Avaya 3.7 User Manual Page 299
- Page / 326
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
Public zone firewall templates
Issue 4 May 2005 299
● DNS from any IP to any
● Common services originating from all internal networks, private, DMZ, management and
semi-private.
All other outgoing traffic is blocked.
The medium security policy for the public zone is the same as that of the high security policy.
The low security policy allows all the traffic allowed for medium security. In addition, all TCP,
UDP packets from all networks are allowed to go out.
Table 31: Public high and medium security firewall rules
Rule Name Action Source Destination Service Direction Zone Keep State Description
InBoundPu
blicAccess
Permit Any PublicIP IKE-IN
IKE-AVAYA-
IN
IPSEC-NAT
-T-IN
AH/ESP
ICMPDEST
UNREACH
ABLE
In Public no Permit
incoming
VPN traffic
and ICMP
unreachable
packet
InBoundPu
blictoDMZA
ccess
Permit Any DMZNet ICMPECHO
REQUEST
SSH/
TELNET
FTP-CTRL
PASSIVEFT
P
HTTP/
HTTPS
DNS-TCP/
DNS-UDP
NETBIOS-N
S-TCP/UDP
NETBIOS-D
GM-TCP/
UDP
NETBIOS-S
SN-TCP/
UDP
POP3/
IMAP/SMTP
NNTP
In Public Yes Permit
incoming
traffic to
DMZ
network
InBoundPu
blicBlockAll
Deny Any Any ANY In Public No Deny the
rest of traffic
OutBoundP
ublicAccess
Permit PublicIP Any IKE-OUT
IKE-AVAYA-
OUT
IPSEC-NAT
-T-OUT
AH/ESP
ICMPDEST
UNREACH
ABLE
Out Public no Permit
outgoing
VPN traffic
1 of 2
- Release 3.7 1
- WARNING: 3
- Contents 5
- What Products are Covered 15
- VPNmanager Overview 15
- Intranet and Extranet Support 16
- Secure VPN Configuration 16
- No Special Consoles Required 16
- Related Documentation 17
- How This Book Is Organized 17
- Contacting Technical Support 19
- Security gateways 21
- VPNremote Client software 22
- VPNmanager software 22
- Issue 4 May 2005 23 23
- Security gateway 24
- Issue 4 May 2005 25 25
- IP groups 26
- Remote users and user groups 26
- Security policies 27
- Overview of implementation 28
- Additional features 29
- Client IP address pooling 30
- SSL for Directory Server 30
- 11. Configure firewall rules 31
- Chapter 2: Using VPNmanager 33
- To add an administrator 34
- Add a policy server 35
- Navigating the main window 36
- File menu 37
- Using VPNmanager 38
- Edit menu 39
- View menu 39
- Tools menu 40
- Help menu 40
- VPN view pane 42
- Tiled View 43
- Tree View 43
- Configuration Console window 44
- Update Devices 47
- Preferences 48
- Dyna Policy Defaults (User) 49
- Dyna Policy Defaults (Global) 49
- Dyna Policy Authentication 50
- Remote Client 51
- Alarm/Monitoring 52
- Issue 4 May 2005 53 53
- New VPN Domain 55
- Setting up the network 56
- Issue 4 May 2005 57 57
- Issue 4 May 2005 59 59
- General tab 60
- Issue 4 May 2005 61 61
- Issue 4 May 2005 63 63
- To add a DNS Relay 64
- To add a static DNS server 65
- To add a DNS server address 65
- Interfaces tab 66
- Issue 4 May 2005 67 67
- Issue 4 May 2005 69 69
- Static addressing 70
- DHCP addressing 70
- Local DHCP Server 71
- DHCP Relay 73
- Changing network interfaces 73
- Issue 4 May 2005 75 75
- Private port tab 76
- Issue 4 May 2005 77 77
- Device users tab 79
- Network Object tab 80
- Issue 4 May 2005 81 81
- Issue 4 May 2005 83 83
- To build a RIP table: 84
- Policies tab, NAT services 85
- Configuring NAT (VPNos 4.31) 86
- To edit a NAT rule 87
- To delete a NAT rule 87
- About NAT types for VPNos 3.X 88
- Issue 4 May 2005 89 89
- Issue 4 May 2005 91 91
- Interface for VPNos 4.2 93
- Original 94
- Tunnel NAT rules 95
- To add a tunnel NAT rule: 96
- About IP Groups 97
- New IP Group 98
- IP Group - General tab 98
- Issue 4 May 2005 99 99
- Add IP Group member 100
- Configuring an IP Group 101
- Configuring IP Groups 102
- Issue 4 May 2005 103 103
- Default client configuration 105
- Using dyna-policy 106
- Issue 4 May 2005 107 107
- Disable split tunneling 108
- Issue 4 May 2005 109 109
- Local authentication 110
- RADIUS authentication 110
- LDAP authentication 110
- Dynamic VPNs (VPNos 3.x) 110
- Remote Client tab 111
- Send Syslog messages. . 112
- Issue 4 May 2005 113 113
- Creating new user object 114
- User - General tab 115
- Memo tab 116
- Dyna-Policy tab 116
- Actions tab 117
- ● Directory Name 118
- ● IP Address 118
- ● DNS Name 118
- ● Email Name (RFC 822) 118
- Issue 4 May 2005 119 119
- Using local authentication 120
- Add Client IP address pool 121
- Add Client DNS 121
- Configuring client attributes 122
- Enforce brand name 123
- RADIUS/ACE Services 124
- Settings 125
- RADIUS concepts 125
- The RADIUS protocol 126
- Add (RADIUS/ACE server) 126
- To add a RADIUS server: 127
- New user group 129
- User Group - General tab 130
- User Group - Memo tab 130
