Bizfon 2000 Guida Utente
Bizfon Manual II: Administrator's Guide
Administrator’s Menus
Bizfon2000 and Bizfon4000 (SW Version 4.1.x)
90
Advanced Firewall Settings
Advanced Firewall Settings are used to deny Ping and
Portscanning operations addressed towards the device. With
these features enabled, Bizfon will answer with inscrutable
messages to the Ping and Portscanning operations.
Portscanning operations addressed towards the device. With
these features enabled, Bizfon will answer with inscrutable
messages to the Ping and Portscanning operations.
Please Note:
Operations are available only when the firewall is
enabled from the
page.
This page offers the following components:
The Ping Stealth checkbox selection prohibits a Ping
operation toward Bizfon from its WAN.
operation toward Bizfon from its WAN.
The Fool Portscanner checkbox selection prohibits Bizfon
portscanning from its WAN. As a reply to a Portscanning
operation, "network unreachable" or "host unreachable"
feedback messages will be sent.
portscanning from its WAN. As a reply to a Portscanning
operation, "network unreachable" or "host unreachable"
feedback messages will be sent.
Fig. II-158: Advanced Firewall Settings page
Filtering Rules
The Filtering Rules page allows you to configure the filters for incoming and outgoing traffic.
To prevent inaccurate configuration, only one rule per service is allowed. The user may use IP groups to include several IP addresses for this rule.
Since the filtering rules specify the operation mode of the firewall, they only take effect if the firewall has been enabled (additionally NAT should be
enabled to use the Port Forwarding function in the Incoming Traffic / Port Forwarding filtering rules). The filtering rules are independent from the
security level, so they will work if enabled, no matter what security level has been selected.
Since the filtering rules specify the operation mode of the firewall, they only take effect if the firewall has been enabled (additionally NAT should be
enabled to use the Port Forwarding function in the Incoming Traffic / Port Forwarding filtering rules). The filtering rules are independent from the
security level, so they will work if enabled, no matter what security level has been selected.
Please Note:
Applying firewall rules will prevent the establishment of new connections that violate the rules. Applying rules does not kill existing
connections that violate the rule.
View All displays all configured filters specified by their State
(enabled or disabled), the selected Service, the set Action
(allowed or blocked), the IP addresses the filters apply to (if
Restricted) and the destination of port forwarding (Redirect to,
in case of Incoming Traffic/Port Forwarding). Since it is read-
only, no modifications are allowed and no functional buttons are
available.
(enabled or disabled), the selected Service, the set Action
(allowed or blocked), the IP addresses the filters apply to (if
Restricted) and the destination of port forwarding (Redirect to,
in case of Incoming Traffic/Port Forwarding). Since it is read-
only, no modifications are allowed and no functional buttons are
available.
The Incoming Traffic/Port Forwarding filter is for incoming
traffic. The rules here allow or deny systems on the Internet to
reach the services of Bizfon’s LAN. The NAT service should be
enabled on the Bizfon to provide the possibility of Port
Forwarding in the Incoming Traffic/Port Forwarding filtering
rules. The Port Forwarding function will be unavailable if NAT is
disabled on the Bizfon.
traffic. The rules here allow or deny systems on the Internet to
reach the services of Bizfon’s LAN. The NAT service should be
enabled on the Bizfon to provide the possibility of Port
Forwarding in the Incoming Traffic/Port Forwarding filtering
rules. The Port Forwarding function will be unavailable if NAT is
disabled on the Bizfon.
The Outgoing Traffic filter is for outgoing traffic. The rules here
allow or deny Bizfon’s LAN users to reach external services.
allow or deny Bizfon’s LAN users to reach external services.
Management Access is used to enable management access to
the Bizfon from the Internet. A host on the Internet can be allowed
to reach the Bizfon.
the Bizfon from the Internet. A host on the Internet can be allowed
to reach the Bizfon.
Fig. II-159: Filtering Rules page
SIP Access is to allow or deny the SIP access to or from the particular SIP servers, SIP hosts or a group of them. The SIP Access filtering rule may
prevent or allow incoming or outgoing SIP calls to or from specified SIP server(s) or host(s).
prevent or allow incoming or outgoing SIP calls to or from specified SIP server(s) or host(s).
When Blocked IP List is used, traffic from specific hosts may be blocked, no matter what services are opened in the other filters. NO traffic will be
allowed to the specified hosts. The Blocked IP List service has a higher priority if the same host is also listed in the Allowed IP List table.
allowed to the specified hosts. The Blocked IP List service has a higher priority if the same host is also listed in the Allowed IP List table.
Allowed IP List allows trusted hosts to reach your network and vice versa. It is an exception to other rules and only all services may be allowed for a
single host.
single host.
Restricted IPSec - Generally hosts in a VPN are allowed to have access to any service, i.e., no traffic will be blocked. They are treated as if they
were part of the Bizfon LAN. However, this service can be manually denied here.
were part of the Bizfon LAN. However, this service can be manually denied here.
The Filtering Rules page provides several links. Each link opens its specific parameters on the same page. Only Change Policy (see chapter
), Manage user Defined Services (see chapter
) and Manage IP Pool Groups (see chapter
) lead to separate
pages. The Filtering Rules page also includes the currently selected firewall security (Policy) level and its description.
The table displayed on the bottom of this page shows the filters selected above, specified by their State (enabled or disabled), the selected Service,
the set Action (allowed or blocked), the IP addresses the filters apply to (if Restricted) and the destination of port forwarding (Redirect to, in case of
Incoming Traffic/Port Forwarding). With the exception of View All, the table offers the following functional buttons:
the set Action (allowed or blocked), the IP addresses the filters apply to (if Restricted) and the destination of port forwarding (Redirect to, in case of
Incoming Traffic/Port Forwarding). With the exception of View All, the table offers the following functional buttons: