Nortel Networks 555-4001-135 User Manual

Hosts that need to be accessed from the World Wide Web must be 
placed in a special sub-network called the Green and Red LAN. The 
firewall isolates the Green and Red LAN from the C-LAN. Devices that 
can be accessed from the World Wide Web are put into this segregated 
LAN segment. Nortel Networks recommends that the Green and Red 
LAN be the location of the ICB connection.

On the other hand, C-LAN hosts require open access to the ICB for 
administration and maintenance.

Table 3 summarizes the recommended access permissions allowed by 
the firewall. All other paths not in the table should be denied.

Notes
Take the following notes into consideration:

•

Technically, a firewall can be configured to enforce these access 
restrictions even when the ICB is in the C-LAN. However, a Green 
and Red LAN is usually used, because it is safer.

•

Cards of a dual-ICB set must be in the same LAN segment, with no 
restrictions between them. 

In this configuration, the ICB is not accessible from anywhere in the 
World Wide Web (assuming this policy is enforced by the firewall). 
There are two options for this type of configuration: C-LAN connection 
and E-LAN connection.

 shows an example of the C-LAN connection.

 

WWW

ICB

HTTP

C-LAN

ICB

HTTP, FTP, TELNET

ICB

WWW

FTP (optional; allows upgrade from the 
web)

ICB

C-LAN

FTP

ICB

Mail Server

SMTP