System information
System Administration Guide
Note: The checkboxes are for specific Allworx
services. They are convenience shortcuts to filling in the
form above them.
5.5 Network Mode: NAT/Firewall with Stealth DMZ
This mode is the same as NAT/Firewall with DMZ except that all ICMP services (echo, redirect, etc) are
turned off. This makes it more difficult for attacks from the WAN to probe the server. It also makes it more
difficult for the administrator to troubleshoot any network connectivity problems (since ping and traceroute
won’t work).
5.6 Example 1: Secure Firewall
Requirements:
The Allworx
server will be used as the router between a LAN and the Internet. Protecting the LAN from the
Internet is a requirement. The server will be used as the local email server with email being sent to it from
the WAN and LAN. The server will be the LAN timeserver. All other WAN services will be denied.
Configuration:
1. Set the Network Mode to NAT/Firewall with Stealth DMZ. Setting it to stealth mode will reduce the
ability of Internet attacks to recognize the existence of the Allworx
server and its offered services.
2. In the Firewall section of the Network / Configuration / Modify page, change the Allworx
Services (ports)
exposed through DMZ so that only SMTP, DNS, and SNTP are checked. SMTP is required to receive
300 Main Street • East Rochester, NY 14445 • Toll Free 1-866-ALLWORX • 585-421-3850 • www.allworx.com
© 2007 InSciTek Microsystems, Inc. All rights reserved. Allworx is a registered trademark of InSciTek Microsystems.
Revised: March 28, 2007
Page 14