Support User Manuals

Avaya 3.7 Network Router User Manual

Open as PDF

of 326

Establishing security

188 Avaya VPNmanager Configuration Guide Release 3.7

Traffic Type - The fields and drop-down lists in this section change according to the IP Protocol

type selected. Depending on the traffic type selected (user-defined TCP and user-defined

UDP), Source and Destination fields appear to collect additional parameters.

If the Traffic Type selected is user-defined IP, a Protocol ID field appears.

A comprehensive suite of UDP, TCP, and ICMP filter options are provided.

Keep State - Appears when user-defined TCP or user-defined UDP traffic type is selected. This

function allows a filter rule set for the intended traffic to also be applied to the reply packets.

This function can be applied to both TCP and UDP packets.

Keep State sets up a state table, with each entry set up by the sending side. Reply packets

pass through a matching filter based on the respective state table entry.

Note:

Note: Although UDP is connectionless, if a packet is first sent out from a given port, a

reply is expected in the reverse direction on the same port. Keep State

essentially “remembers” the port and lets the replying packet enter in the same

port.

Source Port - Appears when User-defined TCP or User-defined UDP selections are made.

Select the Range (Any or User-defined), then enter the from: and to: values. The port range is

inclusive. If you want to choose a single port, simply specify the same port as both start and end

port.

You can also choose an operator on the port range ( = means in the port range and != means

out of the port range).

Destination Port - Appears when User-defined TCP or User-defined UDP selections are

made. Select the Range (Any or User-defined), then enter the from: and to: values. The port

range is inclusive. If you want to choose a single port, simply specify the same port as both start

and end port.

You can also choose an operator on the port range ( = means in the port range and != means

out of the port range).

Comparator - Permits logical include (=) or exclude (!=) operation on the range entered. For

example, if you want to block ports 1024 through 1250, you would enter (Action = Deny) from:

1024 to 1250 and select = as the comparator value.

From/Where

● Type. Choices are Network/Mask Pair or Any.

● IP Network Mask Pair. Identify the source IP address to which the filter rule applies.

previous next