Not applicable to SBC SWe Edge.

The SBC 1000/2000 ASM module provides the ability to configure the Windows Firewall on the ASM for incoming traffic. This feature is separate from the SBC 1000/2000 IP Protocol ACLs which may be applied to the ASM Port for inbound and forwarding traffic on the SBC 2000.

By default, inbound connections that do not match a rule are denied and specific rules must be added to allow specific traffic. The order of the rules is not important, network traffic that matches both an active deny and an active allow rule is blocked.

The Windows Firewall can have three types of rules:

  • Original Windows rules seen when the ASM is first installed.
  • Lync-required rules created when Lync is deployed and SBC-Comms required rules created when the ASM is first installed.
  • SBC User-Created rules via the WEBUI.
CAUTION

Ribbon highly recommends that the Windows Firewall on the ASM never be changed via Remote Desktop. Any change made by Remote Desktop on the SBC User-Created rules will be overwritten each time a SBC User-Created rules are modified or added via the WebUI, ASM or SBC chassis restarts.

The Windows Firewall may be turned off in the ASM Configuration page of the UI. While the Windows Firewall is disabled, the SBC User-Created rules Admin State will not be acted on.

SBC User-Created rules can apply to:

  • A source IP address.
  • A destination IP address.
  • A specific protocol.
  • A source Port for TCP or UDP protocol.
  • A destination Port for TCP or UDP protocol.
  • An application hosted inside the ASM.
WARNING

The following ports are required for the SBC and ASM to communicate, do not Deny one of them:

  • UDP 111, 1048 and 2049
  • TCP 111

 

  • No labels