 3 Logout You can select the Logout button in case you want to log out of the MPDS Firewall Service Automatic log out If you have not used the MPDS Firewall Service for more than 20 minutes you will be automatically logged out The following message will appear You have been logged out because your session time has expired 4 4 Stratos News When you click on Stratos News you will be redirected automatically to the Stratos homepage 4 5 Help This Help Page opens a new window and provides an explanation of the different options of the MPDS Firewall Service yy wee 14 16 5 Remarks and recommendations To make a Firewall Rule change effective you need to log off from the network
7. Inmarsat Fleet from Stratos MPDS Firewall Service Version 1 0 ON opr a O BEY OND Tare H O R I Z ON 2N 2 16 This edition of the User Manual has been updated with information available at the date of issue This edition supersedes all earlier versions of this manual This publication has been compiled with the greatest possible care but no rights may be derived from its contents Copyright 2004 Stratos 1 INTRODUCTION 3 2 ADVANTAGES 4 3 ACCESS 5 4 CONFIGURATION 6 4 1 EDIT OPTIONS 6 4 1 1 EDIT CUSTOMER PERSONAL DETAILS 6 4 1 2 EDIT SERVICE PROFILE 6 4 2 CHANGE CUSTOMER PASSWORD 13 4 3 LOGOUT 13 4 4 STRATOS NEWS 13 4 5 HELP 13 5 REMARKS AND RECOMMENDATI ONS 14 6 SAMPLE SETTINGS 15 7 PORT NUMBERS 16 STRATOS a 3 16 1 Introduction This manual describes the web based MPDS Firewall Service The MPDS User is provided with a web interface in order to access your personal firewall profile on the MPDS Service This interface of the MPDS Firewall Service allows you e To update your personal details for example if an email address has changed e To access adjust and maintain your Firewall and PPP Parameter settings for the Stratos MPDS Service e To change your passwords and security setting which will in turn affect the password you use to access the Stratos MPDS service LogIn You can log in using a standard web browser from either a GAN or Fleet terminal equipped with MPDS or from a PC connected to the In
8. d via Customer Care Tel 1 800 563 2255 Toll free in N America Tel 1 709 748 4226 Worldwide Tel 800 1313 1313 Intl Free Phone Tel 33 Toll free when dialed from handset Fax 1 877 748 4320 Toll free in N America Fax 1 709 748 4320 Worldwide E mail support stratosglobal com ee age a S 15 16 6 Sample settings Before applying these settings delete all the existing rules in your profile It is important to enter the suggested rules in the given order e Permit only e mail permit only sending SMTP and retrieving of email POP3 and IMAP4 to and from a mail server Terminal IP Address Terrestrial IP Address 212 165 122 65 TCP 25 Permit Terminal IP Address Terrestrial IP Address 212 165 127 65 TEP 110 Permit Terminal IP Address Terrestrial IP Address 212 165 122 65 TCP 143 Permit e Permit only access to your network and your web site permit unlimited access to your intranet 10 1 0 0 255 255 0 0 and browsing to your company website on 213 244 173 52 and nothing else Terminal IP Address Terrestrial IP Network 10 1 0 0 Any Any Permit Terminal IP Address Terrestrial IP Address 213 244 173 52 TCP 80 Permit 16 16 7 Port numbers In TCP and UDP networks a port is an endpoint to a logical connection and the way a client program specifies a specific server program on a computer in a network Port numbers range from 0 to 65536 but only ports numbers 0 to 1024 are reserved for privileged services a
9. e Chosge Pasrmosi Logan xareio howe Hete tic _ _ Change Cestomes Frode Service Probie tor Armand Levis _ Frowall Raios Bansos 925 TAN Adi s Farmasi Hifa E di Curtewen Preusmal Deteds Edt Serice Prete iii Nw eth a Balad ia i f Pretoed z g Painin E Pevowssien Pormat i B Eo Note If you are adding a rule for the first time you first need to delete the default Rule 2 See Figure 6 The default rule can be deleted by ticking the box of the rule and then clicking Delete Rules Change Rules To change a rule you must first delete the rule and then add a new rule modifying a rule is not possible in this version of the MPDS Firewall Service Remember that the order in which rules are placed is important because the new rule will be added at the bottom In case a newly added rule is in conflict with a rule that is already there it will give the message Rule not added Clashes with the following rule 11 16 Reset Firewall Rules The user s Firewall Rules can be reset to the default rules by clicking the RESET TO DEFAULT RULES button Automatic Checking of the Firewall Rules The MPDS Firewall Service automatically checks the firewall rules as set up by you to verify if the rule can be applied The verification is based on the following logics 1 If the default rule 2 is present then a rule allowing a specific protocol From the Terminal To for e
10. ing Firewall Rules You can access any service profiles associated with you The firewall rules are the main part of the MPDS Firewall Service These rules allow the definition or what traffic can flow into and out of your terminal and allow for a fine degree of control What is a Firewall A firewall is an application to be able to securely connect to the Internet With the MPDS Firewall Service you can easily specify what traffic is allowed between your Terminal and the Internet You can for example e Block all traffic from the Internet to the terminal e Permit only email to and from your terminal and block Web browsing and everything else e Permit only Web browsing to your corporate website from the terminal How to use the Firewall Service Click on Edit Options on the top left hand side of the screen and then Edit Service Profile ie S gt vant LAG Ew Now you can see your default active firewall settings or in common firewall terminology Firewall Rules as shown in the screen er Wteriece Meee bcreeet Lenereet Cepterer provini by ante h i Poeto t Phe s OAI Been yero Da J aa aaa ad bene HE ere kD apey Sears 1 i xantic FW Op tewny Ormar Poras Linege Castrmar Tretia Sertece imien n ANTENE i prts Firewall Postaz Sonace SLE JAN uree Pervwed Do ad i Cw cue Noid pow f o j T Mbk test Temes l T Mette Petre thee we ioa B gine Figure 1 Defau
11. lt Firewall Rules Default Firewall Settings Every terminal is by default protected by the MPDS Firewall Service The default setting is to permit all traffic from your terminal to the Internet and only permit requested traffic back For example you can do Web browsing but someone from the Internet will not be able to ping you send you unsolicited traffic See Figure 2 and Figure 3 Note Because a firewall is based on protection of the user all traffic that is not explicitly permitted via a rule is denied n a 5S AES th fa N 8 16 w Terrestrial Network Default rule 1 From Terrestrial IP address Network To Terminal IP address Network Any protocol Any port number denied not removable IP address range 0 0 0 0 255 255 255 255 w Figure 2 Default Rule 1 aa Internet Terrestrial Network Default rule 2 From Terminal IP address Network To Any Any protocol Any port number permitted removable IP address range 0 0 0 0 255 255 255 255 Figure 3 Default Rule 2 E es 1 9 16 Dd Understanding the Settings The rules in the firewall specify which IP addresses and which upper layer communication protocols are permitted or denied e The FROM field specifies what the source sender of the traffic is e N W BITS specifies the network mask by the number of binary ones in the mask A network mask is used to indicate a range of IP addresses
12. nd designated as well known ports This list of well known port numbers specifies the port used by the server process as its contact port Reference http www webopedia com quick_ref portnumbers asp Port Description Port Description Port Description TCP Port Service Multiplexer F 1 TCPMUX 70 Gopher Services 179 Border Gateway Protocol BGP 5 Remote Job Entry RJE 79 Finger 190 acon FO OO eO 7 ECHO 80 HTTP 194 Internet Relay Chat IRC 18 Message Send Protocol MSP 103 X 400 Standard 197 Directory Location Service DLS 20 FTP Data 108 SNA Gateway Access Server 389 POTE ae Directory Access 21 FTP Control 109 POP2 396 Novell Netware over IP 22 SSH Remote Login Protocol 110 POP3 443 HTTPS 23 Telnet 115 Simple File Transfer Protocol SFTP 444 n Network Peeing rel Oc o 25 rates Mail Pranster Frotoco 118 SQL Services 445 Microsoft DS 29 MSG ICP 119 Newsgroup NNTP 458 Apple QuickTime 37 Time 137 NetBIOS Name Service 546 DHCP Client 42 Host Name Server Nameserv 139 NetBIOS Datagram Service 547 DHCP Server 43 Whois 143 Interim Mail Access Protocol IMAP 563 SNEWS 49 Login Host Protocol Login 150 NetBIOS Session Service 569 MSN 53 Domain Name System DNS 156 SQL Server 1080 Socks 69 Trivial File Transfer Protocol TFTP 161 SNMP About Stratos Stratos is the world s trusted leader for vital communications With more than a century of service Stratos offers the most powerful and extensive portfolio of remote communications solutions
