Dualog® Protect stops most malware, ransomware, trojan, and phishing attempts, ultimately blocking unsafe or suspicious internet resources before any harm is done by monitoring all activity at the DNS level.
This article will get you started with deploying Dualog® Protect on your fleet.
The service is easy to set up and configure to your requirements for what types of content you wish to block.
You will need a couple of things in place before you get started with the installation of Dualog® Protect.
- You will need a valid account on the Dualog portal.
- Make sure all necessary IP and ports are whitelisted on your firewall(s)
- You have created at least one Dualog Protect policy to assign to your ships
- Dualog Link Client has been installed and activated on the required machine.
- Disable any existing DNS service on the PC where Dualog Protect will be installed. Typical examples
- Any external DNS relay/forwarder
- If you are running Network Control, go to Connection Suite > Network Control > Configure Network Control > choose the ship.
- Make sure to disable DNS Relay and save.
Dualog® Protect can be installed on any client PC on board, as long as the system requirements are met. If you are running Active Directory on your ship, Dualog Protect cannot be installed on the Domain Controller as it would create a DNS loop.
Typically, you want to install Dualog Protect on a PC or server that is reachable from all onboard subnets that you wish to protect. If you are running Dualog Network Control, that PC is a good candidate to install Protect. If unsure about where to install it, get in touch with us. We will be happy to help.
The standard installation process is described here. Follow the procedure and, once completed, continue with the steps below to complete the deployment of Dualog Protect.
ASSIGN THE DUALOG PROTECT POLICY
Dualog Protect is now active and ready to handle the DNS requests on board.
- ON THE DUALOG PROTECT PC
Make sure your WAN network adapter uses 127.0.0.1 as primary DNS.
- ON ALL THE CLIENT PCs
Any client PC you wish to protect will need to have the Dualog Protect PC's IP address as their primary DNS server.
You can now go ahead and test Dualog Protect.