Polycom 4300T Network Router User Manual


 
User Guide V
2
IU 4300T Converged Network Appliance
3 - 36
The 4300T uses a Stateful Packet Inspection (SPI) firewall to protect data
devices installed behind the LAN interface. Voice devices are protected by the
4300T Application Layer Gateway (ALG) as described in VoIP Configuration.
The firewall is enabled by default. The default behavior of the firewall is to:
deny all traffic originating from the WAN
allow all traffic originating from the LAN
allow only return traffic for connections that originated from the LAN
deny all traffic originating from the WAN to the 4300T itself
allow all traffic originating from the LAN to the 4300T
The default behavior can be modified using the basic and advanced settings
fields on the firewall configuration page. We recommend that you use the
4300T firewall, however it can be disabled if the 4300T is installed behind an
existing legacy firewall.
Enable or disable the firewall
1. Select Firewall.
2. Use the Enable Firewall checkbox to either enable or disable the firewall.
3. Select Submit.
Configure Basic settings
To allow or deny HTTP, Telnet and SSH traffic originating from the WAN to
the 4300T simply use the checkboxes provided in the basic settings area of the
firewall configuration page. By default, access from the WAN into the 4300T
is disabled.
1. Select Firewall.
2. Use the three Allow access from WAN side checkboxes to enable or
disable HTTP, Telnet, and/or SSH access from IP devices on the WAN
side of the 4300T.
3. Select Submit.
Configure Advanced Settings
A comprehensive security policy can be created using the advanced settings of
the 4300T firewall. The policy actions that can be taken on any packet
processed by the 4300T are summarized in the following table:
Warning
Denying HTTP, Telnet or SSH traffic from the WAN may result in losing
management connectivity to the 4300T if you are configuring the system remotely
using the WAN link.