Avaya 3.7 Manuel D’Utilisation

The Demilitarized Zone (DMZ) network interface is typically used to allow Internet users access 
to some corporate services without compromising the private network where sensitive 
information is stored. For all the services setup in the DMZ, access is allowed from any network, 
including Public, Private, Management and Semi-private. Because the DMZ is not a trusted 
network, all outgoing traffic is blocked.

The same security rules are enforced for high security, medium security, and low security. The 
DMZ high security rules are enforced for both incoming and outgoing packets as follows.

Incoming traffic from the DMZ zone is denied. 

Outgoing traffic to the DMZ zone allowed includes

●

Packets from the following networks: private, management, semi-private, and the 
destination is the servers with the common services.

InBoundSemiPri
vateAccessICM
P

Permit

Any

Semi-Private
-IP

ICMPDESTUNREACHAB
LE
ICMPTIMEEXCEEDED

In

Semi-Pri
vate

No

OutBoundSemi
PrivateAccessI
CMP

Permit

Semi-Privat
e-IP

Any

ICMPDESTUNREACHAB
LE

Out

Semi-Pri
vate

No

InBoundSemiPri
vateBlockAll

Block

Any

Any

Any

In

Semi-Pri
vate

No

OutBoundSemi
PrivateBlockAll

Block

Any

Any

Any

Out

Semi-Pri
vate

No

InBoundDMZ
ActiveFTPAc
cess

Permit

DMZNet

Any

ActiveFTP

In

DMZ

Yes

Permit active FTP 
data connection 
from FTP server 
on DMZNet to any 
FTP client on 
INATERNET(this 
works for both 
NAT/Non NAT 
setup)

InBoundDMZ
BlockAll

Deny

Any

Any

Any

In

DMZ

No

Deny the rest of 
traffic