Polycom 4300T Manuale Utente

User Guide V

2

IU 4300T Converged Network Appliance

3 - 36

The 4300T uses a Stateful Packet Inspection (SPI) firewall to protect data 

devices installed behind the LAN interface.  Voice devices are protected by the 

4300T Application Layer Gateway (ALG) as described in VoIP Configuration.
The firewall is enabled by default.  The default behavior of the firewall is to:

• deny all traffic originating from the WAN

• allow all traffic originating from the LAN

• allow only return traffic for connections that originated from the LAN

• deny all traffic originating from the WAN to the 4300T itself 

• allow all traffic originating from the LAN to the 4300T
The default behavior can be modified using the basic and advanced settings 

fields on the firewall configuration page.  We recommend that you use the 

4300T firewall, however it can be disabled if the 4300T is installed behind an 

existing legacy firewall.

Select Firewall.

Use the Enable Firewall checkbox to either enable or disable the firewall.

Select Submit.

To allow or deny HTTP, Telnet

 

and SSH traffic originating from the WAN to 

the 4300T simply use the checkboxes provided in the basic settings area of the 

firewall configuration page.  By default, access from the WAN into the 4300T 

is disabled.

Select Firewall.

Use the three Allow access from WAN side checkboxes to enable or 

disable HTTP, Telnet, and/or SSH access from IP devices on the WAN 

side of the 4300T.

Select Submit.

A comprehensive security policy can be created using the advanced settings of 

the 4300T firewall.  The policy actions that can be taken on any packet 

processed by the 4300T are summarized in the following table:

Denying HTTP, Telnet or SSH traffic from the WAN may result in losing 
management connectivity to the 4300T if you are configuring the system remotely 
using the WAN link.