Version 6.6 133 Mediant 2000
User's Manual 12. Security
12 Security
This section describes the VoIP security-related configuration.
12.1 Configuring Firewall Settings
The device provides an internal firewall that enables you to configure network traffic
filtering rules (access list). You can add up to 50 firewall rules. The access list offers the
following firewall possibilities:
Block traffic from known malicious sources
Allow traffic only from known "friendly" sources, and block all other traffic
Mix allowed and blocked network sources
Limit traffic to a user-defined rate (blocking the excess)
Limit traffic to specific protocols, and specific port ranges on the device
For each packet received on the network interface, the table is scanned from top to bottom
until the first matching rule is found. This rule can either permit (allow) or deny (block) the
packet. Once a rule in the table is located, subsequent rules further down the table are
ignored. If the end of the table is reached without a match, the packet is accepted.
Notes:
• This firewall applies to a very low-level network layer and overrides your other
security-related configuration. Thus, if you have configured higher-level security
features (e.g., on the Application level), you must also configure firewall rules to
permit this necessary traffic. For example, if you have configured IP addresses to
access the Web and Telnet interfaces in the Web Access List (see 'Configuring
Web and Telnet Access List' on page 68), you must configure a firewall rule that
permits traffic from these IP addresses.
• Only Security Administrator users or Master users can configure firewall rules.
• Setting the 'Prefix Length' field to 0 means that the rule applies to all packets,
regardless of the defined IP address in the 'Source IP' field. Therefore, it is highly
recommended to set this parameter to a value other than 0.
• It is recommended to add a rule at the end of your table that blocks all traffic and
to add firewall rules above it that allow required traffic (with bandwidth limitations).
To block all traffic, use the following firewall rule:
- Source IP: 0.0.0.0
- Prefix Length: 0 (i.e., rule matches all IP addresses)
- Start Port - End Port: 0-65535
- Protocol: Any
- Action Upon Match: Block
• You can also configure the firewall settings using the table ini file parameter,
AccessList (see 'Security Parameters' on page 528).
To Next Page
Loading...
Need help?
General
