Avaya 3.7 User Manual

A semi-private network interface provides connection to a network whose equipment can be 
made physically secure, but whose medium is vulnerable to attack (such as a Wireless network 
used within a corporation’s Private network infrastructure).

Because wireless connections cannot be easily controlled, strict firewall policy should be 
enforced on the semi-private interface to limit the access from the semi-private zone to VPN 
traffic. Clear traffic to Private and Management zones is not allowed. Common services to DMZ 
are allowed and clear traffic to Public is allowed.

The semi-private high security rules are enforced for both incoming and outgoing packets as 
follows.

Incoming traffic to the semi-private zone allowed includes:

●

VPN traffic. The VPN tunnel endpoints could be semi-private IP or Public IP.

●

Ping, DNS

●

ICMP unreachable packets

The following clear traffic is allowed

●

The source is semi-private and the destination is DMZ servers, with the following common 
services: PING, FTP control, Passive Data FTP, SSH, Telnet, HTTP, HTTPs, POP3, IMAP, 
SMTP, and NNTP.

InBoundPriv
ateDenyAcc
ess

Deny

Any

ManagementNet

Any

In

Private

No

Traffic to 
Managemen
tNet is 
denied.

InBoundPriv
atePermitAll

Permit

Any

Any

Any

In

Private

Yes

Permit WI/
VMGR and 
VPN, clear 
traffic to 
PUBLIC 

OutBoundPri
vateDenyAcc
ess

Deny

DMZNet

Any

Any

Out

Private

No

Deny traffic 
from and 
SemiPrivate
Net

OutBoundPri
vateDenyAll

Permit

Any

Any

Any

Out

Private

Yes

Permit 
incoming 
VPN