Mitel MiVoice Manual page 9

Figure 2: MBG as Internet Gateway (no enterprise firewall)
1
An enterprise can take advantage of the DSL, authenticated DHCP and PPPoE/PPPoA capabilities of the MSL
server. Additionally provides NAT for all devices at the enterprise, a stateful packet filter firewall, and optional
port-forwarding.
Note: If desired and if hardware is available, a third interface may be configured in MSL. This interface might be
useful as a dedicated interface for if a network between the MBG servers can be set aside for this purpose.
Alternatively, the third interface could be put into bridged mode on MSL 9.2+ to permit an MBG server in parallel
with an existing firewall to transparently handle all traffic from that firewall and accomplish traffic shaping. See
Traffic Shaping for full details.
Additional Trusted Local Networks
Additional trusted internal networks or subnets that require access to the MiVoice Border Gateway can be added
via the Networks panel of the server manager. This access can be limited to individual hosts, or large network
blocks can be used. In all cases, the Router property should be set to the address of the router on the subnet
attached to the MSL server's internal interface.
For example, to allow access from the single subnet 192.168.12.0/24, you would enter a network of
192.168.12.0 and a mask of 255.255.255.0 in the Local Networks panel, plus the address of the router on the
local subnet through which this network can be reached.
If the customer's network has multiple subnets with a common prefix, access can be allowed from the prefix. For
example, if the customer uses various subnets within the 192.168.0.0/16 network, enter a network of
192.168.0.0 and mask of 255.255.0.0 in the Networks panel, and allow the local router to determine the routing
to the individual subnets.
In addition to providing application access control, the Networks panel can also be used to add static routes.
Note: The Networks panel is a feature of MSL. Refer to the MSL documentation for a full description of its
capabilities.
MiVoice Border Gateway in a DMZ
1
Limited support is provided for PPPoA. Mitel recommends the use of a D-Link DSL 300T modem at the enterprise site if PPPoA
connectivity is required in gateway mode. Configure the modem to provide DHCP on the internal interface, and use DHCP on the MSL server
to configure the public interface. The modem acts as a bridge. Note that PPPoA routers that provide NAT will not work here.
8