onship, The Maritime Superapp is an app that enables a suite of real-time, intelligent, optimised audio/video communication solutions between your vessel and shore.
This document provides network firewall set-up guidelines for your organisation's Vessel IT Administration and Service Management teams. Configuration of the vessel network firewall is a standard procedure often familiar to your Vessel IT administrators. This process is expected to take 15-30 minutes to carry out as a one-time exercise.
The objective of the network firewall set-up is to enable private & secure access to FrontM apps via your vessel’s Master’s PC, Corporate Computer or smartphone connected to the Vessel's Corporate Network. and also if required, for your Crew via existing BYOD smartphones connected to the Vessels Crew WiFi Network
The network firewall configuration must be applied to the required shore and ship networks.
There are 3 simple steps to follow.
Configuration
onship, The Maritime Superapp app uses FrontM platform technology specially architected for satellite optimisation and for establishing a private & secured channel for maritime ship-shore communication. Unlike standard distributed cloud architectures that use dynamic IP addresses, the FrontM platform uses a fixed FQDN list, IP address list and ports, making it easy for vessel firewalls to be configured. It is essential to open these FQDNs or IP addresses on the network as follows.
Option 1: FQDN with wildcard for TCP/UDP ports
Where it is possible to white-list Fully Qualified Domain Names (FQDN), the below domains need to be allowed:
FQDN | Protocol |
*.frontm.ai | TCP (ports: 443) UDP (ports: 443, 10000) |
onship.app | TCP (ports: 443) |
Option 2: FQDN without wildcards for TCP/UDP ports
If your system is not compatible with the first option of listing FQDNs with wildcards, please include the breakdown of subdomains instead as follows:
FQDN | Protocol |
frontm.ai gw.frontm.ai |
TCP (ports: 443) |
telemed.frontm.ai, onship.app |
TCP (ports: 443, 5349), UDP (ports: 443, 3478, 10000) |
onship.app | TCP (ports: 443) |
pstn-prod.frontm.ai | TCP (ports: 5060, 7089, 8089), UDP (ports: 5060, from 6000 to 20000) |
turn.frontm.ai | TCP (ports: 443, 3478, 5349), UDP (ports: 3478) |
Option 3: IP Addresses for TCP/UDP ports
If your system is not compatible with the above first or second options of listing FQDNs, please list the below IP addresses and ports instead
FrontM IP Addresses | Protocol |
44.208.62.62 52.4.4.61 54.235.123.27 |
TCP (ports: 443) |
35.169.158.147 | TCP (ports: 443) |
35.169.158.147 | UDP (ports: 443, 10000) |
34.194.175.207 | TCP (ports: 443) |
34.194.175.207 | UDP (ports: 443, 10000) |
3.225.201.214 | TCP (ports: 5060, 7089, 8089) |
3.225.201.214 | UDP (ports: 5060, from 6000 to 20000) |
54.144.222.172 | TCP 443, 5349 |
54.144.222.172 | UDP 3478, 10000 |
34.231.233.168 | TCP (ports: 443, 3478, 5349) |
34.231.233.168 | UDP (ports: 3478) |
Additionally, the following IPs and ports need to be opened for INCOMING traffic and push notifications to mobiles as provided by Apple & Google:
Apple IP Addresses | Protocol |
17.249.0.0/16 17.252.0.0/16 17.57.144.0/22 17.188.128.0/18 17.188.20.0/23 |
TCP (ports: 5223, 443, 2197) |
Source: https://support.apple.com/en-gb/102266
Google IP Addresses | Protocol |
All IP Addresses (Google changes IP Addresses very often) |
TCP (ports: 5228, 5229, 5230, 443) |
Source: https://support.google.com/work/android/answer/10513641?hl=en
Additionally, enable Third-Party Cookies
Do your Masters PCs Corporate Computers, or Crew smartphones restrict third-party cookies by default? If yes, please enable this setting. Note that FrontM does not incorporate third-party trackers for privacy reasons.
Additionally, allow Digital Certificates
If your IT policies block individual certificates, please allow Sectigo and Godaddy certificates to ensure secure interactions on your Master PCs, Corporate Computers and Crew smartphones: GoDaddy.com, Inc, Sectigo Limited, The USERTRUST Network and Comodo CA Limited.
Verification
Once the Configuration is complete, it is vital to verify the Master’s PC and/or Corporate Computers or Crew smartphones have full access. We have devised a simple Access Verification Tool at https://onship.app/status accessible via Google Chrome browser to make verification easy using Remote Desktop tools or physically at the computer by the user onboard the vessel. Once done, please use this quick checklist to document that verification is complete.
Sl | Verification | Capture of the verification results |
1 | Service Access check | We have implemented ______________________ |
2 | Cookies & Certification check | We confirm this is Open by default |
3 | Verification | We have ensured Access Verification Tool shows full success |
Confirmation
Thank you for following the above guidelines to ensure a thorough setup of your network firewall. This completes the provisioning of the FrontM platform apps for your vessels.
We would appreciate a confirmation of your successful setup or a request for assistance, should you have any problems implementing the above configurations please write to us at support@frontm.com
Comments
0 comments
Please sign in to leave a comment.