Configuring Firewall Rules To Allow Incoming Ovoc Traffic - AudioCodes Mediant 4000 SBC User Manual

CHAPTER 14 Security
Parameter
'Action Upon
Match'
The firewall rules in the above configuration example do the following:
■ Rules 1 and 2: Typical firewall rules that allow packets ONLY from specified IP addresses
(e.g., proxy servers). Note that the prefix length is configured.
■ Rule 3: A more "advanced" firewall rule - bandwidth rule for ICMP, which allows a maximum
bandwidth of 40,000 bytes/sec with an additional allowance of 50,000 bytes. If, for example,
the actual traffic rate is 45,000 bytes/sec, then this allowance would be consumed within 10
seconds, after which all traffic exceeding the allocated 40,000 bytes/sec is dropped. If the
actual traffic rate then slowed to 30,000 bytes/sec, the allowance would be replenished within
5 seconds.
■ Rule 4: Allows traffic from the LAN voice interface and limits bandwidth.
■ Rule 5: Blocks all other traffic.

Configuring Firewall Rules to Allow Incoming OVOC Traffic

If the device needs to communicate with AudioCodes OVOC, you need to configure the device's
firewall (Firewall table) with the below "allow" firewall rules to permit incoming traffic from OVOC.
These OVOC-related firewall rules are required only if have configured other various
firewall rules. If you are not using the device's firewall, the device allows all traffic by
default and the below firewall configuration is not required.
Sour-
Index
ce IP
0
...
N
N+1 <OV
(SNM OC IP
P) addre
ss>
N+2 <OV
(NT OC IP
P) addre
ss>
Allow
Table 14-4: Firewall Rules to Allow Traffic from OVOC
Pre- St-
Sou-
fix art
rce
Len- Po-
Port
gth rt
1161 32 16
1
123 32 0
Firewall Rule
Allow Allow
Use
En-
Spe-
d Pro-
cific
Po- tocol
Inter-
rt
face
Various rules for basic traffic.
161 udp Enabl
e
0 udp Enabl
e
- 142 -
Mediant 4000 SBC | User's Manual
Allow Block
Acti-
on Pac-
Inter-
Upo- ket
face
n Siz-
Name
Mat- e
ch
OAM_ Allo 0
IF w
<inter- Allo 0
face w
con-
figured
for
NTP>
B-
yt- Byt-
e e
R- Bu-
at- rst
e
0 0
0 0