AudioCodes Mediant 800 MSBG User Manual page 239

SIP User's Manual
DMZ Host: allows you to configure a LAN host to receive all traffic arriving at your
device, which does not belong to a known session (see ''Configuring DMZ Host'' on
page 244).
Port Triggering: allows you to define port triggering entries to dynamically open the
firewall for specific protocols or ports (see ''Configuring Port Triggering'' on page 244).
Web Restrictions: allows you to block LAN access to specified hosts or Web sites on
the Internet (see ''Configuring Website Restrictions'' on page 246).
NAT: allows you to manually control the translation of network addresses and ports
(see ''Configuring NAT'' on page 247).
Access Lists: allows you to define firewall settings and rules (see ''Configuring the
Access List'' on page 249).
Advanced Filtering: allows you to assign Access List rules to the device's LAN/WAN
interfaces (see ''Configuring Advanced Filtering'' on page 252).
3.3.3.3.1 Configuring General Security Settings
The General Security item allows you to easily configure the device's basic security
settings. The firewall regulates the flow of data between the enterprise's network and the
Internet. Both incoming and outgoing data are inspected and then either accepted (allowed
to pass through) or rejected (barred from passing through) according to the configurable
set of rules.
The firewall rules specify what types of services available on the Internet may be accessed
from the enterprise's network and what types of services available in the enterprise's
network may be accessed from the Internet. Each request for a service that the firewall
receives, whether originating in the Internet or from a computer in the enterprise's network
is checked against the set of firewall rules to determine whether the request should be
allowed to pass through the firewall. If the request is permitted to pass, then all subsequent
data associated with this request (a "session") is also allowed to pass, regardless of its
direction.
For example, when you point your Web browser to a Web page on the Internet, a request
is sent out to the Internet for this page. The device's firewall identifies the request type and
origin—HTTP and a specific PC in your enterprise's network, in this case. Unless you have
configured access control to block requests of this type from this computer, the firewall
allows this request to pass out onto the Internet. When the Web page is returned from the
Web server the firewall associates it with this session and allows it to pass, regardless of
whether HTTP access from the Internet to the enterprise's network is blocked or permitted.
Therefore, it is the origin of the request, not subsequent responses to this request that
determines whether a session can be established or not.
These services include Telnet, HTTP, HTTPS, DNS, IMAP, POP3 and SMTP. The list of
allowed services at 'Maximum Security' mode can be edited in the Access Control page.
Note that some applications (such as some Internet messengers and Peer-To-Peer client
applications) tend to use these ports if they cannot connect with their own default ports.
When applying this behavior, these applications will not be blocked outbound, even at
Maximum Security Level.
Version 6.2 239
3. Web-Based Management
February 2011