Filtering Rules Help

The Internet accessibility rules page allows you to configure filters for incoming and outgoing traffic. To prevent inaccurate configuration, only one rule per service is allowed. The user can use IP groups to include several IP addresses for this rule. Since the filtering rules specify the operation mode of the firewall, they can only take effect if the firewall functionality has been enabled (additionally NAT should be enabled to use the Port Forwarding function in the Incoming Traffic/Port Forwarding filtering rules). The filtering rules are independent from the security level, so they will work - if enabled - on every selected security level.

Note: Applying firewall rules will prevent the establishment of new connections which violate the rules. Applying rules does not kill existing connections that violate the rule.

Attention: The newly created blocking filtering rules will take effect immediately if there is no any active connection matching to that rule. Otherwise, if there is an active connection matching to the created blocking rule, please restart the QX200 to make the newly created blocking rule effective immediately. However, if you are unable to restart the QX200, you may need to stop an existing active connection to make the newly created blocking rule effective. Please note, that in this case the blocking rule will take effect only in 3 minutes.

The following types of filters are available:

• View All - This displays all configured filters. It is for viewing only, no modifications are allowed.
• Incoming Traffic/ Portforwarding - This filter is for incoming traffic. The rules here allow or deny access from the Internet. They specify who will be able to reach the services of the Quadro's LAN. The NAT service should be enabled on the Quadro to provide a possibility of Port Forwarding in the Incoming Traffic/Port Forwarding filtering rules. Port Forwarding function will be unavailable if NAT is disabled on the Quadro.
• Outgoing Traffic - This filter is for outgoing traffic. The rules here allow or deny access to external services for Quadro LAN users.
• Management Access - This is for the management access of the QX200 from the Internet. A host from the Internet can be allowed to reach the QX200.
• Call Control Access - This is used to enable the access from the call controlling application from the Internet to the QX200. The call controlling applications can be used to remotely initiate and handle calls on the QX200 and to subscribe for certain event notifications from the QX200.
• SIP Access - This is to allow or deny the SIP access to/from the particular SIP servers, SIP hosts or a group of them. SIP Access filtering rule may prevent or allow incoming/outgoing SIP calls from/to specified SIP server(s) or host(s).
• Blocked IP List - Here, traffic from special hosts is blocked, no matter what services are configured in other filters. NO traffic will be allowed to the specified hosts. The blocked IP list service has a higher priority than the allowed IP list: if the same host is listed in both tables, it will be blocked.
• Allowed IP List - This allows trusted hosts to reach your network and vice versa. It is an exception to other rules and only all services can be allowed for a single host.

Clicking on these filters (except View All), will display the specific parameters for each of them in the bottom of this page, offering the following input options:

• Enable activates the selected rules. If no records are selected the error message "No record(s) selected" will appear.
• Disable deactivates the selected rules. If no records are selected the error message "No record(s) selected" will appear.
• Add opens the page Add Filtering Rule where new rules may be created. They are specified by the desired service and the desired action. The Restriction radio buttons are used to allow/restrict one, several, or the whole group of IP addresses. the services and groups can be edited in their own pages. The links Manage User Defined Services and Manage IP Pool Groups lead to them.
• Delete removes the selected filters from the table. If no records are selected the error message "No record(s) selected" occurs.
• Select all checks all existing table entries.
• Inverse Selection inverses the current selection (if no records are selected, clicking on inverse selection will check all records).

The Policy area informs about the current policy and gives the possibility to change it: The Change Policy link opens the Firewall Configuration page. The Manage User Defined Services link leads to the page Service Pool Configuration to add new or modify existing services and the Manage IP Pool Groups link opens the IP Pool Configuration page to create new or modify existing groups of IP addresses.