FAQ

Frequently

Asked Questions

VIN Performance

Q. What is the minimum processing requirement for each peer on a VIN?

A. 1 core, 1 gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor with 1 gigabyte (GB) RAM (32-bit) or 2 GB RAM (64-bit).

Q. What is the overhead of VIN encryption/compression on network throughput?

A. Initial testing has shown an overhead of 10-12% which is consistent with most other VPN software.

Q. What happens to registered peers on a VIN if there is a Denial of Service attack against the broker or if the broker service fails for some reason (e.g. VSP goes down)?

A. If there is continuous communication between registered peers, this will be maintained while the broker is unavailable. If there is a break in communication of more than a few minutes and the ARP cache expires, then communication between the peers will fail.

Q. What is the maximum number of nodes that can be connected to a VIN?

A. Currently VINs have class C subnet masks, which means a maximum of 254 nodes per VIN. Remember that a VIN forms a broadcast domain, so one would not normally connect so many hosts in one broadcast domain (particularly on a VPN), but it is best practice to break the network down into smaller networks and route between them. This can be done on the VSP by creating multiple VINs and routing between them.

ISO Licensing

Q. What do I need to install the ISO?

A. See Pre-installation Requirements at https://www.iwebgate.com/product/downloads.html

Q. What’s the difference between ISO and TAM?

A. TAM is 'Telstra Apps Marketplace' and provides a VSP in Telstra's Cloud. ISO is an installation image that you can install in a virtual or physical environment of your own.

Proxy LP

Q. How do I add a new proxy?

A. Please refer to the manual https://www.iwebgate.com/product/product-documentation.html

Q. What proxy services are supported?

A. Reverse proxy of HTTP/HTTPS and email.

Q. What browsers are supported?

A. This depends on your web application.

Q. Upgrades?

A. Upgrades to the VSP are automatic.

Q. What firewall ports need to be open?

VSP-side ports that need to be open for Proxy LP

A. Please refer to this question.

Q. Can we reverse proxy a non-HTTP/HTTPS protocol?

A. No.

Q. Can we reverse proxy a WebSocket connection?

A. Not currently, but this feature is in the pipeline.

Q. Does the reverse proxy include a Web Application Firewall?

A. No.

Q. What additional protection does the reverse proxy provide to a Web Application besides masking it’s IP?

A1. The reverse proxy does not protect the website (for example, if the admin password has not been secured, or SQL injection is allowed – the reverse proxy cannot mitigate these issues), but it does protect the web server. For example, if the web server has a buffer overflow vulnerability, the reverse proxy will insulate it from attacks that are designed to take advantage of this.

A2. The HSTS header is set to prevent such things as SSL-stripping man-in-the-middle attacks. HSTS can also help to prevent having one's cookie-based website login credentials stolen.

A3. Protection against SSL vulnerabilities (Heartbleed, POODLE, etc).

A4. The X-Frame-Options header is set to protect against the Clickjacking attack.

A5. The X-XSS-Protection header is set to mitigate Cross Site Scripting attacks.

A6. The VSP is penetration tested.

Q. Is the reverse proxy able to proxy to any port besides 443?

A. Not currently, but this feature is in the pipeline.

Q. Is the reverse proxy able to proxy multiple ports using the same external hostname?

A. Not currently, but this feature is in the pipeline.

Q. Is the reverse proxy able to support multiple domains and multiple certificates?

A. Not currently, but this feature is in the pipeline.

VPN LP / VIN

Q. How do I add new VPN LP?

A. Please refer to the manual at https://www.iwebgate.com/product/downloads.html

Q. What firewall ports need to be open?

A. Please refer to this question.

Q. Upgrades?

A. The VIN Manager will automatically check for updates and prompt you to download and install any new updates.

Desktop LP

Q. What firewall ports need to be open?

A. Please refer to this question.

General

Q. How do I sign up to be a Channel Partner?

A. Call 1800-IWEBGATE (1800-493-242) option 1.

Q. What firewall ports need to be open?

Ports that need to be opened for various services on the VSP

Service TCP ingress TCP egress UDP ingress UDP egress
Administration and maintenance 80, 443 25, 80, 443 - 123
Reverse Proxy 80, 443, or any other port configured for HTTP/HTTPS access. 80, 443, or any other port configured for HTTP/HTTPS access. - -
Email Proxy 25, 110, 143, 587, 993, 995 25 - -
VIN 443 443 7718, 7719 7718, 7719
Desktop LP 80, 443, 7717 443 - -

Client-side ports that need to be open from client to VSP

Service TCP egress UDP egress
Administration and maintenance 80, 443 -
Reverse Proxy 80, 443, or any other port configured for HTTP/HTTPS access. -
Email Proxy 110, 143, 587, 993, 995 -
VIN 443 7718, 7719
Desktop LP 80, 443, 7717 -

Q. How do I order licenses?

A. Call your Channel Partner. If you do not have a Channel Partner, contact us at https://www.iwebgate.com/about-us/contact.html and we will organise for a Channel Partner to contact you.

Q. How do I change the number of licenses?

A. Contact your Channel Partner. If you do not have a Channel Partner, contact us at https://www.iwebgate.com/about-us/contact.html and we will organise for a Channel Partner to contact you.

Q. How to integrate into existing infrastructure?

A. Talk to your Channel Partner to discuss the options. See https://www.iwebgate.com/product/product-brochures.html for more information.

Q. What are the Minimum System Requirements?

A. See Supported Platforms & System Requirements at https://www.iwebgate.com/product/downloads.html

Q. Who do I contact for Support?

A. Call your Channel Partner.

Q. Can I try before I buy?

A. Sure... be our guest! Contact your Channel Partner. If you do not have a Channel Partner, contact us at https://www.iwebgate.com/about-us/contact.html and we will organise for a Channel Partner to contact you.

Q. How do I install the apps?

A. Please refer to the guides at https://www.iwebgate.com/product/product-documentation.html

Q. How do I add a new user?

A. Please refer to the guides at https://www.iwebgate.com/product/product-documentation.html

Q. How do I add a new host?

A. Please refer to the guides at https://www.iwebgate.com/product/product-documentation.html

Q. Any other questions...

A. Contact your Channel Partner. If you do not have a Channel Partner, contact us at https://www.iwebgate.com/about-us/contact.html and we will organise for a Channel Partner to contact you.