Scribd Logo
Upload

Welcome to Scribd!

  • Netgear Firewall For Amos Connect Only - SettingsUp PDF

    Uploaded by

    krupa kumar
    40 views21 pages
    Netgear Firewall for Amos Connect Only_ SettingsUp.pdf

    Original Title

    Netgear Firewall for Amos Connect Only_ SettingsUp.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Netgear Firewall for Amos Connect Only_ SettingsUp.pdf

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    40 views21 pages

    Netgear Firewall For Amos Connect Only - SettingsUp PDF

    Uploaded by

    krupa kumar
    Netgear Firewall for Amos Connect Only_ SettingsUp.pdf

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 21

    Solutions -

    Revision Date: Revision: Prepared by:


    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    Table of Contents:

    Purpose 2-2

    Background 2-2

    Physical Installation 2-4

    Manual Configuration 5-14

    Client DNS Configuration 15-15

    Uploading a Configuration File 16-16

    Verifying a Configuration File 17-21

    Application Notes Page 1(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    Purpose:
    To restrict Internet access on a Fleet Broadband terminal to only pass AmosConnect traffic and allow Launchpad control.

    Background:

    A firewall is a dedicated appliance, or software running on another computer, which inspects network traffic passing
    through it, and denies or permits passage based on a set of rules. This document outlines how to set up and configure a
    Netgear FVS318 physical Firewall for use on the remote side of a BGAN, FleetBroadband, or SwiftBroadband connection.

    Please refer to the Stratos Trench ™ Fact Sheet for information on our customer managed firewall tool that sits on the
    local side, between the Internet and the BGAN network.

    Physical Installation:

    1. Connect the cables between the Firewall, PC, and Satellite terminal
    a. Turn off the PC
    b. Turn off the Satellite terminal
    c. Locate the Ethernet cable (Cable 1) that connects the PC to the Satellite terminal

    Application Notes Page 2(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    d. Disconnect the Ethernet cable (Cable 1) at the PC end only


    e. Connect the Ethernet cable (Cable 1) to the Internet port located on the Firewall

    f. Using the included blue Ethernet cable, securely connect the PC to one of the 8 LOCAL ports on the Firewall

    2. Restart your network in the correct sequence


    a. First, turn on the Satellite terminal and wait two minutes
    b. Plug in the power cord to the Firewall and wait one minute
    c. Lastly, turn on the PC
    d. Check the status lights on the Firewall

    Application Notes Page 3(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    PWR: The power light should be a solid green.

    TEST: The test light blinks when the Firewall is first turned on, it should then go off during normal operation. If it remains lit
    longer than two minutes, consult documentation included with the Firewall.

    INTERNET: The Internet LINK light should be lit, if not, check connection between Firewall and Satellite terminal and that
    the Satellite terminal is powered on.

    LOCAL: A LOCAL light should be lit corresponding to the LOCAL port the PC is connected to, if not, check connection
    between Firewall and PC and that the PC is powered on.

    Application Notes Page 4(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    Manual Configuration:
    1. First setup the network as outlined above. Once Satellite terminal, Firewall, and PC have powered on and status lights
    on Firewall have been verified, continue.

    2. Once connected, browse to http://www.routerlogin.net or http://192.168.8.1


    a. If prompted with a login, use Username: admin / Password: password

    3. Click the Quit button when asked to start the Smart Wizard

    Application Notes Page 5(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only


    4. Browse to the LAN setup menu item under the Advanced heading

    5. Change the LAN TCP/IP Setup IP setting from 192.168.0.1 to 192.168.8.1

    Application Notes Page 6(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only


    6. Change the MTU Size to Custom and enter a value of 1360

    Application Notes Page 7(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    7. Click Apply at the bottom of the page, click OK to the warning message, the router will reboot, wait one minute

    8. Close your browser, unplug the Ethernet cable between PC and Firewall, wait one minute, then reconnect it

    9. Open a browser once again to http://www.routerlogin.net and again click QUIT when asked to start the Smart Wizard

    Application Notes Page 8(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    10. Browse to Basic Settings menu item under the Setup heading and select the options Use Static IP Address and
    Use These DNS Servers

    Application Notes Page 9(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only


    11. Change the fields as follows:
    a. IP Address 192.168.0.10 (for JRC use 192.168.128.110)
    b. IP Subnet Mask 255.255.255.0
    c. Gateway IP Address 192.168.0.1 (for JRC use 192.168.128.100)
    d. Primary DNS 127.0.0.1
    e. Secondary DNS Leave Blank

    12. Click Apply at the bottom of the page, click OK to the warning message, the router will reboot, wait one minute

    Application Notes Page 10(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    13. Browse to Router Status menu item under the Maintenance heading to confirm IP configuration has been set
    correctly.

