CSS Stylesheet |
---|
img.confluence-embedded-image { display: inline-block !important; } |
Panel | ||||
---|---|---|---|---|
In this section:
|
To add or modify an ACL rule:
Click OK.
Panel | |||||||
---|---|---|---|---|---|---|---|
| |||||||
|
Include Page | ||||||
---|---|---|---|---|---|---|
|
Include Page | ||||||
---|---|---|---|---|---|---|
|
Note | ||||
---|---|---|---|---|
| ||||
An ACL may not be deleted if it is bound to any port or logical interface. However, you may delete or modify a rule within a bound ACL. Any modification or deletion is effective immediately. |
Include Page | ||||||
---|---|---|---|---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Panel | ||||
---|---|---|---|---|
| ||||
The protocol of the IP packets subject to this rule. Valid options: TCP, UDP, ICMP, OSPF, Any, or Other. Default value: TCP. |
Panel | ||||
---|---|---|---|---|
| ||||
Specifies the action to be taken upon packets matching this rule. Valid selections: Deny (default, packets matching this rule are not accepted) or Allow (packets matching this rule are accepted). |
Panel | ||||
---|---|---|---|---|
| ||||
The Internet Assigned Numbers Authority (IANA) port number for various protocols. This field is available only when Other is selected from the Protocol drop down box. |
Panel | ||||
---|---|---|---|---|
| ||||
Either Service or Range. The Services option allows you to define the service for either UDP or TCP protocol. The Range option should be used to specify a specific source or destination port number or port number range. This field is available only when either TCP or UDP is selected from the Protocol drop down box. |
Panel | ||||
---|---|---|---|---|
| ||||
Services available for either TCP or UPD. Only those Ports for which the SBC 1000/2000 is a server are available as Services. This field is available only when UDP or TCP is selected from the Port Selection Method drop down box. |
Panel | ||||
---|---|---|---|---|
| ||||
Specifies the IPv6 address of the destination host or subnet; this entry is in a colon-hex notation (i.e., 2001:db8:10::100). |
Panel | ||||
---|---|---|---|---|
| ||||
Specifies the network prefix of the destination host or subnet (i.e., 0 - 128). |
Panel | ||||
---|---|---|---|---|
| ||||
The minimum port number associated with the source packets subject to this rule. This field is available only when TCP or UDP is selected from the Protocol drop down box and Range is selected from the Port Selection Method drop down box. |
Panel | ||||
---|---|---|---|---|
| ||||
The maximum port number associated with the source packets subject to this rule. This field is available only when TCP or UDP is selected from the Protocol drop down box and Range is selected from the Port Selection Method drop down box. |
Panel | ||||
---|---|---|---|---|
| ||||
Specifies the IPv6 address of the destination host or subnet; this entry is in a colon-hex notation (i.e., 2001:db8:10::100). |
Panel | ||||
---|---|---|---|---|
| ||||
Specifies the network prefix of the destination host or subnet (i.e., 0 - 128). |
Panel | ||||
---|---|---|---|---|
| ||||
The minimum port number associated with the destination packets subject to this rule. This field is available only when TCP or UDP is selected from the Protocol drop down box and Range is selected from the Port Selection Method drop down box. |
Panel | ||||
---|---|---|---|---|
| ||||
The maximum port number associated with the destination packets subject to this rule. This field is available only when TCP or UDP is selected from the Protocol drop down box and Range is selected from the Port Selection Method drop down box. |
Div | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Click here for Sample ACL configuration | Click here for Sample ACL configuration |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
6 | ANY | ANY | ANY | ANY | ANY | DROP | By default, drops all traffic, if the above rules don't match. |
Sample ACL BindingThe ACLs in this example are applied only to the inbound direction of the ports. Once the ACLs are bound to the ports, ports Ethernet 1-4 are used only for VoIP and not for management. The ADMIN port is used only for management and not for user traffic.
|
Info |
---|
These are sample ACLs and should be customized for your specific deployment. |
A typical SBC deployment may have two 'sides'. One side is the LAN-side or the corporate-network side, and the other is the Internet-side, WAN-side or the provider-network side. Neither side should be trusted entirely. ACLs must be configured so that only SIP/VOIP/RTP traffic is allowed on both sides. An additional task is usually to determine the IP interface WebUI/REST management is allowed on.
Note |
---|
When configuring ACLs, it is possible to isolate the SBC out of the network. Ensure there are rules in place to accept HTTPS on at least one IP interface. The order of rules in the ACL is important. |
For this example, consider that the Sonus Ribbon SBC 1000 has two IP interfaces
(For this example, this ACL must be applied to 'Ethernet 1 IP' as "Input ACL")
Div | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
(For this example, this ACL must be applied to 'Ethernet 2 IP' as "Input ACL")
Div | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Pagebreak |
---|