Firewall rules set up

12.If the filter rule set for the intended traffic is also to be applied to the reply packets, select Keep State. This function can be applied to TCP, UDP, and ICMP packets.

13.If you want to change the default time-out settings for the TCP state, UDP state, or ICMP state, click Advanced.

Note:

Keep State sets up a state table, with each entry set up by the sending side. Reply packets pass through a matching filter that is based on the respective state table entry. A state entry is not created for packets that are denied.

Note:

Although UDP is connectionless, if a packet is first sent out from a given port, a reply is expected in the reverse direction on the same port. Keep State “remembers” the port and ensures that the replying packet enters in the same port.

14.Select the position of the firewall policy in the template.

15.Click Finish to return to the Firewall tab.

Priority of Firewall rules versus NAT rules

When packets pass through zones that have both Firewall rules and NAT rules set up, NAT rules are applied before the firewall rules are applied. Depending on the type of NAT rule: static, port NAT, or redirection, either the source IP address or the destination IP address of packets are changed. When you set up your firewall rules, you need to consider the type of NAT configured, as you must create the firewall rule to filter on the translated IP address and ports, not on the original address and ports.

Setting up firewall rules for FTP

FTP and Firewall/NAT Operation

The File Transfer Protocol (FTP) uses two TCP connections, one for control, and another for data. The primary methods for establishing the data connection are passive-FTP and active-FTP. In the passive-FTP case, the FTP client makes the data connection to an IP address/port the FTP server has specified. An active-FTP data connection is initiated by the FTP server using information specified by the FTP client.

If the FTP client and FTP server are separated by a firewall, control and/or data connections will normally be blocked. For FTP to function properly, state must be maintained for control and data connections to complete. Typically, a wide range of ports behind the firewall also must be exposed to the external network in order for an external FTP client (passive-FTP) or external FTP server (active-FTP) data connection to be established. So, the location of client/server, as well as mode of operation (active/passive-FTP) dictates the type of firewall issues.

Issue 4 May 2005 167

Page 166 Page 168
Page 167
Image 167
Avaya 3.7 manual Priority of Firewall rules versus NAT rules
Page 166 Page 168

3.7 specifications

Avaya 3.7 represents a significant evolution in unified communications technology, designed to enhance collaboration and streamline communication workflows for organizations of all sizes. As a cornerstone of Avaya's offerings, this version incorporates a range of features and improvements that cater to contemporary business needs, emphasizing flexibility, reliability, and seamless integration.

One of the most notable features of Avaya 3.7 is its robust call management capabilities. The platform allows users to manage calls effectively through a user-friendly interface, enabling intuitive functionalities such as drag-and-drop call handling, call forwarding, and conference calling. These features help employees stay connected, facilitating better communication and teamwork across departments.

In terms of mobility, Avaya 3.7 supports mobile applications that allow users to access the system remotely. This is particularly advantageous for businesses with a workforce that relies on remote or hybrid work models. The mobile integration ensures users can make and receive calls, check voicemail, and manage their schedules directly from their smartphones, maintaining productivity regardless of location.

The system also embraces advanced collaboration tools, such as video conferencing and instant messaging. These features promote a more dynamic interaction environment, fostering real-time communication among team members. Video conferencing capabilities allow for high-definition video quality and reliable connectivity, making virtual meetings more engaging and effective.

Security is another critical characteristic of Avaya 3.7. The platform includes enhanced encryption protocols to protect sensitive communications and ensure data integrity. With cybersecurity remaining a top concern for businesses, Avaya has prioritized the security of its communications solutions, safeguarding organizations' information against potential threats.

Furthermore, Avaya 3.7 benefits from the incorporation of AI and analytics. These technologies provide businesses with valuable insights into communication patterns and user behavior, enabling them to optimize their processes. The analytics can help identify areas for improvement and drive informed decision-making, thus enhancing overall efficiency.

Interoperability with existing systems is another hallmark of Avaya 3.7. The platform easily integrates with various applications and services, allowing businesses to leverage their current technology investments and create a cohesive communication ecosystem.

In summary, Avaya 3.7 stands out as a comprehensive communication solution that addresses the modern demands of the workplace. With its advanced call management features, mobility support, collaboration tools, strong security measures, and integration capabilities, Avaya 3.7 positions itself as a vital asset for organizations aiming to enhance their communication strategies and drive business success.
Top Page Image Contents