13. s Terrestrial Network Network Address Any Allows any IP Address Network e N W Bits NetWork Bits are required when a Terminal or Terrestrial Network is selected in the From or To field It provides a range of IP addresses the firewall rule can apply to For example 192 168 0 1 16 means allow any IP address between 192 168 0 1 and 192 168 255 255 SS 10 16 n Protocol Select a protocol from the existing list Listed protocols are ICMP UDP TCP GRE ESP IPSEC AH IPSEC SKIP If a Firewall Rule must apply for all protocols Any must be selected Port Number This is a number identifying the port used by the network application Some common ports are See Chapter 7 for more commonly used ports e 021 FTP e 023 Telnet e 025 Sending email SMTP e o 80 HTTP or web traffic e 0110 Retrieving email POP3 e 0443 HTTPS or secure web traffic Permission Delete Rules Ticking the check boxes of the rule and clicking the DELETE RULES button can delete a firewall Rule Choose the permission for the rule Permit Deny After entering all the fields click on the ADD button This adds the requisite customer firewall rule Remember all traffic that is not explicitly permitted via a rule is denied blocked Jurk Customer tetertact Weknme Mecroeatt Internet tupie provuded hy Latit rie Oh view reote Tob fp dete D A F Geek pent Que 3 i J Adem l hetan NID 46 462 21 Aiaren Eda Opran
14. ternet The MPDS Firewall Service is available via the following URL https mpds xantic net Automatic Log Out If you have not used the MPDS Firewall Service for more than 20 minutes you will be automatically logged out The following message will appear You have been logged out because your session time has expired ee age a S 2 Advantages Web based The MPDS Firewall Service is easily accessible via the Web Cost control With MPDS you pay for the amount of traffic you send and receive the MPDS Firewall Service is an excellent way to control cost You can avoid hackers from sending you unwanted traffic and if you are a network administrator make sure that employees only use the terminal to access relevant sites Ease of use You can easily access your personal firewall via a Web browser you don t have to buy and install a firewall yourself Security You can configure your own level of security to block any unwanted traffic to and from your terminal SESE 5 16 3 Access The MPDS Firewall Service is available via the following URL https mpds xantic net Username Password You must login using the same username and password when connecting to the MPDS service ge a J 6 16 4 Configuration The MPDS Firewall Service allows you e To edit your Personal Details for example if an email address has changed e To set your Firewall Rules access adjust and maintain your Firewall and PPP parameter
15. xample Any is NOT allowed To do that delete default rule 2 first New rule permit specific protocol Default rule 2 Permit any Default rule Deny any not visible Protocol rango 2 A rule denying From Terminal To Terrestrial Network IP address for specific Port number is ONLY allowed if there is a similar permit rule with destination To Any An example Permit From Terminal IP address To Any Protocol TCP Port number 80 Deny From Terminal IP address To 212 165 122 65 Protocol TCP Port number 80 or Permit From Terminal IP address To Any Protocol TCP Port number 0 any Deny From Terminal IP address To 212 165 122 65 Protocol TCP Port number 0 See example below Rule To 212 165 122 65 Rule To Any pemit 1 1 1 Default is deny any not visible IP address range Protocols TCP Port 3 A rule denying a specific Port number To Any is not possible 4 Ifa rule already exists permitting Port number 0 any for a certain Protocol then adding a new rule denying or permitting a specific Port number for example 80 for this Protocol is not allowed when the IP addresses overlap See example below aie a S gt gt ay 12 16 Defaut From Any deny Protocol TCP Port 0 Protocol TCP Port 80 IP accross range 5 Ifa rule already exists permitting a specific Port number for example 80 for a certain Protocol then adding a new rule denying or permitting any Port number for
Download Pdf Manuals
Related Search