QX1000 Manual II: Administrator's Guide
Administrator’s Menus
QX1000; (SW Version 5.3.x)
130
Advanced Firewall Settings
Advanced Firewall Settings
are used to deny Ping operation
addressed towards the device. With this feature enabled,
QX1000 will answer with inscrutable messages to the Ping
operation.
Please Note:
Operation is available only when the firewall is
enabled from the
page.
This page offers the following components:
The
Ping Stealth
checkbox selection prohibits a Ping operation
toward QX1000 from its WAN.
Attention:
Any changes applied in this page force a restart of
the firewall, which might take a few seconds.
Fig. II-218: Advanced Firewall Settings page
Filtering Rules
The
Filtering Rules
page allows you to configure the filters for incoming and outgoing traffic.
To prevent inaccurate configuration, only one rule per service is allowed. The user may use IP groups to include several IP addresses for this rule.
Since the filtering rules specify the operation mode of the firewall, they only take effect if the firewall has been enabled. The filtering rules are
independent from the security level, so they will work if enabled, no matter what security level has been selected.
Please Note:
Applying firewall rules will prevent the establishment of new connections that violate the rules. Applying rules does not kill existing
connections that violate the rule.
Attention:
The newly created blocking filtering rules will take effect immediately if there is no any active connection matching to that rule. Otherwise,
if there is an active connection matching to the created blocking rule, please restart the QX1000 to make the newly created blocking rule effective
immediately. However, if you are unable to restart the QX1000, you may need to stop an existing active connection to make the newly created
blocking rule effective. Please note, that in this case the blocking rule will take effect only in 3 minutes.
View All
displays all configured filters specified by their
State
(enabled or disabled), the selected
Service
, the set
Action
(allowed or blocked), the
IP addresses the filters apply to (if
Restricted
). Since it is read-only, no modifications are allowed and no functional buttons are available.
Management Access
is used to enable management access to
the QX1000 from the Internet. A host on the Internet can be
allowed to reach the QX1000.
Call Control Access
is used to enable the access from the call
controlling application from the Internet to the QX1000. The call
controlling applications can be used to remotely initiate and
handle calls on the QX1000 and to subscribe for certain event
notifications from the QX1000.
SIP Access
is to allow or deny the SIP access to or from the
particular SIP servers, SIP hosts or a group of them. The
SIP
Access
filtering rule may prevent or allow incoming or outgoing
SIP calls to or from specified SIP server(s) or host(s).
When
Blocked IP List
is used, traffic from specific hosts may be
blocked, no matter what services are opened in the other filters.
NO traffic will be allowed to the specified hosts. The
Blocked IP
List
service has a higher priority if the same host is also listed in
the
Allowed IP List
table.
Allowed IP List
allows trusted hosts to reach your network and
vice versa. It is an exception to other rules and only all services
may be allowed for a single host.
Fig. II-219: Filtering Rules page
The
Filtering Rules
page provides several links. Each link opens its specific parameters on the same page. Only
Change Policy
(see chapter), and
Manage IP Pool Groups
) lead to separate pages.
The
Filtering Rules
page also includes the currently selected firewall
security (
Policy
) level and its description.
The table displayed on the bottom of this page shows the filters selected above, specified by their
State
(enabled or disabled), the selected
Service
,
the set
Action
(allowed or blocked), the IP addresses the filters apply to (if
Restricted
). With the exception of View All, the table offers the following
functional buttons:
•
Enable
is used to enable the rule. If no records are selected the error message “No record(s) selected” will appear.
•
Disable
is used to disable the rule. If no records are selected the error message “No record(s) selected” will appear.
•
Add
opens a filter specific page where new rules may be defined by a
Service
, an
Action
to certain IP address(es) or IP groups.
The page to add a rule for
SIP Access
offers the following input options:
Service
includes a list of possible services to be configured.
Action
includes possible actions to setup the rule.