Installation guide
QuadroM32x/8L/26x/12Li/26xi Manual II: Administrator's Guide Administrator’s Menus
QuadroM32x/8L/26x/12Li/26xi; (SW Version 5.3.x)
156
The Incoming Traffic/Port Forwarding filter is for incoming
traffic. The rules here allow or deny systems on the Internet to
reach the services of Quadro’s LAN. The NAT service should be
enabled on the Quadro to provide the possibility of Port
Forwarding in the Incoming Traffic/Port Forwarding filtering
rules. The Port Forwarding
function will be unavailable if NAT is
disabled on the Quadro.
The Outgoing Traffic filter is for outgoing traffic. The rules here
allow or deny Quadro’s LAN users to reach external services.
Management Access is used to enable management access to
the Quadro from the Internet. A host on the Internet can be
allowed to reach the Quadro.
Call Control Access is used to enable the access from the call
controlling application from the Internet to the Quadro. The call
controlling applications can be used to remotely initiate and
handle calls on the Quadro and to subscribe for certain event
notifications from the Quadro.
Fig. II-266: Filtering Rules page
SIP Access is to allow or deny the SIP access to or from the particular SIP servers, SIP hosts or a group of them. The SIP Access filtering rule may
prevent or allow incoming or outgoing SIP calls to or from specified SIP server(s) or host(s).
When Blocked IP List is used, traffic from specific hosts may be blocked, no matter what services are opened in the other filters. NO traffic will be
allowed to the specified hosts. The Blocked IP List service has a higher priority if the same host is also listed in the Allowed IP List table.
Allowed IP List allows trusted hosts to reach your network and vice versa. It is an exception to other rules and only all services may be allowed for a
single host.
Restricted IPSec - Generally hosts in a VPN are allowed to have access to any service, i.e., no traffic will be blocked. They are treated as if they
were part of the Quadro LAN. However, this service can be manually denied here.
The Filtering Rules page provides several links. Each link opens its specific parameters on the same page. Only Change Policy (see chapter
Firewall and NAT), Manage user Defined Services (see chapter Service Pool) and Manage IP Pool Groups (see chapter IP Pool) lead to separate
pages. The Filtering Rules page also includes the currently selected firewall security (Policy) level and its description.
The table displayed on the bottom of this page shows the filters selected above, specified by their State (enabled or disabled), the selected Service,
the set Action (allowed or blocked), the IP addresses the filters apply to (if Restricted) and the destination of port forwarding (Redirect to, in case of
Incoming Traffic/Port Forwarding). With the exception of View All, the table offers the following functional buttons:
• Enable is used to enable the rule. If no records are selected the error message “No record(s) selected” will appear.
• Disable is used to disable the rule. If no records are selected the error message “No record(s) selected” will appear.
• Add opens a filter specific page where new rules may be defined by a Service, an Action, a Restriction to certain IP address(es) or IP groups,
and if adding a rule for Incoming Traffic/Port Forwarding, the destination IP address for Forwarding.
The page to add a rule for Incoming Traffic/Port Forwarding offers the following input options:
Service includes a list of possible services to be configured. All user-defined services also will be displayed in this list.
Action includes possible actions to setup the rule.
Forward to IP requires the destination IP address where traffic should be transferred to if it comes from the restricted host. The IP address defined
in this field will be ignored for blocked action of the Incoming Traffic/Port Forwarding rule.
Please Note: It is not allowed to forward incoming packets when the NAT service is disabled on the Quadro.