IP Access Control Lists (IP ACLs) is a packet filtering object that is applied to incoming IP packets on the SBC. This object protects the system from a variety of network-borne attacks.
Use IP ACLs to specify rules to permit or deny packets into SBC. The IP ACL can optionally pass the traffic but at only a certain policed rate.
When you create an IP ACL rule, its state defaults to "disabled
". Change the state to "enabled
" to active the rule.
The maximum number of ACLs that can be configured in SBC is 11,264.
When a user creates a new management group the user must add user defined ACL rules to get the equivalent rules that are set up for the default management group.
The SBC supports initiating SFTP sessions out from the SBC toward a configurable host using a configurable destination TCP port (such as 22).
To allow the ability to run SFTP from the SBC to a remote server, the application SbcSftp
has been created. The application creates the necessary ACL, runs the SFTP command, and then deletes the ACL. For more information on SbcSftp
, refer to SbcSftp - Secure File Transfers with Automated ACL Creation and Deletion.
Each signaling port within an Address Context must use a unique IP address and port number combination.
The SBC 5210 and SBC 7000 systems support creating IP Interface Groups containing sets of IP interfaces that are not "processor friendly" (i.e. carried on physical Ethernet ports served by separate processors). However, restrictions exist regarding the usage of such Interface Groups.
(This ability does not apply to the SBC 5110 and 5400 systems which have only two physical media ports. IP interfaces from the two physical ports may be configured within the same IP Interface Groups without restrictions.)
For complete details, refer to Configuring IP Interface Groups and Interfaces.
Additional topics: