Using Innominate mguard over BGAN



Similar documents
Using the Nikon D2H WiFi camera over BGAN

Innominate mguard Version 6

SwiftBroadband and IP data connections

Using the PacStar 3500 over BGAN

Innominate mguard Version 7.0 Configuration Examples

Riverbed Steelhead. Configure Hardware Client

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Using Zistos PNSC over BGAN

Network Configuration Settings

Multi-Homing Dual WAN Firewall Router

Using the Omnisec 525 fax encryptor over BGAN

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Using a VPN with Niagara Systems. v0.3 6, July 2013

Chapter 15: Advanced Networks

Best Practices: Pass-Through w/bypass (Bridge Mode)

Installation of the On Site Server (OSS)

Inmarsat TCP Accelerator V2

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Edgewater Routers User Guide

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Funkwerk UTM Release Notes (english)

COMPUTER NETWORK TECHNOLOGY (300)

Appendix C Network Planning for Dual WAN Ports

Using GlobeCast Content Exchange over BGAN

How To Industrial Networking

Best practice for SwiftBroadband

GWA501 package contains: 1 Wireless-G Broadband Gateway 1 Power Adapter 1 Ethernet Cable 1 Manual CD 1 Quick Start Guide 1 Warranty/Registration Card

GWA502 package contains: 1 Wireless-G Broadband Router 1 Power Adapter 1 Ethernet Cable 1 Manual CD 1 Quick Start Guide 1 Warranty/Registration Card

User Manual. Page 2 of 38

Using over FleetBroadband

Gigabit SSL VPN Security Router

Gigabit Multi-Homing VPN Security Router

Cisco Virtual Office Express

Using SMTP over BGAN

Edgewater Routers User Guide

Radio Over IP (RoIP)

Using a Firewall General Configuration Guide

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Chapter 8 Router and Network Management

TW100-BRF114 Firewall Router. User's Guide. Cable/DSL Internet Access. 4-Port Switching Hub

TW100-BRV204 VPN Firewall Router

Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

Protecting the Home Network (Firewall)

Internet and Intranet Calling with Polycom PVX 8.0.1

VPN Configuration Guide. Linksys (Belkin) LRT214 / LRT224 Gigabit VPN Router

V310 Support Note Version 1.0 November, 2011

Broadband Router ALL1294B

Using a VPN with CentraLine AX Systems

Chapter 1 Configuring Basic Connectivity

Guideline for setting up a functional VPN

1 PC to WX64 direction connection with crossover cable or hub/switch

ENHWI-N n Wireless Router

Computer Networking. Definitions. Introduction

MIP 5000 VoIP Radio Console VPN Solution Guide

VPN Configuration Guide DrayTek Vigor / VigorPro

Connecting to the Internet. LAN Hardware Requirements. Computer Requirements. LAN Configuration Requirements

Meraki MX50 Hardware Installation Guide

your Gateway Windows network installationguide b wireless series Router model WBR-100 Configuring Installing

Configuring a BANDIT Product for Virtual Private Networks

Chapter 1 Configuring Internet Connectivity

SOFTWARE LICENSE LIMITED WARRANTY

Key Term Quiz Answers

VPN Configuration Guide. Cisco Small Business (Linksys) RV016 / RV042 / RV082

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

GregSowell.com. Mikrotik Security

LevelOne. User Manual. FBR-1430 VPN Broadband Router, 1W 4L V1.0

DSL-2600U. User Manual V 1.0

Multi-Homing Security Gateway

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

Chapter 7 Troubleshooting

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

Wireless Cable Gateway CG3100Dv3

Chapter 4 Security and Firewall Protection

Wireless Networking for Small Businesses, Branches and Home Offices

Quick Start Guide. RV 120W Wireless-N VPN Firewall. Cisco Small Business

Barracuda Link Balancer Administrator s Guide

Gigabit Multi-Homing VPN Security Router

Chapter 3 LAN Configuration

WATCHGUARD FIREBOX SOHO 6TC AND SOHO 6

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

WAN Traffic Management with PowerLink Pro100

Barracuda Link Balancer

EDGE FX Network configuration

StarMOBILE Network Configuration Guide. A guide to configuring your StarMOBILE system for networking

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Digicom Remote Control for the SRT

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

CompTIA Network+ (Exam N10-005)

Deploying Secure Internet Connectivity

1. Hardware Installation

PC/POLL SYSTEMS Version 7 Polling SPS2000 Cash Register TCP/IP Communications

Load Balancer LB-2. User s Guide

Step-by-Step Configuration

Fortigate Features & Demo

VPNC Interoperability Profile

TL-R460 Cable/DSL Router

Comodo MyDLP Software Version 2.0. Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

