The Registration Rules page is used to selectively program the system firewall to control registration access to the system for H.323 UDP port 1719. The H.323 Registration Rules only apply to clients registering from the WAN side.

The whitelist/blacklist is used to block H.323 calls to your device based on IP addresses. First, a default policy is defined and a list of exceptions to this policy is created. If a whitelist is selected, all calls are blocked by default except for calls from the listed addresses. If a blacklist is selected, all calls are allowed by default except for calls from the listed addresses.

Note

The Firewall must be enabled for this feature to function. Choose Security from the Configuration Menu and refer to Configure Basic WAN Firewall Settings.

  1. Choose VoIP > H.323.
  2. Click Registration Rules in the H.323 Settings navigation panel at the top of the page to open the H.323 Registration Rules page.

  3. Select a list type radio button:
    • Disabled (default)

    • Blacklist

    • Whitelist

  4. Click Commit to activate H.323 Registration Rules Whitelist or Blacklist configuration fields. The example in the following figure shows Blacklist fields; Whitelist fields are identical when you select the Whitelist radio button. Calls are not interrupted on the system when you click Commit.

  5. Configure settings using the information in the following table as a guide.

    H.323 Registration Rules Parameters

    ItemDescription
    Disabled

    Default setting is disabled and all H.323 devices are allowed to register.

    Blacklist

    Creates a blacklist policy to allow all H.323 registrations into the system. The Blacklist table allows administrators to enter selected blocked IP addresses.

    Adding or deleting entries to the list does not affect ongoing calls through the system.

    Whitelist Static-Only

     

    Creates a whitelist policy to block all H.323 registrations into the system. The Whitelist table allows the administrator to enter allowed IP addresses.

    Adding or deleting entries to the list does not affect ongoing calls through the system.

    Add a New Whitelist/Blacklist Entry

     Address

    Specifies the IP address or IP address/bitmask.

    If an IP address/bitmask is entered, it must be entered in the format a.b.c.d/xx, where xx has a range of 0 to 32.

    Once the new address is added to the list, the policy is immediately changed to include the new address.

    Delete

    Deletes one or more IP addresses from the list.

    Once the address is deleted from the list, the policy is immediately changed to exclude the address.

    Add a New Whitelist Static/Dynamic Entry

    Creates a static and dynamic whitelist policy to block all H.323 registrations into the system.

    The whitelist static/dynamic option generates two lists of clients. The first list is the static list, which is modified exactly as the static-only option described above. The second list is automatically generated when clients authenticate to the Access Proxy.

    Access Proxy must be enabled to have clients added dynamically. No action can be performed on the dynamic clients from this page; the page only displays a list of the authenticated clients; the user cannot modify/add/delete any of the clients directly in the dynamic list.

    When this option is enabled, the firewall first searches the static list, then the dynamic list. As with the whitelist static-only option, if no match is found in either list, the request is dropped.

  6. Manage entries in the H.323 Registration Rules Whitelist or Blacklist table:

    1. Select checkboxes for the entries that you want to delete. Click All to choose all the entries or None to clear your selections.

    2. Click Delete.

    3. Click OK to confirm.

  7. Add a new Whitelist or Blacklist entry by entering an IP address in the Address field.

  8. Click Add for each address that you add to the list.

  9. Click Submit All to save all settings on the page.
  • No labels