User guide

ManualsBrandsAllied Telesis ManualsComputer equipmentAT-8525

691

692

693

694

695

696

697

698

699

700

Provisioning the iMG/RG Creating RG Profiles with Field Descriptions

681

AlliedView NMS Administration Guide

Note: The administrator should also add route(s) that include the entire scope of management subnets that will require “direct”

access to RGs. (The AlliedView NMS will always have direct access but TAC/NOC Staff with their PCs/workstations may not

unless specifically included in a route.

Note: For Media Room, the routes table in General profile allows up to 10 different routes in the iMG because media room devices

connected to the iMG may request services configured in separate subnets on the upstream network. Refer to

7.6.10.1.

7.4.3 RG Internet Profile

7.4.3.1 Overview

Although this subsection describes all of the fields for the RG Internet Profile, a specific feature, Security, is highlighted since

this feature involves four tabs so that attributes for the three main areas for Security (Security, Firewall, and NAT) can be

datafilled in separate forms.

The security system provides a single point where all traffic entering and leaving the private network can be controlled.

The system has these main parts:

• Security - This provides the following:

• Enable/disable all areas of the Security System (NAT and Firewall)

• Add IP interfaces to Security that are used to configure the NAT and Firewall.

• Configure Triggers - Triggers are user to inform the security mechanism to expect secondary sessions and handle the

situation dynamically, allowing the secondary sessions for data flow for the duration of the session. The user configures

the iMG/RG with a range of primary port number(s).The Primary port number refers to the TCP/UDP port number to

which the primary (starting) session of the application is established. During session set up, if there is a local host that was

expecting the incoming session, then the session is established. If a local host is not found, then the packet is discarded.

This mechanism enables the iMG/RG to allow in only those incoming secondary sessions that should be allowed in, and

can reject malicious attempts to establish incoming sessions.

• Timeout - When a session using a secondary port is being closed, an exchange of FIN, FIN/ACK packets stops passing

packets for that session. For cases where this does not occur (UDP, or one end is simply turned off), the user can

configure a period of inactivity before the session is closed and the iMG/RG will no longer forward packets for the

session.

TABLE 7-9 Create RG General Port Profile Form - IP Routes Tab

Attribute Value

IP Route IP Routes that are available for the RG

The user should always create a route to the “back office” management subnets.

(The AlliedView has one as well that is unavailable to the user.)

Enabled Activates the other IP Route Fields

Subnet Subnet address

Mask Mask over the subnet address, usually 255.255.255.0

Gateway IP address for the Gateway server

Copy value from Profile To create a new profile, the user can select an existing profile, which will fill in the

values from that existing profile. The user can then modify any fields.

Create Activated when a Profile Name has been typed, it creates the profile with the entered

values.

Cancel Closes the window