F-Secure Internet Gatekeeper Virtual Appliance

Unified Threat Management

Load Balance Router R258V

Transcription:

Using Innominate mguard over BGAN Version 2 6 June 2008 inmarsat.com/bgan Whilst the information has been prepared by Inmarsat in good faith, and all reasonable efforts have been made to ensure its accuracy, Inmarsat makes no warranty or representation as to the accuracy, completeness or fitness for purpose or use of the information. Inmarsat shall not be liable for any loss or damage of any kind, including indirect or consequential loss, arising from use of the information and all warranties and conditions, whether express or implied by statute, common law or otherwise, are hereby excluded to the extent permitted by English law. INMARSAT is a trademark of the International Mobile Satellite Organisation, Inmarsat LOGO is a trademark of Inmarsat (IP) Company Limited. Both trademarks are licensed to Inmarsat Global Limited. Inmarsat Global Limited 2007. All rights reserved.

Contents 1 Overview 1 1.1 Single Stealth mode 1 1.2 Product range 1 2 Typical users 2 3 Key features 2 4 Benefits to BGAN users 2 5 Setting up 2 5.1 Stealth mode operation 3 5.2 Router mode operation 3 5.3 Equipment needed 4 6 Hints and tips 5 7 Technical summary 5 8 Further details and support 6

1 Overview Innominate mguard is a superior and easy to use mobile security solution, offering reliable firewall, VPN functionality and protection against viruses all in a single small device. The mguard technology is based on Innominate s innovative decentralized security concept, which eliminates the drawbacks associated with conventional security concepts in a simple, reliable and costeffective manner. mguard smart is an independent platform about the size of the palm of your hand. It can be installed quickly and effortlessly by anyone, and requires no modifications to the BGAN satellite IP modem, the connected network or the computer configuration. Moreover, it runs independently of the processor technology as well as the operating system of the connected PC, laptop or network. With plug and protect capability, mguard can be installed and operated without requiring specific security know-how. It merely needs to be integrated externally between the computer or any other network system and the network connection provided via the BGAN satellite IP modem. Power can be supplied via the free USB port of the connected computer, so that no separate power-socket is required. The mguard system is universally compatible. Other forms are available, such as the mguard PCI a PCI card for integration into a standard desktop PC if required. 1.1 Single Stealth mode mguard features the unique Innominate Single Stealth Mode. This allows the device to work completely transparently, requiring no IP address of its own. mguard uses the same IP as the computer it is protecting and therefore cannot be recognized by invaders, making it resistant to attack. To use the Single Stealth Mode setting, nothing needs to be reconfigured or modified on the mguard. At the same time, it is possible to customize each individual mguard device, even in Stealth Mode, to special security requirements. 1.2 Product range Innominate offers mguard in several forms, each providing identical functionality. The products are: mguard smart - for mobile users. mguard PCI - for integration into desktop PC or server. mguard delta - for use in SOHO environments. Using Innominate mguard over BGAN Page 1

Single mguard devices can be managed and configured via Web interface. For larger mguard network installations, Innominate offers the IDM Innominate Device Manager, a template based device management system supporting installations of up to several thousand devices. 2 Typical users Remote office workers. Military, government and surveillance personnel. Special interest groups. Anyone transferring confidential information over public networks. Companies that wish to cover satellite based communication with their security policy. 3 Key features mguard is a plug and protect, cost effective security appliance for mobile use. Key features include: VPN router for secure data transmission via satellite links and IP networks (hardware-based DES, 3DES and AES encryption, IPsec protocol). 1:1 NAT in VPN for simple management of VPN connections. Configurable firewall protects the system from unauthorized access from outside. The Innominate Stealth Mode ensures the mguard system is indiscernible for invaders and allows its instant integration in existent network configurations without reconfiguration. QoS (Quality of Service) features guarantee the required bandwidth allocation and support a prioritization of data-traffic. Integrated ClamAV virus protection (optional) supporting the protocols HTTP, SMTP and POP3. 4 Benefits to BGAN users mguard offers you the following main benefits: Mobile and lightweight solution. Power supply via USB interface of connected laptop / PC. Hardware security appliance with high performance (firewall up to 99 mbps, VPN up to 70mbps). Plug and protect - no interference with network topology and protected system. Compatible with IPsec compliant VPN gateways. 5 Setting up This section describes how to set up BGAN and mguard to be used together, and gives an example of an mguard configuration. As stated earlier, mguard can be operated in several ways - stealth mode and router mode are explained here. Using Innominate mguard over BGAN Page 2

5.1 Stealth mode operation The stealth mode is the factory default setting for mguard devices. This mode provides security and VPN capabilities for a single device and is the easiest way to get secure communication setup and running: mguard will operate with the static and dynamic BGAN IP settings, and also with public or private IP addresses Use an Ethernet cable to connect the BGAN terminal s Ethernet port to the Ethernet port of the mguard. Then plug the mguard s own Ethernet connector into the Ethernet port on your computer s network card. In order to automatically configure DNS, the mguard stealth mode needs to receive ping replies from your local system, therefore make sure any installed local firewall allows ping requests/ replies. Connect the mguard s USB connector to a free USB port on your computer and give the device 40 seconds to boot Make sure traffic has been initiated, so mguard can test the network settings and setup automatically for you. Check for the mguard availability by sending a ping to IP 1.1.1.1 or try to access https://1.1.1.1 using your preferred web browser The device will now provide basic security, allowing outgoing traffic and denying any kind of unrequested, incoming traffic For additional firewall, anti virus protection, QoS and VPN configuration, consult the mguard documentation. Stealth mode operation mguard smart protects a single laptop computer connected to the BGAN terminal 5.2 Router mode operation The router mode is the recommended configuration for mguard devices, and provides security and VPN capabilities for a series of devices. This mode is the easiest way to get local network protection setup and running: mguard will operate with static and dynamic BGAN IP settings, also with public or private IP addresses Use an Ethernet cable to connect the BGAN terminal s Ethernet port to the Ethernet port of the mguard. Then plug the mguard s own Ethernet connector into an Ethernet port on your router or switch. Connect the mguard s USB connector to a free USB port and give the device 40 seconds to boot. If the mguard was already configured as a router, connect to the correct IP address. If the mguard is still in a factory default setting, access the mguard s user interface as described in the supplied documentation. Using Innominate mguard over BGAN Page 3

Set up the following initial settings: Enable NAT for the IP range of 0.0.0.0/0 Enable DHCP for the internal interface of the mguard Enable or disable HTTPS access to the mguard from the external interface. (From the internal interface access is allowed by default.) Configure the mguard to automatically receive its external IP via DHCP or set it up manually Set up the internal interface IP address of the mguard Change the network mode to router Write down the new IP address which you can use to access the device Open a shell/dos window, enter arp d and press enter Wait for the mguard to finish it s reboot In order to route traffic for more than one system, a Switch (or Hub) needs to be connected to the mguard s internal interface. Connect all systems you wish to protect to this switch (or hub). The device will now provide basic security, allowing outgoing traffic and denying any kind of unrequested, incoming traffic For additional firewall, anti virus protection, QoS and VPN configuration, consult the mguard documentation Router mode operation mguard smart in combination with an Ethernet switch can protect a network of computers connected to the BGAN terminal. Additional power supply for mguard smart might be required (or USB of one of the connected PCs can be used) 5.3 Equipment needed Minimum requirement: BGAN terminal Protected system (laptop, PC,..) with BGAN software and network adapter installed Unused USB port 2 pieces of twisted or untwisted Ethernet cable One mguard device Using Innominate mguard over BGAN Page 4

6 Hints and tips The following are best practice hints and tips to ensure you get the most from mguard over BGAN: If setting up the mguard for the first time, make sure, your communication works fine without the security device before plugging in the mguard. For the most secure VPN setup, we recommend using X.509 certificates on both sides of the tunnel. Establish the VPN tunnel from the mguard BGAN side and try to use smallest possible keysize by reducing the amount of key parameters to at least the common name while using 512bit keys. When accessing the mguard it might be necessary to disable the proxy settings of your browser. 7 Technical summary The mguard technical feature sets are summarized below mguard 266/VPN mguard 533/VPN Firewall performance 99 mbps VPN performance 35 mbps 70 mbps Anti Virus protection (requires additional licence) Not recommended Yes BGAN addressing requirement Hardware solution Static or dynamic Yes Protocols supported QoS, Bandwidth management Network modes all IPv4 based protocols Yes Stealth, router Using Innominate mguard over BGAN Page 5

8 Further details and support Inmarsat Contact: Customer_care@inmarsat.com Innominate contact details: Innominate Security Technologies AG Albert-Einstein Str. 14 12489 Berlin Germany Email: bgan@innominate.com Tel.: +49 30 63923300 Internet: http://www.innominate.com/content/view/96/144/lang,en/ Using Innominate mguard over BGAN Page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information