User's Manual

ManualsBrandsAvaya ManualsGatewayAvaya B5800 Branch Gateway Manager

371

372

373

374

375

376

377

378

379

380

Avaya Branch Gateway Manager 10.0 Page 372

15-601011 Issue 29r (Friday, November 02, 2012)B5800 Branch Gateway

5.16.2 Custom

The tab lists custom firewall settings added to the firewall profile. The Add, Edit and Remove controls can be used to

amend the settings in the list.

Usability

· Mergeable: These settings are mergeable. Changes to these settings do not require a reboot of the system.

Configuration Settings

· Notes

For information only. Enter text to remind you of the purpose of the custom firewall record.

· Remote IP Address

The IP address of the system at the far end of the link. Blank allows all IP addresses.

· Remote IP Mask

The mask to use when checking the Remote IP Address. When left blank no mask is set, equivalent to

255.255.255.255 - allow all.

· Local IP Address

The address of devices local to this network (pre-translated). Blank allows all IP addresses.

· Local IP Mask

The mask to use when checking the Local IP Address. When left blank no mask is set, equivalent to 255.255.255.255 -

allow all.

· IP Protocol

The value entered here corresponds to the IP Protocol which is to be processed by this Firewall profile: 1 for ICMP, 6

for TCP, 17 for UDP or 47 for GRE. This information can be obtained from the "pcol" parameter in a Monitor trace.

· Match Offset

The offset into the packet (0 = first byte of IP packet) where checking commences for either a specific port number, a

range of port numbers, or data.

· Match Length

The number of bytes to check in the packet, from the Match Offset point, that are checked against the Match Data and

Match Mask settings.

· Match Data

The values the data must equal once masked with the Match Mask. This information can be obtained from "TCP Dst"

parameter in a Monitor trace (the firewall uses hex so a port number of 80 is 50 in hex)

· Match Mask

This is the byte pattern, which is logically ANDed with the data in the packet from the offset point. The result of this

process is then compared against the contents of the "Match Data" field.

· Direction

The direction that data may take if matching this filter.

Drop

All matching traffic is dropped.

Incoming traffic can start a session.

Out

Outgoing traffic can start a session.

Both Directions

Both incoming and outgoing traffic can start sessions.