Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Add_workflow_for_techpubs
AUTH1UserResourceIdentifier{userKey=8a00a0c86e9b2550016ec54396b5000a, userName='null'}
JIRAIDAUTHSBX-126746
REV5UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb8305e9, userName='null'}
REV6UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb8305e9, userName='null'}
REV3UserResourceIdentifier{userKey=8a00a0c85985e6110159ca1c8fb70008, userName='null'}
REV1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cd240974, userName='null'}


Panel

In this section:

Table of Contents
maxLevel4

...



For SIP Trunking configurations, define ACL

...

“allowlists” to only allow traffic from the far ends (IP address) in a SIP peering scenario.

For each trunk group, do the following:

  • Create an ACL with a high priority (low precedence value) to allow traffic from the far end.
  • Create a “Block Everything

...

  • Anternatively” ACL at a lower priority (higher precedence value) to block all traffic EXCEPT traffic that is explicitly allowed.

Include Page
IP_IGs_ServedBySeperateProcessors
IP_IGs_ServedBySeperateProcessors

Allow Unlimited Traffic

The below rule allows unlimited traffic from “10.35.66.187” (the IP address of the far end for this example) to destination port 5060. This IP address is also an IP Peer and is included in the trunk group ingress IP prefix.

Include Page
_IP_Access_Control_List_a_Condition_for_Using_Fill_Rate_and_Bucket_Size
_IP_Access_Control_List_a_Condition_for_Using_Fill_Rate_and_Bucket_Size

Code Block
languagenone
% set addressContext "default" ipAccessControlList rule "WHITELIST_PEER_01" precedence "1000" protocol "udp" ipInterfaceGroup "EXTERNAL.IPIG" sourceIpAddress "10.35.66.187" sourceAddressPrefixLength "32" destinationPort "5060" fillRate "unlimited" bucketSize "unlimited" state "enabled"

...

Ensure the sourceAddressPrefixLength is set to a nonzero value (“32” is used in this example). Otherwise, the length defaults to

...

“0, " allowing all IP addresses to be

...

“allowlisted.

Block All Traffic Not Explicitly Allowed

The following rule blocks all traffic that is not explicitly allowed:

Code Block
languagenone
% set addressContext "default" ipAccessControlList rule "DENYALL_UNTRUST" precedence "65015" ipInterfaceGroup "EXTERNAL.IPIG" action "discard"

The precedence of WHITELIST_PEER_01 is a lower value than DENYALL_UNTRUST. This causes WHITELIST_PEER_01 to take precedence over DENYALL_UNTRUST

...

, allowing the SBC to accept traffic from 10.35.66.187.

Note
Enable the ACLs in precedence order. In this example, this ACL should be the last one enabled.