Polycom V2IU 4350 user manual Enable or disable the firewall

Page 84

User Manual V2IU 4350 Converged Network Appliance

The 4350 uses a Stateful Packet Inspection (SPI) firewall to protect data devices installed behind the LAN interface. Voice devices are protected by the 4350 Application Layer Gateway (ALG) as described in VoIP Configuration.

The firewall is enabled by default. The default behavior of the firewall is to:

deny all traffic originating from the WAN

allow all traffic originating from the LAN

allow only return traffic for connections that originated from the LAN

deny all traffic originating from the WAN to the 4350 itself

allow all traffic originating from the LAN to the 4350

The default behavior can be modified using the basic and advanced settings fields on the firewall configuration page. We recommend that you use the 4350 firewall, however it can be disabled if the 4350 is installed behind an existing legacy firewall.

Enable or disable the firewall

1.Select Firewall.

2.Use the Enable Firewall checkbox to either enable or disable the firewall.

3.Select Submit.

Configure Basic settings

To allow or deny HTTP, Telnet and SSH traffic originating from the WAN to the 4350 simply use the checkboxes provided in the basic settings area of the firewall configuration page. By default, access from the WAN into the 4350 is disabled.

Warning Denying HTTP, Telnet or SSH traffic from the WAN may result in losing management connectivity to the 4350 if you are configuring the system remotely using the WAN link.

1.Select Firewall.

2.Use the three Allow access from WAN side checkboxes to enable or disable HTTP, Telnet, and/or SSH access from IP devices on the WAN side of the 4350.

3.Select Submit.

Configure Advanced Settings

A comprehensive security policy can be created using the advanced settings of the 4350 firewall. The policy actions that can be taken on any packet processed by the 4350 are summarized in the following table:

3 - 66

Page 83 Page 85
Image 84
Page 83 Page 85
Contents V2IU 4350 Converged Network Appliance Trademark Information Contents Page Contents System Diagnostics Saving and Restoring the V2IU 4350 ConfigurationUpgrading the V2IU 4350 Contents Page T1 Wide Area Network WAN Access Router V2IU 4350 Converged Network ApplianceFeature Summary Front Panel LEDs LED Label Activity DescriptionBack Panel Back panel of the 4350E contains the following connectionsPhysical Installation Required Tools and MaterialsDesktop Installation Wall-Mount InstallationRack-Mount Installation Administration Connecting the Power and CablesGetting Started Page Configuring the V2IU Configuration Guide For IP Centrex Applications Configuration Outline Task Subtask Application?Configuration Guide For Station Side IP PBX Applications Configure For Station Configuration Guide For Trunk Side IP PBX Applications Configure For Trunk Side IP Configuration Guide For Hosted Video Applications HotspotConfigure For Hosted Configuration Guide For Enterprise Video Applications Configure For Hosted System Configuration Configure the LAN InterfacePress Submit Page Modify an Existing Vlan Configuration Configure the WAN Interface Configuring the V2IU Frame Relay Mode and Dlci Configure the Dhcp Server Mask Delete a Dhcp IP Address Configure Hostname, Snmp and Remote Logging Disable Snmp Change the Administration Password Read-only User Enabling a Read-only UserHow Subinterfaces Works Click SubmitConfiguring Subinterfaces How the ToS Byte Setting Works Viewing or Changing the ToS Byte SettingConfiguring the V2IU Configuration Configuring the V2IU Settings in the Embedded gatekeeper mode settings This is an advanced configuration option and should H.323 Settings page includes the following two buttons Activity Alias ManipulationItem Description Neighboring H.323 Neighboring page includes the following buttons Regular Expressions Symbol Description Regular ExpressionsForwarding Rules How Forwarding Rules WorksConfiguring Forwarding Rules Page Peering Proxy How Peering Proxy WorksPage Outbound from Site C to Site a Inbound from Site a to Site C Configuring Peering Proxy Outbound from Site C to Public IP EndpointAdding an H.323 Prefix Entry Clients List Lock To configure clients list lock, use the following steps Enabling the Clients List LockActivity Monitor Type of Events Callee admission request received Call Termination Viewing the H.323 Activity Monitor Received invalid dataVoIP Configuration Configure the VoIP ALG Programmed in your IP phone Configure VoIP Subnet Routing Enter a VoIP Subnet Route Configure IP Phones, IADs or Softphones Data Networking Configuration NAT for Data TrafficProtocolPublicIPAddress/netmask-portPrivateIPAddress-port Static IP routing Firewall Configuration Enable or disable the firewall Action Description Input format Traffic Management Configuration Enable Traffic Shaping Optionally enable priority IP addresses Enable CACCloser Look at Traffic Management Classifying Upstream Traffic ManagementDownstream Traffic Management Page System Diagnostics Viewing the ALG registration code Viewing Networking InformationRouting Information Viewing Advanced System Information Accessing Troubleshooting Tools Passive Voice Call MonitoringVerify Registered Voice and Video Devices Performing a Ping Test Restarting Networking Processes Saving and Restoring the V2IU 4350 Configuration Ewn CommandCreate a Backup File and Save in Local Flash Copy a Backup File to a Remote Tftp ServerDownload a Backup File from a Remote Tftp Server List the Available Backup FilesDelete a Backup File Page Upgrade Procedure for Software Revision 1.3.11 or Later Upgrading the V2IUPage Troubleshooting Tips AppendixSpecifications Regulatory Notices Other Rights and Limitations Regulatory Notices Warranty and Warranty Exclusions Regulatory Notices Page Regulatory Notices Page Regulatory Notices FCC Part 68 Notice to Users of Digital Service Industry Canada IC Notice Warranty and Repair Service Center
Top Page Image Contents