The Internet accessibility rules page allows you to configure
filters for incoming and outgoing traffic. To prevent
inaccurate configuration, only one rule per service is allowed. The user can
use IP groups to include several IP addresses for this rule. Since the filtering rules specify
the operation mode of the firewall, they can only take effect if the firewall functionality
has been enabled. The filtering rules are independent from the security level, so they will
work - if enabled - on every selected security level.
Note: Applying firewall rules will prevent the establishment of new connections which violate the rules. Applying rules does not kill existing connections that violate the rule.
Attention: The newly created blocking filtering rules will take effect immediately if there is no any active connection matching to that rule. Otherwise, if there is an active connection matching to the created blocking rule, please restart the QX1000 to make the newly created blocking rule effective immediately. However, if you are unable to restart the QX1000, you may need to stop an existing active connection to make the newly created blocking rule effective. Please note, that in this case the blocking rule will take effect only in 3 minutes.
The following types of filters are available:
View All - This displays all configured filters. It is for viewing
only, no modifications are allowed.
Management Access - This is for the management access of the QX1000 from
the Internet. A host from the Internet can be allowed to reach the QX1000.
Call Control Access - This is used to enable the access from the call controlling application from the Internet to the QX1000. The call controlling applications can be used to remotely initiate and handle calls on the QX1000 and to subscribe for certain event notifications from the QX1000.
SIP Access - This is to allow or deny the SIP access to/from the particular SIP servers, SIP hosts or a group of them. SIP Access filtering rule may prevent or allow incoming/outgoing SIP calls from/to specified SIP server(s) or host(s).
Blocked IP List - Here, traffic from special hosts is blocked, no
matter what services are configured in other filters. NO traffic will be allowed
to the specified hosts. The blocked IP list service has a higher priority than
the allowed IP list: if the same host is listed in both tables, it will be
blocked.
Allowed IP List - This allows trusted hosts to reach your network
and vice versa. It is an exception to other rules and only all services can be
allowed for a single host.
Clicking on these filters (except View All), will display the
specific parameters for each of them in the bottom of this page,
offering the following input options:
Enable activates the selected rules. If no records are selected the
error message "No record(s) selected" will appear.
Disable deactivates the selected rules. If no records are selected the
error message "No record(s) selected" will appear.
Add opens the page
Add Filtering
Rulewhere new rules may be created. They are specified by the
desired service and the desired action. The Restriction radio buttons
are used to allow/restrict one, several, or the whole group of IP addresses.
the services and groups can be edited in their own pages.
Delete removes the selected filters from the table. If no records are selected
the error message "No record(s) selected" occurs.
Select all checks all existing table entries.
Inverse Selection inverses the current selection (if no records are
selected, clicking on inverse selection will check all records).
The Policy area informs about the current policy and gives the
possibility to change it: The Change Policy link opens the Firewall Configuration page.
The Manage IP Pool Groups
link opens the IP
Pool Configuration page to create new or modify existing groups of IP
addresses.