User Guide V2IU 4300T Converged Network Appliance
The 4300T uses a Stateful Packet Inspection (SPI) firewall to protect data devices installed behind the LAN interface. Voice devices are protected by the 4300T Application Layer Gateway (ALG) as described in VoIP Configuration.
The firewall is enabled by default. The default behavior of the firewall is to:
•deny all traffic originating from the WAN
•allow all traffic originating from the LAN
•allow only return traffic for connections that originated from the LAN
•deny all traffic originating from the WAN to the 4300T itself
•allow all traffic originating from the LAN to the 4300T
The default behavior can be modified using the basic and advanced settings fields on the firewall configuration page. We recommend that you use the 4300T firewall, however it can be disabled if the 4300T is installed behind an existing legacy firewall.
Enable or disable the firewall
1.Select Firewall.
2.Use the Enable Firewall checkbox to either enable or disable the firewall.
3.Select Submit.
Configure Basic settings
To allow or deny HTTP, Telnet and SSH traffic originating from the WAN to the 4300T simply use the checkboxes provided in the basic settings area of the firewall configuration page. By default, access from the WAN into the 4300T is disabled.
Warning Denying HTTP, Telnet or SSH traffic from the WAN may result in losing management connectivity to the 4300T if you are configuring the system remotely using the WAN link.
1.Select Firewall.
2.Use the three Allow access from WAN side checkboxes to enable or disable HTTP, Telnet, and/or SSH access from IP devices on the WAN side of the 4300T.
3.Select Submit.
Configure Advanced Settings
A comprehensive security policy can be created using the advanced settings of the 4300T firewall. The policy actions that can be taken on any packet processed by the 4300T are summarized in the following table:
3 - 36
