User guide
Creating RG Profiles with Field Descriptions RG Internet Profile
AlliedView NMS Administration Guide (Provisioning the iMG/RG)
7-36
Note: The administrator should also add route(s) that include the entire scope of management subnets that will
require “direct” access to RGs. (The AlliedView NMS will always have direct access but TAC/NOC Staff
with their PCs/workstations may not unless specifically included in a route.
Note: For Media Room, the routes table in General profile allows up to 10 different routes in the iMG because
media room devices connected to the iMG may request services configured in separate subnets on the
upstream network. Refer to
7.6.10.1.
7.4.3 RG Internet Profile
7.4.3.1 Overview
Although this subsection describes all of the fields for the RG Internet Profile, a specific feature, Security, is highlighted since
this feature involves four tabs so that attributes for the three main areas for Security (Security, Firewall, and NAT) can be data-
filled in separate forms.
The security system provides a single point where all traffic entering and leaving the private network can be controlled.
The system has these main parts:
• Security - This provides the following:
• Enable/disable all areas of the Security System (NAT and Firewall)
• Add IP interfaces to Security that are used to configure the NAT and Firewall.
• Configure Triggers - Triggers are user to inform the security mechanism to expect secondary sessions and handle the
situation dynamically, allowing the secondary sessions for data flow for the duration of the session. The user configures
the iMG/RG with a range of primary port number(s).The Primary port number refers to the TCP/UDP port number to
which the primary (starting) session of the application is established. During session set up, if there is a local host that
was expecting the incoming session, then the session is established. If a local host is not found, then the packet is dis-
carded. This mechanism enables the iMG/RG to allow in only those incoming secondary sessions that should be
allowed in, and can reject malicious attempts to establish incoming sessions.
• Timeout - When a session using a secondary port is being closed, an exchange of FIN, FIN/ACK packets stops passing
packets for that session. For cases where this does not occur (UDP, or one end is simply turned off), the user can config-
ure a period of inactivity before the session is closed and the iMG/RG will no longer forward packets for the session.
• Session Chaining - Some applications spawn their own secondary sessions. This process is known as session chaining.
When secondary sessions are successfully established, the source/destination addresses of the session will also be added
to the table of currently open primary sessions.
• Firewall - The Firewall feature ensures that only traffic that has been already defined is allowed to access the internal net-
work. This is done by provisioning the following:
• Port Filters - These are port attributes that define:
- What protocol type is allowed (specified using the protocol number or the protocol name)
- The range of source and destination port numbers allowed
- The direction that packets are allowed to travel in (inbound, outbound, neither, or both)
• Validators - how the Firewall handles packets based on the source/destination IP address.
• Intrusion Detection System (IDS) - This protects the system from the following kinds of attacks:
Create Activated when a Profile Name has been typed, it creates the profile with the entered
values.
Cancel Closes the window
TABLE 7-8 Create RG General Port Profile Form - IP Routes Tab
Attribute Value