Manualshelf

User guide

ManualsBrandsAllworx ManualsComputer equipment6x
31323334353637383940
System Administrator’s Guide Release 7.5
_______________________________________________________________________________________________________________
Toll Free 1-866-ALLWORX • 585-421-3850 • www.allworx.com
Revised: April 9, 2013
Page 27
5 Network Configuration
5.1 General Network Configuration Requirements
If connecting remote phones or remote Px Expanders to the system, observe the following very
important security requirements:
5.1.1 Server
The Allworx Server Administrator can directly connect the Allworx server to the Internet via its
WAN port. However, the WAN cannot be in Use PPPoE mode.
Install the server behind a firewall or connect it to the public internet using the WAN port. DO
NOT connect the Allworx LAN port directly onto the public Internet.
Disable Allworx WAN services (ports) not in use.
Change voicemail ports (SMTP and IMAP) to non-standard port numbers.
Change all server admin, phone admin, and user passwords from the default values.
Update every server to the most recent patch level of either the 7.3 or 7.4 software release to
ensure that the server has the most recent security changes.
Use strong passwords for server and phone administration pages. DO NOT use simple
passwords such as “1234” or “Allworx”.
Verify that there is no exposure of the Admin Page (Port 8080) to the Public network. DO NOT
port forward directly to the LAN port of an Allworx server from the customer’s router. For remote
maintenance, use the Allworx VPN. Navigate to Home > Network > VPN > modify to configure
the VPN settings.
When configuring WAN interface to connect to the public internet:
Enable the server in NAT Firewall mode, preferably with Stealth DMZ. In stealth mode, the WAN
interface does not respond to “pings” from other devices.
Note: Allworx cannot guarantee proper operation of 3rd-party networking products. However, Allworx
expects this to work with typical firewalls and tests against several brands. Some NAT/Firewall
configuration may be required. Refer to Allworx Server behind a 3rd-Party NAT Firewall on page 33
for more information.
The Allworx server provides powerful and flexible network infrastructure capability by setting the
Network Mode parameter on the Network > Configuration page. This page shows the different
parameter sets depending on the Network Mode setting. If the Network Mode is set to the factory
default value of NAT/Firewall with DMZ, the page will be similar to the one shown below.