User's Manual

ManualsBrandsAvaya ManualsGatewayAvaya B5800 Branch Gateway Manager

371

372

373

374

375

376

377

378

379

380

Avaya Branch Gateway Manager 10.0 Page 373

15-601011 Issue 29r (Friday, November 02, 2012)B5800 Branch Gateway

Configuration Settings: Firewall Profile

Example Custom Firewall Records

Example: Dropping NetBIOS searches on an ISPs DNS

We suggest that the following filter is always added to the firewall facing the Internet to avoid costly but otherwise

typically pointless requests from Windows machines making DNS searches on the DNS server at your ISP.

· Direction: Drop

· IP Protocol: 6 (TCP)

· Match Offset: 20

· Match Length: 4

· Match Data: 00890035

· Match Mask: FFFFFFFF

Example: Browsing Non-Standard Port Numbers

The radio button for HTTP permits ports 80 and 443 through the firewall. Some hosts use non-standard ports for HTTP

traffic, for example 8080, 8000, 8001, 8002, etc. You can add individual filters for these ports as you find them.

You wish to access a web page but you cannot because it uses TCP port 8000 instead of the more usual port 80, use the

entry below.

· Direction: Out

· IP Protocol: 6 (TCP)

· Match Offset: 22

· Match Length: 2

· Match Data: 1F40

· Match Mask: FFFF

A more general additional entry given below allows all TCP ports out.

· Direction: Out

· IP Protocol: 6 (TCP)

· Match Offset: 0

· Match Length: 0

· Match Data: 00000000000000000000000000000000

· Match Mask: 00000000000000000000000000000000

Example: Routing All Internet Traffic through a WinProxy

If you wish to put WinProxy in front of all Internet traffic via the Control Unit. The following firewall allows only the

WinProxy server to contact the Internet : -

1.Create a new Firewall profile and select Drop for all protocols

2.Under Custom create a new Firewall Entry

3.In Notes enter the name of the server allowed. Then use the default settings except in Local IP Address enter the

IP address of the WinProxy Server, in Local IP Mask enter 255.255.255.255 and in Direction select Both Directions.

Stopping PINGs

You wish to stop pings - this is ICMP Filtering. Using the data below can create a firewall filter that performs the

following; Trap Pings; Trap Ping Replies; Trap Both.

· Trap Pings: Protocol = 1, offset = 20, data = 08, mask = FF

· Trap Ping Replies: Protocol = 1, offset = 20, data = 00, mask = FF

· Trap Both: Protocol = 1, offset = 20, data = 00, mask = F7, Traps Both.