User Manual V
2
IU 4350 Converged Network Appliance
3 - 66
The 4350 uses a Stateful Packet Inspection (SPI) firewall to protect data devices
installed behind the LAN interface. Voice devices are protected by the 4350
Application Layer Gateway (ALG) as described in VoIP Configuration.
The firewall is enabled by default. The default behavior of the firewall is to:
• deny all traffic originating from the WAN
• allow all traffic originating from the LAN
• allow only return traffic for connections that originated from the LAN
• deny all traffic originating from the WAN to the 4350 itself
• allow all traffic originating from the LAN to the 4350
The default behavior can be modified using the basic and advanced settings
fields on the firewall configuration page. We recommend that you use the 4350
firewall, however it can be disabled if the 4350 is installed behind an existing
legacy firewall.
Enable or disable the firewall
1. Select Firewall.
2. Use the Enable Firewall checkbox to either enable or disable the firewall.
3. Select Submit.
Configure Basic settings
To allow or deny HTTP, Telnet and SSH traffic originating from the WAN to
the 4350 simply use the checkboxes provided in the basic settings area of the
firewall configuration page. By default, access from the WAN into the 4350 is
disabled.
1. Select Firewall.
2. Use the three Allow access from WAN side checkboxes to enable or
disable HTTP, Telnet, and/or SSH access from IP devices on the WAN
side of the 4350.
3. Select Submit.
Configure Advanced Settings
A comprehensive security policy can be created using the advanced settings of
the 4350 firewall. The policy actions that can be taken on any packet processed
by the 4350 are summarized in the following table:
Warning
Denying HTTP, Telnet or SSH traffic from the WAN may result in losing
management connectivity to the 4350 if you are configuring the system remotely
using the WAN link.