Version 7.2 163 Mediant 1000B Gateway & E-SBC
User's Manual 13. Security
13 Security
This section describes the VoIP security-related configuration.
13.1 Configuring Firewall Settings
The Firewall table lets you configure up to 50 firewall rules, which define network traffic
filtering rules (access list). The access list offers the following firewall possibilities:
Block traffic from known malicious sources
Allow traffic only from known "friendly" sources, and block all other traffic
Mix allowed and blocked network sources
Limit traffic to a user-defined rate (blocking the excess)
Limit traffic to specific protocols, and specific port ranges on the device
For each packet received on the network interface, the device searches the table from top
to bottom until the first matching rule is found. The matched rule can permit (allow) or deny
(block) the packet. Once a rule in the table is located, subsequent rules further down the
table are ignored. If the end of the table is reached without a match, the packet is
accepted.
Note:
• The rules configured by the Firewall table apply to a very low-level network layer
and overrides all other security-related configuration. Thus, if you have configured
higher-level security features (e.g., on the Application level), you must also
configure firewall rules to permit this necessary traffic. For example, if you have
configured IP addresses to access the device's Web and Telnet management
interfaces in the Access List table (see ''Configuring Web and Telnet Access List''
on page 73), you must configure a firewall rule that permits traffic from these IP
addresses.
• Only users with Security Administrator or Master access levels can configure
firewall rules.
• Setting the 'Prefix Length' field to 0 means that the rule applies to all packets,
regardless of the defined IP address in the 'Source IP' field. Thus, it is highly
recommended to set the parameter to a value other than 0.
• It is recommended to add a rule at the end of your table that blocks all traffic and
to add firewall rules above it that allow required traffic (with bandwidth limitations).
To block all traffic, use the following firewall rule:
√ Source IP: 0.0.0.0
√ Prefix Length: 0 (i.e., rule matches all IP addresses)
√ Start Port - End Port: 0-65535
√ Protocol: Any
√ Action Upon Match: Block
The following procedure describes how to configure firewall rules through the Web
interface. You can also configure it through ini file (AccessList) or CLI (configure network >
access-list).
To configure a firewall rule:
1. Open the Firewall table (Setup menu > IP Network tab > Security folder> Firewall).
To Next Page
Loading...
Need help?
General
