Manualshelf

User guide

ManualsBrandsAllworx ManualsComputer equipment6x
41424344454647484950
System Administrator’s Guide Release 7.5
______________________________________________________________________________________________
Toll Free 1-866-ALLWORX • 585-421-3850 • www.allworx.com
Revised: April 9, 2013
Page 36
5.7 Network Mode: NAT/Firewall with Stealth DMZ
This mode is the same as NAT/Firewall with DMZ except that all ICMP services (echo,
redirect, etc) are turned off. This makes it more difficult for attacks from the WAN to
probe the server. It also makes it more difficult for the administrator to troubleshoot any
network connectivity problems (since ping and traceroute won’t work).
Example 1: Secure Firewall
Requirements Use the Allworx server as the router between a LAN and the Internet.
Protecting the LAN from the Internet is a requirement. Use the server
as the local email server with email being sent to it from the WAN and
LAN. The server will be the LAN timeserver. All other WAN services
will be denied.
Configuration Set the Network Mode to NAT/Firewall with Stealth DMZ. Setting it to
stealth mode will reduce the ability of Internet attacks to recognize the
existence of the Allworx server and its offered services.
Go to Network > Configuration > Modify and edit in the Firewall section
of the page, change the Allworx Services (ports) exposed through
DMZ so that only SMTP, DNS, and SNTP are checked. SMTP is
required to receive email from the Internet for local users. DNS is
required so the email server can resolve outbound mail addresses.
SNTP is required to get accurate time from an Internet time server
(configured on the Maintenance > Time page).
Example 2: Secure Firewall with 3rd-Party Email Server
Requirements The requirements are identical to Example 1 except that instead of
using the Allworx server as the email server, another host (at
192.168.101.12) on the LAN will be used as the email server.
Configuration The configuration is identical to the previous example except for the
following changes:
Uncheck the SMTP service from the list of exposed Allworx services.
Go to Network > Configuration > Modify and edit in the Firewall section
of the page, add an entry to LAN Addresses exposed through firewall
where:
WAN Port # is 25.
Protocol is TCP.
IP Address is set to the LAN email server, 192.168.101.12
Local Port # is 25.