28 ST | November 2018 VSAT Design The VSAT system, integrated into a satellite internet service provider (ISP) network, has two virtual local area networks (VLAN) configured by a managed switch, namely the VLAN1 and the VLAN302. The VLAN1 controls the VSAT system through the satel- lite ISP. This network has the IP address, and its devices have the following IP addresses: (the modem), (the switch), (the PC administrator) and the (ACU). The devices on the VLAN302 are a gateway, i.e., the modem is a gateway to the UTM firewall and, later, to the rest of the devices on the ship's LAN. This network has four public IP addresses. The modem has the IP "Public IP-1/30," and the UTM Firewall has the IP "Public IP- 2/30." LAN Design The local area network connects the machines with- in the ship. The UTM firewall is part of this system and works as the gateway for the rest of the devices. For the EuroFLEETS project, all research vessels use the IP ad- dress The three network interfaces of the UTM firewall are configured as follows: eth0 ( is plugged into the ship's LAN and is the gateway for the comput- ers that have internet access; eth1 (Public IP-2/30) is plugged into the WAN1, which connects to the internet via the VSAT modem (Public IP-1/30) when the vessel is model. It comprises an external part and an internal part. The former contains an antenna and two frequency con- verters inside the dome, i.e., one for transmission, the block up-converter (BUC), and another for reception, the low-noise block (LNB). Internally, it contains the antenna control unit (ACU) and the modem, both placed at the bridge. Regarding the UTM firewall, free and open-source software solutions for network management with simi- lar characteristics were considered: Endian, OPNsense, ClearOS and Zentyal. Zentyal, a project led by a Spanish company, was cho- sen, providing the firewall, quality of service, VPN, DNS server and DHCP server. Connection scheme of the VSAT system and ship's LAN.

