Access Control List

Stingray Service Gateway allows the implementation of smart Access Control Lists (ACL).

Unlike traditional network ACLs that define service ports or domain names on a third-tier OSI, access to which is allowed or denied, the Stingray platform manages traffic up to the 7th level of OSI. This means that one can restrict or allow access to certain services, applications, resources for specific users or groups of users.

Blocking by the name

There are two ways of blocking an HTTPS resource: by certificate (common name) or by SNI. This makes it possible to block the resource even when its IP address is changed.

Specifics

Access Control on All OSI Levels

Stingray platform analyses all passing through packets up to OSI 7th level, and not only by standard port numbers. Using signature and statistical analysis, one can define such apps as P2P, IM, Email, VOIP, streaming video, gaming traffic, encrypted data, and configure access rules for each of them or any other network resource.

Access Lists

The Access List makes it possible to restrict access to the sites and pages available to the subscriber and redirects him or her to the specified page when trying to go beyond this list.

Creation of Captive Portal (CP)

CP in the carrier’s network is used to provide the subscriber with the opportunity to refill the balance when funds on the account have run out. Access to the Internet is limited to sites of payment systems and banks, and work on the white list of sites is combined with limiting the work on the list of protocols.

Flexible Configuration of Access Rules

The carrier can combine Block and Allow Lists to permit or deny access to certain resources (or even a resources pool) for an individual user or group of users. For example, a list of resources restricted for a school.

Benefits

  • Operation on all levels of OSI according to the DPI technology.
  • Flexible configuration of access rules.
  • Allow lists for the subscribers.
  • Organization of Captive Portal (CP).

Examples of Use

Subscriber access control with zero balance

When the subscriber has run out of funds on the account, their access to Internet resources is restricted until the balance is refilled. However, in order to refill, URLs and protocols of payment systems and online banks are entered in the allow-lists. Also, the provider can grant access to its own site, internal network resources, certain social networks, and others at no cost.

Subscriber Identification in Wi-Fi Network

According to the rules of access to the carrier’s network via public Wi-Fi access points, it is necessary to identify the subscriber in one of these ways: by phone number, passport data, or others. Stingray Service Gateway allows identification through access code that the subscriber gets on their mobile phone in SMS.

Request a demo

Fill in the form
We will contact you, specify the task, provide access to the documentation and answer your questions.
Choose the solution
We discuss the current situation: traffic volume, available equipment, the functionality you need.
Free trial
Our engeniers install the selected software and adapt it to your specific tasks. Сontract — only after the test is successful.
We use cookies to optimize site functionality and give you the best possible experience. To learn more about the cookies we use, please visit our Cookies Policy. By clicking ‘Okay’, you agree to our use of cookies. Learn more.