Professional Documents
Culture Documents
Netgear Firewall For Amos Connect Only - SettingsUp PDF
Netgear Firewall For Amos Connect Only - SettingsUp PDF
Table of Contents:
Purpose 2-2
Background 2-2
Purpose:
To restrict Internet access on a Fleet Broadband terminal to only pass AmosConnect traffic and allow Launchpad control.
Background:
A firewall is a dedicated appliance, or software running on another computer, which inspects network traffic passing
through it, and denies or permits passage based on a set of rules. This document outlines how to set up and configure a
Netgear FVS318 physical Firewall for use on the remote side of a BGAN, FleetBroadband, or SwiftBroadband connection.
Please refer to the Stratos Trench ™ Fact Sheet for information on our customer managed firewall tool that sits on the
local side, between the Internet and the BGAN network.
Physical Installation:
1. Connect the cables between the Firewall, PC, and Satellite terminal
a. Turn off the PC
b. Turn off the Satellite terminal
c. Locate the Ethernet cable (Cable 1) that connects the PC to the Satellite terminal
f. Using the included blue Ethernet cable, securely connect the PC to one of the 8 LOCAL ports on the Firewall
TEST: The test light blinks when the Firewall is first turned on, it should then go off during normal operation. If it remains lit
longer than two minutes, consult documentation included with the Firewall.
INTERNET: The Internet LINK light should be lit, if not, check connection between Firewall and Satellite terminal and that
the Satellite terminal is powered on.
LOCAL: A LOCAL light should be lit corresponding to the LOCAL port the PC is connected to, if not, check connection
between Firewall and PC and that the PC is powered on.
Manual Configuration:
1. First setup the network as outlined above. Once Satellite terminal, Firewall, and PC have powered on and status lights
on Firewall have been verified, continue.
3. Click the Quit button when asked to start the Smart Wizard
7. Click Apply at the bottom of the page, click OK to the warning message, the router will reboot, wait one minute
8. Close your browser, unplug the Ethernet cable between PC and Firewall, wait one minute, then reconnect it
9. Open a browser once again to http://www.routerlogin.net and again click QUIT when asked to start the Smart Wizard
10. Browse to Basic Settings menu item under the Setup heading and select the options Use Static IP Address and
Use These DNS Servers
12. Click Apply at the bottom of the page, click OK to the warning message, the router will reboot, wait one minute
13. Browse to Router Status menu item under the Maintenance heading to confirm IP configuration has been set
correctly.
14. Browse to the Services menu item under the Security heading
16. Add a new service definition called Launchpad on TCP using start port: 5454 and finish port: 5454 [only for T&T, if
using JRC use port 1829 for start and finish ports] then click Apply
17. Repeat steps 15-16 again but for service definition of AmosConnect on TCP using start port: 1526 and finish port:
1526
18. Repeat steps 15-16 again but for service definition of WebInt on TCP using start port: 80 and finish port: 80
19. Repeat steps 15-16 again but for service definition of ALL on TCP/UDP using start port: 1 and finish port: 65535
20. Browse to the Rules menu item under the Security heading
22. Select AmosConnect(TCP:1526) for Service, ALLOW always, ALSO set WAN users to Address Range and set it to
the IP of the Amos Connect Hub(start: 212.165.122.33 and stop: 212.165.122.34) and click Apply
23. Repeat steps 20-21 for Service Launchpad(TCP:5454) [Launchpad(TCP:1829) if JRC] and Action ALLOW always,
ALSO set WAN users to Single address and set it to the IP of the satellite terminal (192.168.0.1 if T&T, 192.168.128.100 if
JRC
24. Repeat steps 20-21 for Service WebInt(TCP:80) and Action ALLOW always, ALSO set WAN users to Single address
and set it to the IP of the satellite terminal (192.168.0.1 if T&T, 192.168.128.100 if JRC)
25. Repeat steps 20-21 for Service ICMP and Action BLOCK always
26. Repeat steps 20-21 for Service ALL(TCP/UDP:1..65535) and Action BLOCK
Always
27. IMPORTANT! Verify the ALL rule is the last rule in the list (besides the default rule) otherwise ALL traffic will be
blocked regardless of any rules following it in the list, if it is not the last rule, use the move option to make it the last rule
28. It is also recommended to change the default password of the firewall device to prevent unwanted configuration, you
may do so using the Set Password menu item under the Maintenance heading
28. On all PCs behind the firewall, the following change has to be made.
Go to Start Menu -> Run and type (without quotes):
On Windows 2000/XP/Vista,
“notepad %SystemRoot%\system32\drivers\etc\HOSTS”
On Windows 98/ME,
“notepad %WinDir%\HOSTS”
29. A notepad window should open, add the below two lines to the bottom of the file as follows
212.165.122.33 tcp1.amosconnect.com
212.165.122.34 tcp2.amosconnect.com
30. Go to File -> Save and then close Notepad and restart the PC
31. Configuration is now complete and you should be able to access Launchpad and AmosConnect (web browsing is not
enabled). To add access to other applications, follow steps 13-23 for the desired service using the port(s) designated for
that service. If you wish to change settings in the future, use the following link http://192.168.8.1/basicsetting.htm
1. Browse to the Maintenance menu item under the Settings Backup heading, click on Browse to locate the
configuration file< JRC_Netgear_Amos_Only.cfg> or < Sailor_Netgear_Amos_Only.cfg> which should be sent together
with this procedure as an attachment(save this file to PC which you remember where to find it for the above action):
If you loaded the < Sailor_Netgear_Amos_Only.cfg> configuration file for your TT Sailor 250/500 you should see the below
screens under Setup -> Basic Settings, Security -> Rules and Security -> Services as shown below:
Application Notes Page 18(21)
Solutions -
Revision Date: Revision: Prepared by:
2010-04-19 A Sheldon Parsons
After the above has been verified then your Netgear Firewall should be properly configured for only Amos Connect traffic.
The two ICMP allowed rules are in place to allow pinging to those addresses for troubleshooting purposes should the need
arise.