CHAPTER14 Security
Mediant 1000 Gateway & E-SBC | User's Manual
Parameter Firewall Rule
'Action Upon
Match'
Allow Allow Allow Allow Block
The firewall rules in the above configuration example do the following:
■ Rules 1 and 2: Typical firewall rules that allow packets ONLY from specified IP addresses
(e.g., proxy servers). Note that the prefix length is configured.
■ Rule 3: A more "advanced” firewall rule - bandwidth rule for ICMP, which allows a maximum
bandwidth of 40,000 bytes/sec with an additional allowance of 50,000 bytes. If, for example,
the actual traffic rate is 45,000 bytes/sec, then this allowance would be consumed within 10
seconds, after which all traffic exceeding the allocated 40,000 bytes/sec is dropped. If the
actual traffic rate then slowed to 30,000 bytes/sec, the allowance would be replenished within
5 seconds.
■ Rule 4: Allows traffic from the LAN voice interface and limits bandwidth.
■ Rule 5: Blocks all other traffic.
Configuring Firewall Rules to Allow Incoming OVOC Traffic
If the device needs to communicate with AudioCodes OVOC, you need to configure the device's
firewall (Firewall table) with the below "allow" firewall rules to permit incoming traffic from OVOC.
These OVOC-related firewall rules are required only if have configured other various
firewall rules. If you are not using the device's firewall, the device allows all traffic by
default and the below firewall configuration is not required.
Table 14-4: Firewall Rules to Allow Traffic from OVOC
Index
Sour-
ce IP
Sou-
rce
Port
Pre-
fix
Len-
gth
St-
art
Po-
rt
En-
d
Po-
rt
Pro-
tocol
Use
Spe-
cific
Inter-
face
Inter-
face
Name
Acti-
on
Upo-
n
Mat-
ch
Pac-
ket
Siz-
e
B-
yt-
e
R-
at-
e
Byt-
e
Bu-
rst
0 Various rules for basic traffic.
...
N
N+1
(SNM
P)
<OV
OC IP
addre
ss>
1161 32 16
1
161 udp Enabl
e
OAM_
IF
Allo
w
0 0 0
N+2
(NT
P)
<OV
OC IP
addre
ss>
123 32 0 0 udp Enabl
e
<inter-
face
con-
figured
for
NTP>
Allo
w
0 0 0
- 141 -
To Next Page
Loading...
Need help?
General
