Specifications
Appendix B: Network IP Topology
Firewall Configuration
Page B-18 Mitel
®
5000 Installation Manual – Issue 3.0, October 2008
Firewall Configuration
In computer networks, a totally secure network is practically impossible. In general, the more
types of communications allowed from the Internet, the less secure the network. Therefore, a
network should be configured so as to allow only the minimum level of communication unless
other capabilities are required. An example is shown in the following illustration.
In some environments, it will be necessary to allow additional types of communications through
the firewall. As stated above, these communications should be allowed only when necessary.
Although strong passwords are always a good idea, this is especially important when
applications are opened to the Internet.
Private Networking
This is the protocol used to allow Mitel CS-5200/5400/5600 systems to communicate with each
other (or to communicate with an Inter-Tel Axxess system). To allow Private Networking to the
Internet, allow TCP port 5570.
Remote Administration
These are the protocols that provide the capability to perform certain administration activities
from outside the firewall. To enable remote administration including DB Programming over the
Internet, enable TCP port 4000. To further tighten security, this communication can be filtered by
source address
1
.
1. Source address filtering accepts communication from specific IP addresses. While source address
filtering provides some additional level of security, IP source addresses are easily spoofed. In addition,
source addresses are often DHCP-assigned making it impractical to know the source addresses in
advance.