User manual

4200 User Manual Edgewater Networks, Inc.

Version 2.2 27

Firewall Configuration

The 4200 uses a Stateful Packet Inspection

(SPI) firewall to protect data devices installed

behind the LAN interface. The 4200 ALG as

described in the “Configure the VoIP ALG”

section of this manual protects voice devices.

The firewall is enabled by default. The default

behavior of the firewall is to:

 deny all traffic originating from the WAN

 allow all traffic originating from the LAN

 allow only return traffic for connections that originated from the LAN

 deny all traffic originating from the WAN to the 4200 itself except for http

and SSH connections

 allow all traffic originating from the LAN to the 4200

The default behavior can be modified using the basic and advanced settings fields on

the firewall configuration page. We recommend that you use the 4200 firewall

however it can be disabled if the 4200 is installed behind an existing legacy firewall.

Enable or disable the firewall

A. Select Firewall.

B. Use the Enable Firewall checkbox to either enable or disable the firewall.

C. Select Submit.

Configure Basic settings

To allow or deny http and SSH traffic originating from the WAN to the 4200 simply

use the checkboxes provided in the basic settings area of the firewall configuration

page.

WARNING: Denying http or SSH traffic from the WAN may result

in losing management connectivity to the 4200 if you are

configuring the system remotely using the WAN link.

A. Select Firewall.

B. Use the Allow HTTP access from WAN side and Allow SSH access from

the WAN side checkboxes to either enable or disable the http or ssh access.

C. Select Submit.