Avaya 3.7 User Manual
Establishing security
188 Avaya VPNmanager Configuration Guide Release 3.7
Traffic Type - The fields and drop-down lists in this section change according to the IP Protocol
type selected. Depending on the traffic type selected (user-defined TCP and user-defined
UDP), Source and Destination fields appear to collect additional parameters.
type selected. Depending on the traffic type selected (user-defined TCP and user-defined
UDP), Source and Destination fields appear to collect additional parameters.
If the Traffic Type selected is user-defined IP, a Protocol ID field appears.
A comprehensive suite of UDP, TCP, and ICMP filter options are provided.
Keep State - Appears when user-defined TCP or user-defined UDP traffic type is selected. This
function allows a filter rule set for the intended traffic to also be applied to the reply packets.
This function can be applied to both TCP and UDP packets.
function allows a filter rule set for the intended traffic to also be applied to the reply packets.
This function can be applied to both TCP and UDP packets.
Keep State sets up a state table, with each entry set up by the sending side. Reply packets
pass through a matching filter based on the respective state table entry.
pass through a matching filter based on the respective state table entry.
Note:
Note:
Although UDP is connectionless, if a packet is first sent out from a given port, a
reply is expected in the reverse direction on the same port. Keep State
essentially “remembers” the port and lets the replying packet enter in the same
port.
reply is expected in the reverse direction on the same port. Keep State
essentially “remembers” the port and lets the replying packet enter in the same
port.
Source Port - Appears when User-defined TCP or User-defined UDP selections are made.
Select the Range (Any or User-defined), then enter the from: and to: values. The port range is
inclusive. If you want to choose a single port, simply specify the same port as both start and end
port.
Select the Range (Any or User-defined), then enter the from: and to: values. The port range is
inclusive. If you want to choose a single port, simply specify the same port as both start and end
port.
You can also choose an operator on the port range ( = means in the port range and != means
out of the port range).
out of the port range).
Destination Port - Appears when User-defined TCP or User-defined UDP selections are
made. Select the Range (Any or User-defined), then enter the from: and to: values. The port
range is inclusive. If you want to choose a single port, simply specify the same port as both start
and end port.
made. Select the Range (Any or User-defined), then enter the from: and to: values. The port
range is inclusive. If you want to choose a single port, simply specify the same port as both start
and end port.
You can also choose an operator on the port range ( = means in the port range and != means
out of the port range).
out of the port range).
Comparator - Permits logical include (=) or exclude (!=) operation on the range entered. For
example, if you want to block ports 1024 through 1250, you would enter (Action = Deny) from:
1024 to 1250 and select = as the comparator value.
example, if you want to block ports 1024 through 1250, you would enter (Action = Deny) from:
1024 to 1250 and select = as the comparator value.
From/Where
●
Type. Choices are Network/Mask Pair or Any.
●
IP Network Mask Pair. Identify the source IP address to which the filter rule applies.