Nortel Networks 555-4001-135 User Manual
Engineering guidelines 41
Nortel Integrated Conference Bridge Service Implementation Guide
Hosts that need to be accessed from the World Wide Web must be
placed in a special sub-network called the Green and Red LAN. The
firewall isolates the Green and Red LAN from the C-LAN. Devices that
can be accessed from the World Wide Web are put into this segregated
LAN segment. Nortel Networks recommends that the Green and Red
LAN be the location of the ICB connection.
placed in a special sub-network called the Green and Red LAN. The
firewall isolates the Green and Red LAN from the C-LAN. Devices that
can be accessed from the World Wide Web are put into this segregated
LAN segment. Nortel Networks recommends that the Green and Red
LAN be the location of the ICB connection.
On the other hand, C-LAN hosts require open access to the ICB for
administration and maintenance.
administration and maintenance.
Table 3 summarizes the recommended access permissions allowed by
the firewall. All other paths not in the table should be denied.
the firewall. All other paths not in the table should be denied.
Notes
Take the following notes into consideration:
Take the following notes into consideration:
•
Technically, a firewall can be configured to enforce these access
restrictions even when the ICB is in the C-LAN. However, a Green
and Red LAN is usually used, because it is safer.
restrictions even when the ICB is in the C-LAN. However, a Green
and Red LAN is usually used, because it is safer.
•
Cards of a dual-ICB set must be in the same LAN segment, with no
restrictions between them.
restrictions between them.
LAN/intranet access only
In this configuration, the ICB is not accessible from anywhere in the
World Wide Web (assuming this policy is enforced by the firewall).
There are two options for this type of configuration: C-LAN connection
and E-LAN connection.
World Wide Web (assuming this policy is enforced by the firewall).
There are two options for this type of configuration: C-LAN connection
and E-LAN connection.
shows an example of the C-LAN connection.
Table 3
Firewall access permissions
Source
Destination
Protocol
WWW
ICB
HTTP
C-LAN
ICB
HTTP, FTP, TELNET
ICB
WWW
FTP (optional; allows upgrade from the
web)
web)
ICB
C-LAN
FTP
ICB
Mail Server
SMTP