User manual

4300T User Manual Edgewater Networks, Inc.

Version 1.7 34

Firewall Configuration

The 4300T uses a Stateful Packet

Inspection (SPI) firewall to protect data

devices installed behind the LAN

interface. Voice devices are protected by

the 4300T Application Layer Gateway

(ALG) as described in VoIP

Configuration.

The firewall is enabled by default. The

default behavior of the firewall is to:

 deny all traffic originating from

the WAN

 allow all traffic originating from

the LAN

 allow only return traffic for

connections that originated from

the LAN

 deny all traffic originating from

the WAN to the 4300T itself

 allow all traffic originating from

the LAN to the 4300T

The default behavior can be modified using the basic and advanced settings fields on

the firewall configuration page. We recommend that you use the 4300T firewall,

however it can be disabled if the 4300T is installed behind an existing legacy firewall.

Enable or disable the firewall

A. Select Firewall.

B. Use the Enable Firewall checkbox to either enable or disable the firewall.

C. Select Submit.

Configure Basic settings

To allow or deny HTTP, Telnet and SSH traffic originating from the WAN to the 4300T

simply use the checkboxes provided in the basic settings area of the firewall

configuration page. By default, access from the WAN into the 4300T is disabled.

WARNING: Denying HTTP, Telnet or SSH traffic from the WAN

may result in losing management connectivity to the 4300T if you

are configuring the system remotely using the WAN link.

A. Select Firewall.

B. Use the three Allow access from WAN side checkboxes to enable or disable

HTTP, Telnet, and/or SSH access from IP devices on the WAN side of the

4300T.