Specifications

ManualsBrandsCyberGuard ManualsComputer equipmentSG530

121

122

123

124

125

126

127

128

129

130

Chapter 7 - Configuration File Download Configuration File Download Server

104

Mediatrix 4100

The key is encoded in hexadecimal notation. You can thus use characters in the range 0-9, A-F. All

other characters are not supported.

Each character encodes 4 bits of the key. For instance, a 32-bit key requires 8 characters.

• If you enter too many bits, the key is truncated to the first 448 bits.

• If you do not enter enough bits, the key is padded with zeros.

For instance, a 32-bit key could look like the following: A36CB299.

This key must match the key used for the encryption of the relevant configuration file.

If the variable is empty, the configuration file is not decrypted.

2. Set the configFilePrivacyEnable variable to enable.

The Mediatrix 4100 will be able to decrypt the next encrypted generic or specific configuration file.

If this variable is set to disable, the configuration file is not decrypted by the unit and the

configuration update fails.

Configuration Download via TFTP

The following steps explain how to download configuration files by using the TFTP protocol.

 To download configuration files via TFTP:

1. Set the configuration file server host and port as defined in “

Configuration File Server Settings” on

page 99.

2. Place the configuration files to download on the computer hosting the TFTP server.

These files must be in a directory under the TFTP root path.

Specific configFilePrivacySpecificSecret

Table 78: Decryption Variables (Continued)

Configuration File Variable

NAT Variations

NAT treatment of UDP varies among implementations. The four treatments are:

• Full Cone: All requests from the same internal IP address and port are mapped to the same

external IP address and port. Furthermore, any external host can send a packet to the internal

host by sending a packet to the mapped external address.

• Restricted Cone: All requests from the same internal IP address and port are mapped to the

same external IP address and port. Unlike a full cone NAT, an external host (with IP address

X) can send a packet to the internal host only if the internal host had previously sent a packet

to IP address X.

• Port Restricted Cone: Similar to a restricted cone NAT, but the restriction includes port

numbers. Specifically, an external host can send a packet, with source IP address X and

source port P, to the internal host only if the internal host had previously sent a packet to IP

address X and port P.

• Symmetric: All requests from the same internal IP address and port, to a specific destination

IP address and port, are mapped to the same external IP address and port. If the same host

sends a packet with the same source address and port, but to a different destination, a

different mapping is used. Furthermore, only the external host that receives a packet can send

a UDP packet back to the internal host.

For more details on NAT treatments, refer to RFC 3489.

Note: The configuration download via TFTP can only traverse NATs of types “Full Cone” or “Restricted

Cone”. If the NAT you are using is of type “Port Restricted Cone” or “Symmetric”, the file transfer will not

work.