Installation guide

ManualsBrandsEpygi ManualsBusiness equipmentQuadroCS SW-Version

QuadroCS Manual II: Administrator's Guide Administrator's Menus

QuadroCS (SW Version 3.1.x) 43

Filtering Rules

The Filtering Rules page allows the configuration of filters for the incoming and outgoing traffic.

To prevent misconfiguration, only one rule per service is allowed. The user may use IP groups to include several IP addresses for this rule. As the

filtering rules specify the operation mode of the firewall, they only take effect if the firewall has been enabled (additionally NAT should be enabled to

use the Port Forwarding function in the Incoming Traffic / Port Forwarding filtering rules). The filtering rules are independent from the security

level, so they will work if enabled, no matter what security level has been selected.

Please Note: Applying firewall rules will just prevent the establishment of new connections that violate the rules. Applying rules does not kill existing

connections that violate the rule.

View All displays all configured filters specified by their State

(enabled or disabled), the selected Service, the set Action

(allowed or blocked), the IP addresses the filters apply to (if

Restricted) and the destination of port forwarding (Redirect to,

in case of Incoming Traffic/Port Forwarding). As it is read-only,

no modifications are allowed and no functional buttons are

available.

The Incoming Traffic/Port Forwarding filter is for incoming

traffic. The rules here allow or deny systems on the Internet to

reach the services of Quadro’s LAN. NAT service should be

enabled on the Quadro to provide the possibility of Port

Forwarding in the Incoming Traffic/Port Forwarding filtering

rules. The Port Forwarding function will be unavailable if NAT is

disabled on the Quadro.

The Outgoing Traffic filter is for outgoing traffic. The rules here

allow or deny Quadro’s LAN users to reach external services.

Management Access is used to enable management access to

the Quadro from the Internet. A host on the Internet can be

allowed to reach the Quadro.

Fig. II-72: Filtering Rules page

SIP Access is to allow or deny the SIP access to or from the particular SIP servers, SIP hosts or a group of them. The SIP Access filtering rule may

prevent or allow incoming or outgoing SIP calls to or from specified SIP server(s) or host(s).

When Blocked IP List is used, traffic from specific hosts may be blocked, no matter what services are opened in the other filters. NO traffic will be

allowed to the specified hosts. The Blocked IP List service has a higher priority if the same host is also listed in the Allowed IP List table.

Allowed IP List allows trusted hosts to reach your network and vice versa. It is an exception to other rules and only all services may be allowed for

a single host.

The Filtering Rules page provides several links. Each link opens its specific parameters on the same page. Only Change Policy (see chapter

Firewall and NAT

), Manage user Defined Services (see chapter Service Pool) and Manage IP Pool Groups (see chapter IP Pool) are leading to

separate pages. The Filtering Rules page also includes the currently selected firewall security (Policy) level and its description.

The table displayed on the bottom of the page shows the filters selected above, specified by their State (enabled or disabled), the selected Service,

the set Action (allowed or blocked), the IP addresses the filters apply to (if Restricted) and the destination of port forwarding (Redirect to, in case

of Incoming Traffic/Port Forwarding). With the exception of View All, the table offers the following functional buttons:

• Enable is used to enable the rule. If no records are selected the “No record(s) selected” error occurs.

• Disable is used to disable the rule. If no records are selected the “No record(s) selected” error occurs.

• Add opens a filter specific page where new rules may be defined by a Service, an Action, a Restriction to certain IP address(es) or IP

groups, and if adding a rule for Incoming Traffic/Port Forwarding, the destination IP address for Forwarding:

For example, the page to add a rule for Incoming Traffic/Port

Forwarding offers the following input options:

Service includes a list of possible services to be configured. All

user defined services also will be displayed in this list.

Action includes possible actions to setup the rule.

Forward to IP requires the destination IP address where traffic

should be transferred to, if it comes from the restricted host. The

IP address defined in this field will be ignored for blocked action

of the Incoming Traffic/Port Forwarding rule.

Note: It is not allowed to forward incoming packets when NAT

service is disabled on the Quadro.

Port Translation text field is available for “Allowed” action only

and optionally requires the port number that will stand instead of

original port number when incoming packet is being forwarded.

If this field is left empty, original port number will be used upon

forwarding the packet.

Fig. II-73: Filtering Rules - Page to add a rule for Incoming Traffic