Chapter 4 BCM50 Security Policies and Accounts and Privileges 123
BCM50 Administration Guide
Do you require the added security of a private SSL certificate?

Firewalls

Secured communications over a WAN require firewall protection. Depending on the hardware
being used and the type of security being employed, specific firewall rules must be set to enable
communication between the BCM50 and the Element Manager.
If the firewall is enabled, add the following rule:
Source address: Element Manager IP address or “Any.” This is the IP address of the system
that the Element Manager resides on.
Destination address: BCM LAN IP address.
Service type: TCP:5989, 443 and 80 (port number for CIM/XML, https, and http)
Action: forward
You must configure CIM/XML services for NAT using the following rules:
Name: CIM/XML
Start port: 5989
End port: 5989
Server IP address: BCM LAN IP address
!
Core system configuration, such as resources and network management should be
restricted to an administrator-level account.
Use the group profiles to define other levels of users with access to the headings that
are specific to their task.
This also helps to prevent overlap programming if more than one person is using the
interface at the same time.
Dial-in access: Restrict this user group to users who require this interface. If modem
access is not required, the modem interface can be disabled to provide further security.
Note: There is also a Nortel support default user which cannot be
deleted or modified. This account is set up to allow Nortel
troubleshooting technicians to access areas of the system that are not
available to other users. You can change the default challenge key, but be
sure to retain a record of the change so that support technicians can
access your system. For more information, talk to your Nortel service
representative.