Gi Firewall for mobile subscribers

• Previous message (by thread): Gi Firewall for mobile subscribers
• Next message (by thread): Gi Firewall for mobile subscribers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Mark Milhollan
> On Thu, 11 Apr 2019, Tore Anderson wrote:
> 
>> We've been wanting to replace our all of our ad-hoc OOB links with a
>> standardised setup based on LTE connectivity to an embedded
>> login/console server at each PoP. IPv6 would be perfect due to no
>> CGNAT and infinitesimal levels of background scanning.
>>
>> Unfortunately Telenor has decided to deploy a central firewall that
>> drops all inbound connections, making their service totally unusable
>> for our use case. I guess they don't want our money.
> 
> Sounds like the console server will need to "phone home".  That a workaround might be possible doesn't make a firewall which the user cannot control to some degree less annoying.  Though it might be that Telenor just needs to be notified/reminded that power users and business customers exist.

Phoning home is not an option here, as the whole point is to have an OOB backdoor that works even if «home» is totally FUBAR.

For that reason it needs to be completely independent of the production network. Standard Internet connections are perfect, IFF they are bi-directional.

Tore

• Previous message (by thread): Gi Firewall for mobile subscribers
• Next message (by thread): Gi Firewall for mobile subscribers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]