Configuring Firewall Allowed Rules - AudioCodes Mediant 800B User Manual

33.3

Configuring Firewall Allowed Rules

If you add firewall rules in the Firewall Settings page (see ''Configuring Firewall Settings''
on page 143) that block specified traffic, you also need to add rules that ensure traffic
related to the HA feature is allowed. These allowed HA rules include the following:

Keep-alive packets between the HA devices (e.g., rules #1 and #2 in the figure below).

HA control and data packets between the HA devices (e.g., rules #3 and #4 in the
figure below).

HA control and data packets between the HA devices after switchover (e.g., rules #5
and #6 in the figure below). These rules are the same as rules #3 and #4 respectively,
but are required as the TCP source and destination port IDs are not symmetric.

HTTP protocol for file transferring (e.g., Rule #7 in the figure below).

HTTP protocol for file transferring after switchover (e.g., Rule #8 - same as Rule #7 -
in the figure below).
The figure below displays an example of the required firewall rules. In this example,
10.31.4.61 is the Maintenance interface of the redundant device and 10.31.4.62 is the
Maintenance interface of the active device. "HA_IF" is the name of the Maintenance
interface.
User's Manual
Figure 33-7: Allowed Firewall Rules for HA
576
Mediant 800B Gateway and E-SBC
Document #: LTRT-10286