Dualog Protect stops most malware, ransomware, trojan, and phishing attempts, ultimately blocking unsafe or suspicious internet resources before any harm is done by monitoring all activity at the DNS-level. The service is easy to set up and configure to your requirements for what types of content you wish to block. This article will get you started with Protect on your fleet.
You will need a couple of things in place before you get started with the installation of Dualog Protect.
- You will need a valid account on apps.dualog.com
- Make sure all necessary IP and ports are whitelisted on your firewall(s)
- You have created at least one Dualog Protect policy to assign to your ships
- Download the latest installation file from https://apps.dualog.com/installations
- Disable any existing DNS service on the PC where Dualog Protect will be installed. Typical examples
- Any external DNS relay/forwarder
- If you are running Network Control, go to Remote Config > choose the ship > Network Control. Make sure to untick the options “DNS Relay” and “DNS cache” and save.
Dualog Protect can be installed on any client PC on board, as long as the system requirements are met. If you are running Active Directory on your ship, Dualog Protect cannot be installed on the Domain Controller as it would create a DNS loop.
Typically, you want to install Dualog Protect on a PC or server that is reachable from all onboard subnets that you wish to protect. If you are running Dualog Network Control, that PC is a good candidate to install Protect. If unsure about where to install, get in touch with us. We will be happy to help.
The standard installation process is described here. Follow the procedure and, once completed, continue with the steps below to complete the deployment of Dualog Protect.
ASSIGN THE DUALOG PROTECT POLICY
You can now proceed to assign the ship to your Protect policy. Go to the Protect "Configuration" tab. Now click on “Assign” and make sure your ship is ticked for this policy.
Dualog Protect is now active and ready to handle the DNS requests on board.
- ON THE DUALOG PROTECT PC
Make sure your WAN network adapter uses 127.0.0.1 as primary DNS.
- ON ALL THE CLIENT PCs
Any client PC you wish to protect will need to have the Dualog Protect PC's IP address as their primary DNS server.
You can now go ahead and test Dualog Protect.