General Security Parameters - AudioCodes Mediant 800B User Manual

67.5.1 General Security Parameters

The general security parameters are described in the table below.
Parameter
Firewall Table
Firewall
configure network > access-list
[AccessList]
Media Latching
Inbound Media Latch Mode
configure voip > media settings
> inbound-media-latch-mode
[InboundMediaLatchMode]
User's Manual
Table 67-24: General Security Parameters
The table defines the device's access list (firewall), which defines
network traffic filtering rules.
The format of the ini file table parameter is:
[AccessList]
FORMAT AccessList_Index = AccessList_Source_IP,
AccessList_Source_Port, AccessList_PrefixLen,
AccessList_Source_Port, AccessList_Start_Port,
AccessList_End_Port, AccessList_Protocol,
AccessList_Use_Specific_Interface, AccessList_Interface_ID,
AccessList_Packet_Size, AccessList_Byte_Rate,
AccessList_Byte_Burst, AccessList_Allow_Type;
[\AccessList]
For example:
AccessList 10 = mgmt.customer.com, , , 32, 0, 80, tcp, 1, OAMP,
0, 0, 0, allow;
AccessList 22 = 10.4.0.0, , , 16, 4000, 9000, any, 0, , 0, 0, 0, block;
In the example above, Rule #10 allows traffic from the host
'mgmt.customer.com' destined to TCP ports 0 to 80 on interface
OAMP (OAMP). Rule #22 blocks traffic from the subnet
10.4.xxx.yyy destined to ports 4000 to 9000.
For a detailed description of the table, see 'Configuring Firewall
Rules' on page 165.
Enables the Media Latching feature.

[0] Strict = Device latches onto the first original stream (IP
address:port). It does not latch onto any other stream during the
session.

[1] Dynamic = (Default) Device latches onto the first stream. If it
receives at least a minimum number of consecutive packets
(configured by New<media type>StreamPackets) from a
different source(s) and the device has not received packets
from the current stream for a user-defined period
(TimeoutToRelatch<media type>Msec), it latches onto the next
packet received from any other stream. If other packets of a
different media type are received from the new stream, based
on IP address and SSRC for RTCP/RTP and based on IP
address only for T.38, the packet is accepted immediately.
Note: If a packet from the original (first latched onto) IP
address:port is received at any time, the device latches onto
this stream.

[2] Dynamic-Strict = Device latches onto the first stream. If it
receives at least a minimum number of consecutive packets
(configured by New<media type>StreamPackets) all from the
same source which is different to the first stream and the device
has not received packets from the current stream for a user-
defined period (TimeoutToRelatch<media type>Msec), it
latches onto the next packet received from any other stream. If
1010
Mediant 800B Gateway & E-SBC
Description
Document #: LTRT-10298