Configuring Firewall Allowed Rules - AudioCodes Mediant 800B User Manual

User's Manual
•
Modified 'Redundant Preempt Priority' value is set for the redundant device
(requires a device reset).
Note:
priority of the device, to ensure that system service is maintained and traffic is not
disrupted, it is recommended to set the higher priority to the redundant device and
then reset it. After it synchronizes with the active device, it initiates a switchover and
becomes the new active device (the former active device resets and becomes the
new redundant device).
41.3

Configuring Firewall Allowed Rules

If you have configured firewall rules in the Firewall table (see 'Configuring Firewall Rules'
on page 165) that block specific traffic, you also need to configure rules that ensure traffic
related to HA is allowed:

Keep-alive packets between the HA devices (e.g., rules #1 and #2 in the figure below).

HA control and data packets between the HA devices (e.g., rules #3 and #4 in the
figure below).

HA control and data packets between the HA devices after switchover (e.g., rules #5
and #6 in the figure below). These rules are the same as rules #3 and #4 respectively,
but are required as the TCP source and destination port IDs are not symmetric.

HTTP protocol for file transfer (e.g., Rule #7 in the figure below).

HTTP protocol for file transfer after switchover (e.g., Rule #8 - same as Rule #7 - in
the figure below).
The figure below displays an example of the required firewall rules, where 10.31.4.61 is the
Maintenance interface of the redundant device and 10.31.4.62 is the Maintenance interface
of the active device. "HA_IF" is the name of the Maintenance interface.
Version 7.2
If the HA system is already in HA Preempt mode and you want to change the
Figure 41-7: Allowed Firewall Rules for HA
755 Mediant 800B Gateway & E-SBC
41. HA Configuration