Firewall Configuration; Inter-Tel Private Networking; Remote Administration - Inter-Tel AXXESS Manual

Appendix F – Network Topology
® ®
INTER-TEL AXXESS

12. FIREWALL CONFIGURATION

12.1 In computer networks, a totally secure network is practically impossible. In general, the
more types of communications allowed from the Internet, the less secure the network. There-
fore, a network should be configured so as to allow only the minimum level of communication
unless other capabilities are required. An example is shown in the following illustration.
12.2 In some environments, it will be necessary to allow additional types of communications
through the firewall. As stated above, these communications should be allowed only when nec-
essary. Although strong passwords are always a good idea, this is especially important when
applications are opened to the Internet.
A. INTER-TEL PRIVATE NETWORKING
12.3 This is the protocol used to allow Axxess systems to communicate with each other (or
to communicate with an Inter-Tel 5000 system). To allow Inter-Tel Private Networking to the
Internet, allow TCP port 5570.
NOTE:
B. REMOTE ADMINISTRATION
12.4 These are the protocols that provide the capability to perform certain administration
activities from outside the firewall. To enable remote administration including DB Program-
ming over the Internet, enable TCP port 4000. To further tighten security, this communication
can be filtered by source address
6.
Page F-18
MANUAL VERSION 11.0 – May 2008
Private networking cannot traverse NAT.
Source address filtering accepts communication from specific IP addresses. While source address
filtering provides some additional level of security, IP source addresses are easily spoofed. In addi-
tion, source addresses are often DHCP-assigned making it impractical to know the source
addresses in advance.
6
.
Firewall Configuration