User`s guide
System Administrator’s Guide – Release 7.2.3.x
300 Main Street • East Rochester, NY 14445 • Toll Free 1-866-ALLWORX • 585-421-3850 • www.allworx.com
© 2010 Allworx Corp. All rights reserved. Allworx, a wholly owned subsidiary of PAETEC Holding. All other names may be trademarks or registered
trademarks of their respective owners.
Revised: September 1, 2010
Page 17
Note: The checkboxes are for specific Allworx
services that can also be configured in the LAN address list.
They are provided as a convenience as compared to filling in the list.
5.5 Network Mode: NAT/Firewall with Stealth DMZ
This mode is the same as NAT/Firewall with DMZ except that all ICMP services (echo, redirect, etc) are
turned off. This makes it more difficult for attacks from the WAN to probe the server. It also makes it more
difficult for the administrator to troubleshoot any network connectivity problems (since ping and traceroute
won’t work).
5.6 Example 1: Secure Firewall
Requirements
The Allworx
server will be used as the router between a LAN and the Internet. Protecting the LAN from the
Internet is a requirement. The server will be used as the local email server with email being sent to it from the
WAN and LAN. The server will be the LAN timeserver. All other WAN services will be denied.
Configuration:
1. Set the Network Mode to NAT/Firewall with Stealth DMZ. Setting it to stealth mode will reduce the ability
of Internet attacks to recognize the existence of the Allworx
server and its offered services.