DescriptionFirewall Options Keywords
The firewall blocks incoming ICMP/ICMPv6 Echo requests (Ping).
This option may break some types of traceroute requests to the phone.
Windows tracert is one example.
Example Firewall Options entry with a combination of options:
NO_ICMP_PING,TCP:12000,UDP:8000:8010
The firewall runs with default settings and the following additional options:
• Drops incoming ICMP/ICMPv6 Echo (Ping) requests.
• Opens TCP port 12000 (IPv4 and IPv6) for incoming connections.
• Opens UDP port range 8000-8010 (IPv4 and IPv6) for incoming
requests.
NO_ICMP_PING
The phone doesn't send ICMP/ICMPv6 Destination Unreachable
for UDP ports.
The exception is to always send Destination
Unreachable for ports in the RTP port range.
This option may break some types of traceroute requests to
the device. For example, Linux traceroute may break.
Note
NO_ICMP_UNREACHABLE
• The phone doesn't open TFTP-client port-range (UDP 53240:53245).
• Requests to non-standard (non 69) TFTP server ports fail.
• Requests to standard TFTP server port 69 work.
NO_CISCO_TFTP
The following keywords and
options apply when the phone
runs custom apps that handle
incoming requests.
Opens UDP port <xxx>.UDP:<xxx>
Opens UDP port-range, <xxx to yyy>, inclusive.
You can have up to 5 UDP port options (single ports and port ranges). For
example, you can have 3 UDP:<xxx> and 2 UDP:<xxx:yyy>.
UDP:<xxx:yyy>
Opens TCP port <xxx>.TCP:<xxx>
Opens TCP port-range <xxx to yyy>, inclusive.
You can have up to 5 TCP port options (single ports and port ranges). For
example, you can have 4 TCP:<xxx> and one TCP:<xxx:yyy>.
TCP:<xxx:yyy>
You can also configure this parameter in the configuration file (cfg.xml) by entering a string in this format:
<Firewall_Config ua="na">NO_ICMP_PING</Firewall_Config>
Cisco IP Phone 8800 Series Multiplatform Phone Administration Guide for Release 11.3(1) and Later
128
Cisco IP Phone Configuration
Configure Your Firewall with Additional Options
To Next Page
Loading...
Need help?
General