    14. Browse to the Services menu item under the Security heading

    Application Notes Page 11(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only


    15. Click Add Custom Service button

    16. Add a new service definition called Launchpad on TCP using start port: 5454 and finish port: 5454 [only for T&T, if
    using JRC use port 1829 for start and finish ports] then click Apply

    17. Repeat steps 15-16 again but for service definition of AmosConnect on TCP using start port: 1526 and finish port:
    1526

    18. Repeat steps 15-16 again but for service definition of WebInt on TCP using start port: 80 and finish port: 80

    19. Repeat steps 15-16 again but for service definition of ALL on TCP/UDP using start port: 1 and finish port: 65535

    Application Notes Page 12(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    20. Browse to the Rules menu item under the Security heading

    21. Under Outbound Services, click the Add button

    22. Select AmosConnect(TCP:1526) for Service, ALLOW always, ALSO set WAN users to Address Range and set it to
    the IP of the Amos Connect Hub(start: 212.165.122.33 and stop: 212.165.122.34) and click Apply

    23. Repeat steps 20-21 for Service Launchpad(TCP:5454) [Launchpad(TCP:1829) if JRC] and Action ALLOW always,
    ALSO set WAN users to Single address and set it to the IP of the satellite terminal (192.168.0.1 if T&T, 192.168.128.100 if
    JRC

    24. Repeat steps 20-21 for Service WebInt(TCP:80) and Action ALLOW always, ALSO set WAN users to Single address
    and set it to the IP of the satellite terminal (192.168.0.1 if T&T, 192.168.128.100 if JRC)

    25. Repeat steps 20-21 for Service ICMP and Action BLOCK always

    Application Notes Page 13(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    26. Repeat steps 20-21 for Service ALL(TCP/UDP:1..65535) and Action BLOCK
    Always

    27. IMPORTANT! Verify the ALL rule is the last rule in the list (besides the default rule) otherwise ALL traffic will be
    blocked regardless of any rules following it in the list, if it is not the last rule, use the move option to make it the last rule

    28. It is also recommended to change the default password of the firewall device to prevent unwanted configuration, you
    may do so using the Set Password menu item under the Maintenance heading

    Application Notes Page 14(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    Client DNS Configuration

    28. On all PCs behind the firewall, the following change has to be made.
    Go to Start Menu -> Run and type (without quotes):

    On Windows 2000/XP/Vista,

    “notepad %SystemRoot%\system32\drivers\etc\HOSTS”

    On Windows 98/ME,

    “notepad %WinDir%\HOSTS”

    29. A notepad window should open, add the below two lines to the bottom of the file as follows

    212.165.122.33 tcp1.amosconnect.com
    212.165.122.34 tcp2.amosconnect.com

    30. Go to File -> Save and then close Notepad and restart the PC

    31. Configuration is now complete and you should be able to access Launchpad and AmosConnect (web browsing is not
    enabled). To add access to other applications, follow steps 13-23 for the desired service using the port(s) designated for
    that service. If you wish to change settings in the future, use the following link http://192.168.8.1/basicsetting.htm

    Application Notes Page 15(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    Uploading a Configuration File

    1. Browse to the Maintenance menu item under the Settings Backup heading, click on Browse to locate the
    configuration file< JRC_Netgear_Amos_Only.cfg> or < Sailor_Netgear_Amos_Only.cfg> which should be sent together
    with this procedure as an attachment(save this file to PC which you remember where to find it for the above action):

    2. After locating the < JRC_Netgear_Amos_Only.cfg> or < Sailor_Netgear_Amos_Only.cfg> , click Restore.

    3. Now the firewall should restart and come back up in a minute.

    Application Notes Page 16(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    Verifying the Configuration File:


    If you loaded the < JRC_Netgear_Amos_Only.cfg> configuration file for your JRC 250/500 you should see the below
    screens under Setup -> Basic Settings, Security -> Rules and Security -> Services as shown below:

    Application Notes Page 17(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    If you loaded the < Sailor_Netgear_Amos_Only.cfg> configuration file for your TT Sailor 250/500 you should see the below
    screens under Setup -> Basic Settings, Security -> Rules and Security -> Services as shown below:
    Application Notes Page 18(21)
    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    Application Notes Page 19(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    Application Notes Page 20(21)


    Solutions -
    Revision Date: Revision: Prepared by:
    2010-04-19 A Sheldon Parsons

    Setting Up Netgear for Amos Connect Only

    After the above has been verified then your Netgear Firewall should be properly configured for only Amos Connect traffic.

    The two ICMP allowed rules are in place to allow pinging to those addresses for troubleshooting purposes should the need
    arise.

    Application Notes Page 21(21)

    You might also like