Help restricting all Apps but one

I have MAX BR1 MK2 device. We are planing an offshore passage and I would like to Iridium Pilot for our internet access. Iridium Pilot internet is super expensive so I would like to restrict all access only to one device and only one-two apps on this device.

I am planning to change my SSID password so only one iPad can access it and also disable the “Health Check” on the WAN.

Question: What is the easiest way to enable internet access to only one or two iPad Apps and disable all other for accessing the internet?

Which apps?

Normally we need to unpick what online services the app needs to work then only allow access to that. It’s either really easy or painfully difficult.

1 Like

Hello @Sailor007,
On your firewall access rules you create 2 rules, 1st for the device that you wish to permit, and 2nd a rule that denies access to everything else.

In your 1st rule you can also already limit access per protocol, which will reduce your traffic somewhat.

and then as @MartinLangmaid mentions, you can set your content blocking as your next step, depending on what you want to do can be easy or laborious…

1 Like

Thank you @MartinLangmaid. The two apps are PredictWind and Skype.

Thank you @tgorter! I new to all of this but I will search for any examples of how to set up rules and hope it is straightforward. After I set the rules and attempt the content blocking.
Is there any easy way to see what is getting through and whatnot, is that where I need to learn how to use Wireshark type of tool?

In the local web interface of the unit under advanced tab you will then on the left see the firewall menu.
Take a look at the ? help section in each part if you have a doubt, the interface is fairly well set up to help you. And you are able to set rules both on the outbound and inbound.
The first way would be just to try connecting and see what each setting does (can you tablet connect but your computer not etc…)
Wireshark is a complicated tool if you are unfamiliar, as it will show you a lot of traffic which if you are unfamiliar with protocols is difficult to understand. Also you have to understand that wireshark only sees what is present on the port where wireshark is connected. i.e. if you are connected with wireshark on your laptop on your local LAN, it will not know or see what is happening on the WAN!
Instead go to the “Status” Tab on your pepwave web interface and look at active sessions and you will get a very good overview of what traffic is flowing and from which device.
Note if you have InControl2 active you may wish to disconnect this whilst on the Inmarsat as it will also create traffic!

1 Like

I believe MAX BR1 MK2 dont have DPI so you will have to do it the hard way. There is always multiple way of achieving something. But I think the easiest way to block all traffic from any other device and just allow traffic just from those two apps on the Ipads will be something like this:

  1. Find out common used ports for both apps.
  2. Network > Firewall > Access Rules > Outbound and Inbound Firewall Rules > Change Default rule to Deny.
  3. Add new outbound rule and change source with MAC Address of the iPad or Single IP address if you created reservations. Specify the port or ports for each App. For the Inbound same as outbound but changing the destination and not the source. If you don’t know the ports at least you can deny traffic to every other device except the iPads.

Hope this helps

1 Like