![background image](http://html1.mh-extra.com/html/quadro/quadro4li/quadro4li_administrators-manual_3385935102.webp)
Quadro4Li Manual II: Administrator's Guide
Administrator’s Menus
Quadro4Li; (SW Version 5.2.x)
101
notifications from the Quadro.
Fig. II-176: Filtering Rules page
SIP Access
is to allow or deny the SIP access to or from the particular SIP servers, SIP hosts or a group of them. The
SIP Access
filtering rule may
prevent or allow incoming or outgoing SIP calls to or from specified SIP server(s) or host(s).
When
Blocked IP List
is used, traffic from specific hosts may be blocked, no matter what services are opened in the other filters. NO traffic will be
allowed to the specified hosts. The
Blocked IP List
service has a higher priority if the same host is also listed in the
Allowed IP List
table.
Allowed IP List
allows trusted hosts to reach your network and vice versa. It is an exception to other rules and only all services may be allowed for a
single host.
Restricted IPSec
- Generally hosts in a VPN are allowed to have access to any service, i.e., no traffic will be blocked. They are treated as if they
were part of the Quadro LAN. However, this service can be manually denied here.
The
Filtering Rules
page provides several links. Each link opens its specific parameters on the same page. Only
Change Policy
(see chapter
),
Manage user Defined Services
) and
Manage IP Pool Groups
(see chapter
) lead to separate
pages.
The
Filtering Rules
page also includes the currently selected firewall security (
Policy
) level and its description.
The table displayed on the bottom of this page shows the filters selected above, specified by their
State
(enabled or disabled), the selected
Service
,
the set
Action
(allowed or blocked), the IP addresses the filters apply to (if
Restricted
) and the destination of port forwarding (
Redirect to
, in case of
Incoming Traffic/Port Forwarding
). With the exception of View All, the table offers the following functional buttons:
Enable
is used to enable the rule. If no records are selected the error message “No record(s) selected” will appear.
Disable
is used to disable the rule. If no records are selected the error message “No record(s) selected” will appear.
Add
opens a filter specific page where new rules may be defined by a
Service
, an
Action,
a
Restriction
to certain IP address(es) or IP groups, and
if adding a rule for
Incoming Traffic/Port Forwarding
, the destination IP address for
Forwarding
.
The page to add a rule for
Incoming Traffic/Port Forwarding
offers the following input options:
Service
includes a list of possible services to be configured. All user-defined services also will be displayed in this list.
Action
includes possible actions to setup the rule.
Forward to IP
requires the destination IP address where traffic should be transferred to if it comes from the restricted host. The IP address defined
in this field will be ignored for blocked action of the
Incoming Traffic/Port Forwarding
rule.
Note:
It is not allowed to forward incoming packets when the NAT service is disabled on the Quadro.
Port Translation
text field is available for “Allowed” action only
and optionally requires the port number that will stand instead of
the original port number when incoming packet is being
forwarded. If this field is left empty, the original port number will be
used when forwarding the packet.
Restriction
radio buttons:
•
Selecting
Any
blocks or allows all host IP addresses. This
selection is not present for the
Management Access
,
Blocked
and
Allowed IP List
rules.
•
Selecting
Single IP
will require the IP address of the allowed
or blocked host.
•
Selecting
IP/Mask
will require the subnet to be allowed or
blocked, specified by an IP address and the Maskbits. The
following are
Maskbit
examples:
255.0.0.0= /8,
255.255.0.0 = /16,
255.255.255.0 = /24,
255.255.255.255= /32
•
Single URL
requires the hostname of the allowed or blocked
host.
•
Group
indicates the user-defined groups that include IP
addresses that should to be allowed or blocked.
The
Description
field is used to insert an optional description of
the filtering rule.
Fig. II-177: Filtering Rules - Page to add a rule for Incoming Traffic