Restrict mobile data to one endpoint

K

krusty_

Member
Joined
Oct 31, 2005
Messages
18
Hi All.

I have no idea if I need an APN or something else. Perhaps you gurus can help.

My requirement is for (currently) 48 SIM cards with more to come in future. The problem is that I need to create some sort of restriction that prevents these cards from accessing any web address except for a whitelist of a couple of sites. I need to ensure that the users who have the devices can only use them for their intended purpose and nothing else in order to limit our exposure to unwanted data charges.

Do I need my own APN or is there some other way to do this?

Advice and comments much appreciated.

Chris.
 
Alton Turner Blackwood

Alton Turner Blackwood

Honorary Master
Joined
Apr 30, 2010
Messages
27,483
Well even if you were to buy an APN, users would just change it back to "Internet" if they we tech savvy enough

edit: sorry, point that I wanted to make was that it would be quite a challenge to get something like what you're trying to achieve right.
 
Last edited:
K

krusty_

Member
Joined
Oct 31, 2005
Messages
18
Thanks! I was under the impression that a SIM could be restricted to a particular APN only.

This is going to be an interesting challenge then...

I guess a consult with MTN Business is needed.
 
I

irBosOtter

Expert Member
Joined
Feb 14, 2014
Messages
2,872
YingYang said:
Well even if you were to buy an APN, users would just change it back to "Internet" if they we tech savvy enough

edit: sorry, point that I wanted to make was that it would be quite a challenge to get something like what you're trying to achieve right.
Click to expand...


Not entirely true, you can set each sim up in the management portal (well, vodacom works that way) to only work on a certain APN, changing it to "internet" makes them useless if you set it to work with your APN only.

We have a private APN, and a 10Mb fibre link into our network. That traffic passes through a firewall (in Transparent mode) to our internal network, so I can block traffic to internal servers or to the internet on that one, but it's just allowing everything currently. All internet traffic passes out over another firewall where there's more strict rules, no file downloads, and only certain sites are allowed. We have 80 sims and a 50Gb data limit before we start paying per Mb, users have yet to use more than 30Gb of that per month. Going the private APN route cut costs down to almost half seeing most people used their sims for internet non work related browsing, now they can only do actual work with them.


Edit: I see I am blocking traffic to internal SCCM server for windows updates on the firewall in transparent mode
 
K

krusty_

Member
Joined
Oct 31, 2005
Messages
18
irBosOtter said:
Not entirely true, you can set each sim up in the management portal (well, vodacom works that way) to only work on a certain APN, changing it to "internet" makes them useless if you set it to work with your APN only.

We have a private APN, and a 10Mb fibre link into our network. That traffic passes through a firewall (in Transparent mode) to our internal network, so I can block traffic to internal servers or to the internet on that one, but it's just allowing everything currently. All internet traffic passes out over another firewall where there's more strict rules, no file downloads, and only certain sites are allowed. We have 80 sims and a 50Gb data limit before we start paying per Mb, users have yet to use more than 30Gb of that per month. Going the private APN route cut costs down to almost half seeing most people used their sims for internet non work related browsing, now they can only do actual work with them.
Click to expand...

Thanks for the feedback, that's good info!!

Unfortunately I know very little about what can and can't be done here. For example, I need the users to connect to a public website so can I get a private APN without a connection between my office and the telco?

I need my users to be able to access an API on one specific cloud site only. Since my users are not at all under my control, but the client needs me to supply hardware, software and connectivity, I need to be able to restrict the SIMs to keep usage costs down AND to make sure the SIM is worthless if stolen.

I imagine I'm not the first to have this requirement, it must be a solved problem.

This is all pretty time sensitive so I'm trying to educate myself as much as possible while setting up a meeting with the telcos.

Appreciate your comments though, thanks.
 
I

irBosOtter

Expert Member
Joined
Feb 14, 2014
Messages
2,872
krusty_ said:
Thanks for the feedback, that's good info!!

Unfortunately I know very little about what can and can't be done here. For example, I need the users to connect to a public website so can I get a private APN without a connection between my office and the telco?

I need my users to be able to access an API on one specific cloud site only. Since my users are not at all under my control, but the client needs me to supply hardware, software and connectivity, I need to be able to restrict the SIMs to keep usage costs down AND to make sure the SIM is worthless if stolen.

I imagine I'm not the first to have this requirement, it must be a solved problem.

This is all pretty time sensitive so I'm trying to educate myself as much as possible while setting up a meeting with the telcos.

Appreciate your comments though, thanks.
Click to expand...

Best would be to ask them (MTN or Vodacom), but seeing that they can provide internet access on private APN's as well it should be possible. Usually a private APN would break out into your internal LAN or datacenter, but I suspect they can create one without a breakout to your LAN and allow traffic to certain websites only.
 
You must log in or register to reply here.
Top