To Next Page

To Previous Page

Version 6.6 137 Mediant 800 MSBR

User's Manual 15. Security

15 Security

This section describes the VoIP security-related configuration.

15.1 Configuring Firewall Settings

The device provides an internal firewall that enables you to configure network traffic

filtering rules (access list). You can add up to 50 firewall rules. The access list offers the

following firewall possibilities:



Block traffic from known malicious sources



Allow traffic only from known "friendly" sources, and block all other traffic



Mix allowed and blocked network sources



Limit traffic to a user-defined rate (blocking the excess)



Limit traffic to specific protocols, and specific port ranges on the device

For each packet received on the network interface, the table is scanned from top to bottom

until the first matching rule is found. This rule can either permit (allow) or deny (block) the

packet. Once a rule in the table is located, subsequent rules further down the table are

ignored. If the end of the table is reached without a match, the packet is accepted.

Notes:

• This firewall applies to a very low-level network layer and overrides all

your other security-related configuration. Thus, if you have configured

higher-level security features (e.g., on the Application level), you must

also configure firewall rules to permit this necessary traffic. For example,

if you have configured IP addresses to access the Web and Telnet

interfaces in the Web Access List (see 'Configuring Web and Telnet

Access List' on page 73), you must configure a firewall rule that permits

traffic from these IP addresses.

• Only Security Administrator users or Master users can configure firewall

rules.

• Setting the 'Prefix Length' field to 0 means that the rule applies to all

packets, regardless of the defined IP address in the 'Source IP' field.

Therefore, it is highly recommended to set this parameter to a value

other than 0.

• It is recommended to add a rule at the end of your table that blocks all

traffic and to add firewall rules above it that allow required traffic (with

bandwidth limitations). To block all traffic, use the following firewall rule:

- Source IP: 0.0.0.0

- Prefix Length: 0 (i.e., rule matches all IP addresses)

- Start Port - End Port: 0-65535

- Protocol: Any

- Action Upon Match: Block

• You can also configure the firewall settings using the table ini file

parameter, AccessList (see 'Security Parameters' on page 779) or the

CLI command, configure voip/access-list.

Brand	AudioCodes
Model	Media 800 MSBR
Category	Network Router
Language	English

AudioCodes Media 800 MSBR User Manual

Table of Contents

Questions and Answers:

AudioCodes Media 800 MSBR Specifications

Related product manuals