AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
Administering Avaya IP Office with Web Manager
Add Firewall Profile
Navigation:
Additional configuration information
This type of configuration record can be saved as a template and new records created from a template. See Working with Templates.
Configuration settings
The IP Office system can act as a firewall, allowing only specified data traffic to start a session across the firewall and controlling in which direction such sessions can be started.
You can select a firewall profiles for the following areas of IP Office operation:
You can apply a firewall profile to traffic between LAN1 and LAN2.
You can select a firewall for users who are the destination of incoming RAS calls.
You can select a firewall when you configure a service.
Note:
The IP Office firewall profiles can include Static network address translation (NAT) records. If the firewall profile contains any Static NAT records, the IP Office blocks traffic that does not match one of those static NAT records.
If Network Address Translation (NAT) is used with the firewall, you must configure the Primary Trans. IP Address setting on incoming services ( ).
On Linux-based systems, to ensure that the firewall starts after a reboot, you must enable the Solution >
> Platform View > Settings > System > Firewall Settings > Activateoption.
By default, any protocol not listed in the standard firewall list is dropped unless a custom firewall entry is configured for that protocol.
These settings are mergeable. Changes to these settings do not require a reboot of the system.
Field |
Description |
||
|---|---|---|---|
Name |
Range = Up to 15 characters. Enter the name to identify this profile. |
||
Protocol Control |
For each of the listed protocols, the options Drop, In (Incoming traffic can start a session), Out (Outgoing traffic can start a session) and Both Directions can be selected. Once a session is started, return traffic for that session is also able to cross the firewall. |
||
Protocol |
Default |
Description |
|
TELNET |
Out |
Remote terminal log in. |
|
FTP |
Out |
File Transfer Protocol. |
|
SMTP |
Out |
Simple Mail Transfer Protocol. |
|
TIME |
Out |
Time update protocol. |
|
DNS |
Out |
Domain Name System. |
|
GOPHER |
Drop |
Internet menu system. |
|
FINGER |
Drop |
Remote user information protocol. |
|
RSVP |
Drop |
Resource Reservation Protocol. |
|
HTTP/S |
Bothway |
Hypertext Transfer Protocol. |
|
POP3 |
Out |
Post Office Protocol. |
|
NNTP |
Out |
Network News Transfer Protocol. |
|
SNMP |
Drop |
Simple Network Management Protocol. |
|
IRC |
Out |
Internet Relay Chat. |
|
PPTP |
Drop |
Point to Point Tunneling Protocol. |
|
IGMP |
Drop |
Internet Group Membership Protocol. |
|
Service Control |
For each of the listed services, the options Drop, In, Out and Both Directions can be selected. Once a session is started, return traffic for that session is also able to cross the firewall. |
||
Protocol |
Default |
Description |
|
SSI |
In |
System Status Application access. |
|
SEC |
Drop |
TCP security settings access. |
|
CFG |
Drop |
TCP configuration settings access. |
|
TSPI |
In |
TSPI service access. |
|
WS |
Drop |
IP Office web management services. |
|