Security; Configuring Firewall Settings; Mediant - AudioCodes Mediant 3000 User Manual
Media gateway & enterprise session border
controller (e-sbc)
Hide thumbs
Also See for Mediant 3000:
- User manual (984 pages) ,
- Installation manual (90 pages) ,
- Hardware installation manual (88 pages)
Table of Contents
Advertisement
User's Manual
14
Security
This section describes the VoIP security-related configuration.
14.1
Configuring Firewall Settings
The Firewall Settings table lets you configure the device's Firewall, which defines network
traffic filtering rules (access list). You can add up to 25 firewall rules. The access list offers
the following firewall possibilities:
Block traffic from known malicious sources
Allow traffic only from known "friendly" sources, and block all other traffic
Mix allowed and blocked network sources
Limit traffic to a user-defined rate (blocking the excess)
Limit traffic to specific protocols, and specific port ranges on the device
For each packet received on the network interface, the table is scanned from top to bottom
until the first matching rule is found. This rule can either permit (allow) or deny (block) the
packet. Once a rule in the table is located, subsequent rules further down the table are
ignored. If the end of the table is reached without a match, the packet is accepted.
Notes:
•
This firewall applies to a very low-level network layer and overrides all your other
security-related configuration. Thus, if you have configured higher-level security
features (e.g., on the Application level), you must also configure firewall rules to
permit this necessary traffic. For example, if you have configured IP addresses to
access the Web and Telnet interfaces in the Web Access List (see ''Configuring
Web and Telnet Access List'' on page 93), you must configure a firewall rule that
permits traffic from these IP addresses.
•
Only users with Security Administrator or Master access levels can configure
firewall rules.
•
Setting the 'Prefix Length' field to 0 means that the rule applies to all packets,
regardless of the defined IP address in the 'Source IP' field. Thus, it is highly
recommended to set the parameter to a value other than 0.
•
It is recommended to add a rule at the end of your table that blocks all traffic and
to add firewall rules above it that allow required traffic (with bandwidth limitations).
To block all traffic, use the following firewall rule:
√
√
√
√
√
•
If you are using the High Availability feature and you have configured "block" rules,
ensure that you also add "allow" rules for HA traffic. For more information, see
Configuring Firewall Allowed Rules.
The following procedure describes how to configure Firewall rules through the Web
interface. You can also configure it through ini file (AccessList).
To configure a Firewall rule:
1.
Open the Firewall Settings page (Configuration tab > VoIP menu > Security >
Version 7.0
Source IP: 0.0.0.0
Prefix Length: 0 (i.e., rule matches all IP addresses)
Start Port - End Port: 0-65535
Protocol: Any
Action Upon Match: Block
173
14. Security
Mediant 3000
Advertisement
Table of Contents
