User's Manual
Table Of Contents
- 7368 ISAM ONT XS-240W-A XS-250WX-A Product Guide
- 1 Preface
- Table of contents
- List of figures
- List of tables
- 2 ETSI ONT safety guidelines
- 3 ETSI environmental and CRoHS guidelines
- 4 ANSI ONT safety guidelines
- 5 XS-240W-A and XS-250WX-A unit data sheet
- 5.1 XS-240W-A and XS-250WX-A part numbers and identification
- 5.2 XS-240W-A and XS-250WX-A general description
- 5.3 XS-240W-A and XS-250WX-A software and installation feature support
- 5.4 XS-240W-A and XS-250WX-A interfaces and interface capacity
- 5.5 XS-240W-A and XS-250WX-A LEDs
- 5.6 XS-240W-A and XS-250WX-A detailed specifications
- 5.7 XS-240W-A and XS-250WX-A GEM ports and T-CONTs
- 5.8 XS-240W-A and XS-250WX-A performance monitoring statistics
- 5.9 XS-240W-A and XS-250WX-A functional blocks
- 5.10 XS-240W-A and XS-250WX-A standards compliance
- 5.11 XS-240W-A and XS-250WX-A special considerations
- 6 Install an XS-240W-A or XS-250WX-A indoor ONT
- 7 Replace an XS-240W-A or XS-250WX-A indoor ONT
- 8 Configure an XS-240W-A or XS-250WX-A indoor ONT
- Customer document and product support
Configure an XS-240W-A or XS-250WX-A indoor
ONT
114
7368 ISAM ONT XS-240W-A XS-250WX-A Product
Guide
Edition 01 Issue: 01
•
DMZ and ALG
• access control
Note that parent control is not supported in Release 5.6.
Procedure 26 Firewall configuration
1 Select Security > Firewall from the top-level menu in the 10G PON Gateway window, as
shown in Figure 46.
Figure 46 Firewall window
Firewall security applies only to services provided by the ONT. Internet access from the LAN
side is not affected by this firewall.
Three security levels are available: Low, Medium, and High.
At the Low level, pre-routing is supported: port forwarding, DMZ, host application, and host
drop. Also supported are application services: DDNS, DHCP, DNS, H248, IGMP, NTP client,
SSH, Telnet, TFTP, TR-069, and VoIP.
At the Medium level, pre-routing is supported: port forwarding, DMZ, host application, and
host drop. Also supported are application services: DDNS, DHCP, DNS, H248, IGMP, NTP
client, TFTP, TR-069, and VoIP. The following types of ICMP messages are permitted: echo
request and reply, destination unreachable, and TTL exceeded. Other types of ICMP
messages are blocked. DNS proxy is supported from LAN to WAN but not from WAN to LAN.
At the High level, pre-routing and application services are not supported. UDP Port 8000 can
be used to access the services, for example FTP can use 8021 and Telnet can use 8023.
Regular UDP cannot be used. RG access is permitted via the LAN side but not via the WAN
side.
R05.06.00 | March 2017 | 3FE 46861 AAAA TCZZA | Edition 01