User's Manual
56.4
Security Parameters
This subsection describes the device's security parameters.
56.4.1 General Security Parameters
The general security parameters are described in the table below.
Parameter
Web/EMS: Internal Firewall
Parameters
CLI: configure voip > access-list
[AccessList]
Media Latching
Web/EMS: Inbound Media
Latch Mode
CLI: inbound-media-latch-mode
[InboundMediaLatchMode]
Version 6.8
Table 56-24: General Security Parameters
This table parameter defines the device's access list (firewall),
which defines network traffic filtering rules.
The format of this parameter is as follows:
[AccessList]
FORMAT AccessList_Index = AccessList_Source_IP,
AccessList_Source_Port, AccessList_PrefixLen,
AccessList_Source_Port, AccessList_Start_Port,
AccessList_End_Port, AccessList_Protocol,
AccessList_Use_Specific_Interface, AccessList_Interface_ID,
AccessList_Packet_Size, AccessList_Byte_Rate,
AccessList_Byte_Burst, AccessList_Allow_Type;
[\AccessList]
For example:
AccessList 10 = mgmt.customer.com, , , 32, 0, 80, tcp, 1, OAMP,
0, 0, 0, allow;
AccessList 22 = 10.4.0.0, , , 16, 4000, 9000, any, 0, , 0, 0, 0, block;
In the example above, Rule #10 allows traffic from the host
'mgmt.customer.com' destined to TCP ports 0 to 80 on interface
OAMP (OAMP). Rule #22 blocks traffic from the subnet
10.4.xxx.yyy destined to ports 4000 to 9000.
For a detailed description of this table, see ''Configuring Firewall
Settings'' on page 143.
Enables the Media Latching feature.
[0] Strict = Device latches onto the first original stream (IP
address:port). It does not latch onto any other stream during the
session.
[1] Dynamic = (Default) Device latches onto the first stream. If it
receives at least a minimum number of consecutive packets
(configured by New<media type>StreamPackets) from a
different source(s) and the device has not received packets
from the current stream for a user-defined period
(TimeoutToRelatch<media type>Msec), it latches onto the next
packet received from any other stream. If other packets of a
different media type are received from the new stream, based
on IP address and SSRC for RTCP/RTP and based on IP
address only for T.38, the packet is accepted immediately.
Note: If a packet from the original (first latched onto) IP
address:port is received at any time, the device latches onto
this stream.
[2] Dynamic-Strict = Device latches onto the first stream. If it
receives at least a minimum number of consecutive packets
767
56. Configuration Parameters Reference
Description
Mediant 800B Gateway and E-SBC