- User Group - Actions tab 131
- Configuring a user group 131
- Configuring user groups 132
- Types of VPN objects 133
- IKE VPNs 134
- VPN packet processing modes 134
- Default VPN policy 135
- Creating a new VPN object 136
- Creating a default VPN 136
- Creating a designated VPN 137
- Using the VPN tabs 138
- Members-Users tab 140
- Members-IP Groups tab 140
- Security (IKE) tab 141
- Configuring VPN objects 142
- Issue 4 May 2005 143 143
- Security (IPSec) 144
- IPSec Proposals 145
- Add IPSec proposal 146
- Issue 4 May 2005 147 147
- VPN configuration 148
- Advanced VPN tab 149
- Configuring a SKIP VPN 150
- Issue 4 May 2005 151 151
- Configuring an IKE VPN 152
- Issue 4 May 2005 153 153
- Issue 4 May 2005 155 155
- Enabling CRL checking 156
- Issue 4 May 2005 157 157
- VPN Object export checklist 159
- Export procedure 160
- Issue 4 May 2005 161 161
- Rekeying a VPN object 162
- Firewall rules set up 163
- Firewall rules 164
- Issue 4 May 2005 165 165
- Device level firewall rules 166
- Issue 4 May 2005 167 167
- Security Gateways and FTP 168
- Firewall templates 169
- Predefined templates 170
- User defined templates 170
- Issue 4 May 2005 171 171
- Services 172
- Device Group 173
- Denial of Service 173
- Establishing security 174
- Voice Over IP 175
- Issue 4 May 2005 177 177
- Add gatekeeper settings 179
- QoS policy and QoS mapping 180
- CAUTION: 181
- To add a QoS policy 182
- Issue 4 May 2005 183 183
- Packet Filtering 184
- What can be filtered 185
- Packet Filtering and NAT 185
- Advanced 186
- Add Packet Filtering Policy 187
- From/Where 188
- To Where 189
- Managing the ACL 190
- Issue 4 May 2005 191 191
- About Differentiated Services 193
- How a VSU marks packets 193
- Types of marking rules 194
- Issue 4 May 2005 195 195
- Packet filtering firewall 196
- Add firewall policy 197
- Device Advanced 199
- Using advanced features 200
- Path MTU Discovery 201
- NAT Traversal 203
- To change the port number: 204
- Send Device Names 205
- Tunnel Persistence 207
- TEP Policy 209
- Servers 210
- Managing the server list 211
- Resilient Tunnel 212
- Tunnel Switching 213
- Creating a resilient tunnel 214
- Add resilient tunnel 215
- Primary end-point service 217
- Secondary end-point service 217
- Failover TEP 218
- Advanced Action 219
- Switch Flash 220
- Reset password 220
- Disable FIPS 220
- High Availability 221
- Virtual addresses 222
- Issue 4 May 2005 223 223
- Configuring high availability 224
- To update HA VSUs: 225
- Failover 226
- To configure failover: 227
- Failover reconnect 229
- Issue 4 May 2005 231 231
- Keep Alive 232
- To configure keep alive: 233
- About VSU certificates 234
- Issue 4 May 2005 235 235
- To switch certificates: 237
- Issuer certificates 238
- Issue 4 May 2005 239 239
- IKE Certificate Usage 240
- Issue 4 May 2005 241 241
- Issue 4 May 2005 243 243
- Issue 4 May 2005 245 245
- To add SNMP trap targets 246
- VPN active sessions 247
- Syslog Services 248
- Add Syslog Policy 249
- Using Monitor 250
- Issue 4 May 2005 251 251
- Monitoring your network 252
- Issue 4 May 2005 253 253
- Issue 4 May 2005 255 255
- Issue 4 May 2005 257 257
- Issue 4 May 2005 259 259
- Issue 4 May 2005 261 261
- Issue 4 May 2005 263 263
- Issue 4 May 2005 265 265
- Define Custom 267
- Monitoring alarms 268
- Alarm Types 269
- Report Wizard 270
- Issue 4 May 2005 271 271
- Generating the report 272
- Device diagnostics 273
- Using the Management tab 275
- To set up SSH or Telnet 276
- Using the Connectivity tab 277
- Check connectivity by ping 278
- Using the Device Actions tab 279
- Update Configuration 280
- Reset Device Time 280
- Reboot Device 280
- Re-setup Device 281
- Import Device Configuration 281
- Ethernet Speed 282
- Redundancy 283
- Export VPN 284
- Exporting RADIUS 285
- Device management 286
- Issue 4 May 2005 287 287
- Device - Upgrade tab 288
- Issue 4 May 2005 289 289
- License 290
- Encryption Strength 291
- Remote Access (VSU-100 Only) 291
- Issue 4 May 2005 293 293
- Solaris OS Computers 295
- Issue 4 May 2005 297 297
- Firewall rules template 298
- Issue 4 May 2005 299 299
- Issue 4 May 2005 301 301
- Issue 4 May 2005 303 303
- Issue 4 May 2005 305 305
- Issue 4 May 2005 307 307
- DMZ zone firewall templates 309
- Management zone security 311
- Glossary 313
- Certificate Authority 314
- Issuer Certificates 315
- Issue 4 May 2005 315 315
- Signing Certificates 317
- Issue 4 May 2005 317 317
- Numerical 319
Related products and manuals for Hardware Avaya 3.7
Hardware Avaya CA40 User Manual
(2 pages)
(2 pages)
© 2020, manymanuals.com. All rights reserved. | 0.548 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals