<!DOCTYPE html
SYSTEM "about:legacy-compat">
<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta charset="UTF-8"><meta name="copyright" content="(C) Copyright 2023"><meta name="DC.rights.owner" content="(C) Copyright 2023"><meta name="DC.type" content="topic"><meta name="prodname" content="All Mediatrix Products"><meta name="version" content="DGW 49.12.28842941"><meta name="platform" content="All"><meta name="DC.date.modified" content="2023-0308-2809"><meta name="DC.date.issued" content="2023-0308-2809"><meta name="DC.date.available" content="2023-0308-2809"><meta name="ChapterNumbering" content="no"><meta name="DC.format" content="HTML5"><meta name="DC.identifier" content="topic_title_Basic_Concepts_d1e15"><link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet"><link rel="stylesheet" type="text/css" href="https://documentation.media5corp.com/download/attachments/62825785/commonltr.css"><link rel="stylesheet" type="text/css" href="https://documentation.media5corp.com/download/attachments/62825785/custom.css"><title>Configuring Local Firewalls</title></head><body class="nobody"><header role="banner"><div class="topicmeta title">Configuring Local Firewalls</div><div class="topicmeta date">2023-0308-28<09</div><div class="topicmeta product">All Mediatrix Products</div><div class="topicmeta version">DGW 49.12.2884<2941</div><div class="topicmeta pdf"><a href="https://documentation.media5corp.com/download/attachments/62825785/Configuring%20Local%20Firewalls.pdf" rel="nofollow">Download PDF Document</a></div><hr><span style="float: inline-end;"></span></header><nav role="toc"><ul><li><a href="#topic_title_Basic_Concepts_d1e15">Basic Concepts</a><ul><li><a href="#concept_lrc_4l2_jq">Local Firewall</a></li><li><a href="#unique_16433482361055888973">Firewall Rule Order - Important</a></li></ul></li><li><a href="#topic_title_Basic_Tasks_d1e18">Basic Tasks</a><ul><li><a href="#task_wm3_fp3_dq">Configuring the Local Firewall</a></li><li><a href="#unique_1028635107476205187">Disabling the Local Firewall</a></li><li><a href="#task_wjf_wsd_n1b">Configuring Black Listing Duration </a></li><li><a href="#task_zmw_yjd_n1b">Setting the No Match Local Firewall Default Policy</a></li></ul></li><li><a href="#topic_title_Examples_d1e23">Examples</a><ul><li><a href="#reference_oxv_hym_n1b">Generic Whitelist </a></li><li><a href="#reference_ldy_tqm_n1b">Whitelist for Internet Hacker Protection</a></li><li><a href="#reference_bzs_s4q_t1b">Generic Blacklist</a></li></ul></li><li><a href="#reference_j4g_nbv_gfb">Online Help</a></li><li><a href="#concept_v4k_q3h_1r">DGW Documentation</a></li><li><a href="#concept_fqm_rv4_k4">Copyright Notice</a></li></ul></nav><main role="main"><article role="article" aria-labelledby="ariaid-title1"><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="nested0" aria-labelledby="ariaid-title1" id="topic_title_Basic_Concepts_d1e15">
<h1 class="title topictitle1" id="ariaid-title1">Basic Concepts</h1>
<article class="topic concept nested1" aria-labelledby="ariaid-title2" id="concept_lrc_4l2_jq">
<h2 class="title topictitle2" id="ariaid-title2">Local Firewall</h2>
<div class="body conbody"><p class="shortdesc">The local firewall allows you to create and configure rules to filter incoming packets
that have the Mediatrix unit as destination. </p>
<p class="p">The Local Firewall is therefore a security feature that allows you to protect your Mediatrix
unit from receiving packets from unwanted or unauthorized peers. As a best practice, the way the
Local Firewall should work is to, by default, drop all incoming packets (i.e. not forward the
packet to its destination) and let incoming packets go through only if they match a rule
requirements. However, incoming packets for an IP communication established by the Mediatrix unit
are always accepted (Example : If the Mediatrix unit sends a DNS request, the answer will be
accepted).</p>
<p class="p">When configuring the Local Firewall, enabling the default policy to drop all incoming packets
should be the last step you perform otherwise, you may lose contact with the Mediatrix unit, even
if you are performing the initial configuration of your system. Therefore, start by creating the
rules that allow the Mediatrix unit to accept some packets. This way communication will not be
lost and you will not need to perform a partial or factory reset to reconnect with the Mediatrix
unit.</p>
<p class="p">You can use a maximum of 20 rules, but the more rules are enabled, the more overall performance
is affected.</p>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic concept nested1" aria-labelledby="ariaid-title3" id="unique_16433482361055888973">
<h2 class="title topictitle2" id="ariaid-title3">Firewall Rule Order - Important</h2>
<div class="body conbody"><p class="shortdesc">The order in which the incoming packets are tested against the rules is important if you
want to make sure that they actually have a filtering effect on incoming packets.</p>
<p class="p">Rules can be configured to accept or to decline packets. But, always put the most restrictive
rules first as they are executed sequentially starting with the first one listed at the top of
the table i.e. make sure that the order in which the rules are executed does not cause a rule
to be systematically excluded. </p>
<div class="p">For example: <ul class="ul" id="unique_16433482361055888973__ul_ebk_41r_t1b">
<li class="li">If the first rule excludes all packets coming from a specific net mask, providing a second
rule for an IP address with that same net mask will have no effect. </li>
<li class="li">If the first rule indicates actions to be taken for a specific IP address with a given net
mask, and the second rule indicates to exclude all IP addresses with that net mask, both
rules will be applied and have a result on the incoming packets. </li>
</ul></div>
</div>
</article></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic nested0 nobody" aria-labelledby="ariaid-title4" id="topic_title_Basic_Tasks_d1e18">
<h1 class="title topictitle1" id="ariaid-title4">Basic Tasks</h1>
<article class="topic task nested1" aria-labelledby="ariaid-title5" id="task_wm3_fp3_dq">
<h2 class="title topictitle2" id="ariaid-title5">Configuring the Local Firewall</h2>
<div class="body taskbody">
<section class="section prereq"><div class="tasklabel"><strong class="sectiontitle tasklabel">Before you begin</strong></div>You must have a Network Interface created.
</section>
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step stepexpand">
<span class="ph cmd">Go to <span class="keyword wintitle">Network</span>/<span class="keyword wintitle">Local Firewall</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">Local Firewall Rules</span> table,
complete the fields as required.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">Local Firewall Configuration</span>
table, from the <span class="keyword wintitle">Default Policy</span> selection
list, select <span class="keyword wintitle">Drop</span>.</span>
<div class="itemgroup info">
<div class="note important note_important"><span class="note__title">IMPORTANT:</span> Before setting the <span class="keyword wintitle">Default Policy</span> to
<span class="keyword wintitle">Drop</span>, i.e. to
apply the local firewall rules and to drop any incoming call that does not
match a rule, review your rules to make sure that at least one rule accepts
incoming packets for management, otherwise the communication with the
Mediatrix Sentinel will be lost.</div>
</div>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> For example, if the Web interface is used for management (HTTP port 80)
via the unit's LAN interface (default IP address = 192.168.0.10), then the
following rule could be added:<span class="keyword parmname">Activation=Enable / Destination
Address=192.168.0.10 / Destination port=80 / Protocol=TCP /
Action=Accept</span>
</div>
</div>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> For blacklisting to be used, at least one firewall rule must have the
<span class="keyword wintitle">Black listing enable</span> box checked. </div>
<div class="note note note_note"><span class="note__title">Note:</span> Before setting the <span class="keyword wintitle">Default Policy</span> to
<span class="keyword wintitle">Drop</span>, review
your rules to make sure that at least one rule accepts incoming packets,
otherwise the communication with the Mediatrix Sentinel will be lost.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="keyword wintitle">Save</span>.</span>
<div class="itemgroup info">
<div class="note caution note_caution"><span class="note__title">Caution:</span> Take the time to carefully review your rules before
continuing to the next step.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="keyword wintitle">Save & Apply</span> to
apply all changes to the configuration.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="ph uicontrol">restart required services</span>,
located at the top of the page.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>The Local Firewall will drop packets without any notification message. <p class="p">If a rule
with the <span class="keyword wintitle">Black listing enable</span> box checked matches a packet and no <span class="keyword wintitle">Rate Limit Value</span> was set, then the
source address of the packet will be black listed and all packets coming from this
address will be blocked for the duration of the <span class="keyword wintitle">Blacklist Timeout</span>.</p><p class="p">If a
rule with the <span class="keyword wintitle">Black listing enable</span> box checked
matches a packet and the <span class="keyword wintitle">Rate Limit Value</span> has been reached,
then the source address of the packet will be black listed and all packets coming
from this address will be blocked for the duration set for the <span class="keyword wintitle">Blacklist Rate Limit
Timeout</span>.</p></section>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title6" id="unique_1028635107476205187">
<h2 class="title topictitle2" id="ariaid-title6">Disabling the Local Firewall</h2>
<div class="body taskbody">
<section class="section prereq"><div class="tasklabel"><strong class="sectiontitle tasklabel">Before you begin</strong></div> You must have a
Network Interface created. </section>
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step stepexpand">
<span class="ph cmd">Go to <span class="keyword wintitle">Network</span>/<span class="keyword wintitle">Local Firewall</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">Local Firewall Configuration</span>
table, set the <span class="keyword wintitle">Default Policy</span> to <span class="keyword wintitle">Accept</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">Local Firewall Rules</span> table,
from the <span class="keyword wintitle">Activation</span>
column, select <span class="keyword wintitle">Disable</span>
for all the rules. </span>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="keyword wintitle">Save</span>.</span>
<div class="itemgroup info">
<div class="note caution note_caution"><span class="note__title">Caution:</span> Take the time to carefully review your rules before
continuing to the next step.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="keyword wintitle">Save & Apply</span> to
apply all changes to the configuration.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="ph uicontrol">restart required services</span>,
located at the top of the page.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>All incoming packets will be accepted. </section>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title7" id="task_wjf_wsd_n1b">
<h2 class="title topictitle2" id="ariaid-title7">Configuring Black Listing Duration </h2>
<div class="body taskbody">
<section id="task_wjf_wsd_n1b__steps_nsm_ntd_n1b"><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps" id="task_wjf_wsd_n1b__steps_nsm_ntd_n1b"><li class="li step stepexpand">
<span class="ph cmd">Go to <span class="keyword wintitle">Network</span>/<span class="keyword wintitle">Local Firewall</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">Local Firewall Configuration</span>
table, set the <span class="keyword wintitle">Blacklist Timeout</span></span>
</li><li class="li step stepexpand">
<span class="ph cmd">Set the <span class="keyword wintitle">Blacklist Rate Limit
Timeout</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="keyword wintitle">Save</span>.</span>
<div class="itemgroup info">
<div class="note caution note_caution"><span class="note__title">Caution:</span> Take the time to carefully review your rules before
continuing to the next step.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="keyword wintitle">Save & Apply</span> to
apply all changes to the configuration.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="ph uicontrol">restart required services</span>,
located at the top of the page.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>Blacklisting parameters will be updated. Remember that for blacklisting to be used,
at least one rule must have blacklisting enabled. <p class="p">If a rule with the <span class="keyword wintitle">Black listing enable</span> box checked
matches a packet and no <span class="keyword wintitle">Rate Limit Value</span> was set, then the
source address of the packet will be black listed and all packets coming from this
address will be blocked for the duration of the <span class="keyword wintitle">Blacklist Timeout</span>.</p><p class="p">If a
rule with the <span class="keyword wintitle">Black listing enable</span> box checked
matches a packet and the <span class="keyword wintitle">Rate Limit Value</span> has been reached,
then the source address of the packet will be black listed and all packets coming
from this address will be blocked for the duration set for the <span class="keyword wintitle">Blacklist Rate Limit
Timeout</span>.</p></section>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title8" id="task_zmw_yjd_n1b">
<h2 class="title topictitle2" id="ariaid-title8">Setting the No Match Local Firewall Default Policy</h2>
<div class="body taskbody">
<section id="task_zmw_yjd_n1b__steps_qcp_ckd_n1b"><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps" id="task_zmw_yjd_n1b__steps_qcp_ckd_n1b"><li class="li step stepexpand">
<span class="ph cmd">Go to <span class="keyword wintitle">Network</span>/<span class="keyword wintitle">Local Firewall</span>.</span>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> Before setting the <span class="keyword wintitle">Default Policy</span> to
<span class="keyword wintitle">Drop</span>, i.e. to
apply the local firewall rules and to drop any incoming call that does not
match a rule, review your rules to make sure that at least one rule accepts
incoming packets, otherwise the communication with the Mediatrix Sentinel
will be lost.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">Local Firewall Configuration</span>
table, set the <span class="keyword wintitle">Default Policy</span> to <span class="keyword wintitle">Drop</span>.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>The local firewall rules will be applied and if an incoming call does not match a
call it will be dropped.</section>
</div>
</article></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic nested0 nobody" aria-labelledby="ariaid-title9" id="topic_title_Examples_d1e23">
<h1 class="title topictitle1" id="ariaid-title9">Examples</h1>
<article class="topic reference nested1" aria-labelledby="ariaid-title10" id="reference_oxv_hym_n1b">
<h2 class="title topictitle2" id="ariaid-title10">Generic Whitelist </h2>
<div class="body refbody"><p class="shortdesc">All incoming calls are dropped unless they match one of the firewall rules which are
acting on the incoming packets going towards the Mediatrix gateway.</p>
<section class="section">
<br><img class="image" id="reference_oxv_hym_n1b__image_uxr_tfs_n1b" src="https://documentation.media5corp.com/download/attachments/62825785/whitelist.png" width="800"><br>
</section>
<section class="section"><h3 class="title sectiontitle">Result:</h3>
<table class="table frame-all" id="reference_oxv_hym_n1b__table_j2x_psq_t1b"><caption></caption><colgroup><col style="width:21.008403361344538%"><col style="width:78.99159663865547%"></colgroup><thead class="thead">
<tr class="row">
<th class="entry colsep-1 rowsep-1" id="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__1">Rule #</th>
<th class="entry colsep-1 rowsep-1" id="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__2"></th>
</tr>
</thead><tbody class="tbody">
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__1">1</td>
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__2">Any incoming packet from the LAN subnet having the unit's LAN host IP address
as a destination is allowed.</td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__1">2</td>
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__2">Any incoming packet from the Uplink subnet is allowed (assuming this is a
private network).</td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__1">3</td>
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__2">Any HTTP incoming packet from the selected IP address having the unit's Uplink
IP address as a destination through TCP port 80 is allowed.</td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__1">4</td>
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__2">Any HTTPS incoming packets from the selected IP address having the unit's
Uplink IP address as a destination through TCP port 443 is allowed, but rate limited
to 10 new connection attempts per 60 sec.</td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__1">5</td>
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__2">Any SSH incoming packets from the selected subnet having the unit's Uplink IP
address as a destination through TCP port 22 is allowed.</td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__1">6</td>
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__2">Any SIP incoming packets from the selected subnet having the unit's Uplink IP
address as a destination through UDP port 5060 is allowed.</td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__1">7</td>
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__2">Any RTP and T.38 incoming packet from the selected subnet having the unit's
Uplink IP address as a destination through UDP port range 5004-6020 is allowed. </td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__1">Default</td>
<td class="entry colsep-1 rowsep-1" headers="reference_oxv_hym_n1b__table_j2x_psq_t1b__entry__2">All other incoming packets are rejected.</td>
</tr>
</tbody></table>
</section>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic reference nested1" aria-labelledby="ariaid-title11" id="reference_ldy_tqm_n1b">
<h2 class="title topictitle2" id="ariaid-title11">Whitelist for Internet Hacker Protection</h2>
<div class="body refbody"><p class="shortdesc">Simple Local Firewall rules to protect the unit from Internet hackers. All incoming
calls are dropped unless they match one of the local firewall rules which are acting on the
incoming traffic towards the Mediatrix gateway.</p>
<section class="section">
<br><img class="image" id="reference_ldy_tqm_n1b__image_qld_bsm_n1b" src="https://documentation.media5corp.com/download/attachments/62825785/AntiHackerRule.png" width="800"><br>
</section>
<section class="section"><h3 class="title sectiontitle">Result:</h3>
<table class="table frame-all" id="reference_ldy_tqm_n1b__table_o3v_lzq_t1b"><caption></caption><colgroup><col style="width:21.978021978021978%"><col style="width:78.02197802197803%"></colgroup><thead class="thead">
<tr class="row">
<th class="entry colsep-1 rowsep-1" id="reference_ldy_tqm_n1b__table_o3v_lzq_t1b__entry__1">Rule #</th>
<th class="entry colsep-1 rowsep-1" id="reference_ldy_tqm_n1b__table_o3v_lzq_t1b__entry__2">Description</th>
</tr>
</thead><tbody class="tbody">
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_ldy_tqm_n1b__table_o3v_lzq_t1b__entry__1">1</td>
<td class="entry colsep-1 rowsep-1" headers="reference_ldy_tqm_n1b__table_o3v_lzq_t1b__entry__2">Any incoming packet from the LAN subnet is allowed.</td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_ldy_tqm_n1b__table_o3v_lzq_t1b__entry__1">2</td>
<td class="entry colsep-1 rowsep-1" headers="reference_ldy_tqm_n1b__table_o3v_lzq_t1b__entry__2">Any incoming packet from the Uplink subnet is allowed (assuming this is a
private network).</td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_ldy_tqm_n1b__table_o3v_lzq_t1b__entry__1">3</td>
<td class="entry colsep-1 rowsep-1" headers="reference_ldy_tqm_n1b__table_o3v_lzq_t1b__entry__2">Any incoming packet from selected IP address is allowed (e.g. this is the
management server).</td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_ldy_tqm_n1b__table_o3v_lzq_t1b__entry__1">4</td>
<td class="entry colsep-1 rowsep-1" headers="reference_ldy_tqm_n1b__table_o3v_lzq_t1b__entry__2">Any incoming packet from the selected subnet is allowed (e.g. this is the Core
SIP server, SBC and its media gateways). </td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_ldy_tqm_n1b__table_o3v_lzq_t1b__entry__1">Default</td>
<td class="entry colsep-1 rowsep-1" headers="reference_ldy_tqm_n1b__table_o3v_lzq_t1b__entry__2">Any incoming packet not meeting the criteria of these rules is dropped.
</td>
</tr>
</tbody></table>
</section>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic reference nested1" aria-labelledby="ariaid-title12" id="reference_bzs_s4q_t1b">
<h2 class="title topictitle2" id="ariaid-title12">Generic Blacklist</h2>
<div class="body refbody"><p class="shortdesc">The default policy is set to "Accept" but the firewall rules are Blacklists acting on
incoming traffic towards the Mediatrix gateway:</p>
<section class="section"><img class="image" id="reference_bzs_s4q_t1b__image_wgb_ppq_t1b" src="https://documentation.media5corp.com/download/attachments/62825785/blacklist.png" width="800"></section>
<section class="section">Subnet example: 192.168.1.0/24</section>
<section class="section"><h3 class="title sectiontitle">Result:</h3>
<table class="table frame-all" id="reference_bzs_s4q_t1b__table_yln_lrq_t1b"><caption></caption><colgroup><col style="width:21.008403361344538%"><col style="width:78.99159663865547%"></colgroup><thead class="thead">
<tr class="row">
<th class="entry colsep-1 rowsep-1" id="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__1">Rule #</th>
<th class="entry colsep-1 rowsep-1" id="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__2">Description </th>
</tr>
</thead><tbody class="tbody">
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__1">1</td>
<td class="entry colsep-1 rowsep-1" headers="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__2">Any incoming packet going to the Uplink interface through TCP port 22 (SSH) is
dropped.</td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__1">2</td>
<td class="entry colsep-1 rowsep-1" headers="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__2">Any incoming packet coming from the specified subnet is dropped.</td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__1">3</td>
<td class="entry colsep-1 rowsep-1" headers="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__2">Any HTTP incoming packet coming from the specified IP address to the Uplink
interface through TCP port 80 is dropped. </td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__1">4</td>
<td class="entry colsep-1 rowsep-1" headers="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__2">Any incoming packet from the specified subnet to the Lan1 interface is
rejected, and an ICMP message is returned. </td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__1">5</td>
<td class="entry colsep-1 rowsep-1" headers="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__2">Any SIP incoming packets from the specified IP address to the Lan1 interface
through UDP port 5060 is rate limited to 10 new connection attempts per 60 sec.
</td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__1">Default</td>
<td class="entry colsep-1 rowsep-1" headers="reference_bzs_s4q_t1b__table_yln_lrq_t1b__entry__2">All other incoming packets are accepted.</td>
</tr>
</tbody></table>
</section>
</div>
</article></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic reference nested0" aria-labelledby="ariaid-title13" id="reference_j4g_nbv_gfb">
<h1 class="title topictitle1" id="ariaid-title13">Online Help</h1>
<p class="shortdesc"><span class="ph">If you are not familiar with the meaning of the fields and
buttons, click <span class="keyword wintitle">Show Help</span>, located at the upper right corner of
the Web page. When activated, the fields and buttons that offer online help will
change to green and if you hover over them, the description will bedisplayed.</span></p>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic concept nested0" aria-labelledby="ariaid-title14" id="concept_v4k_q3h_1r">
<h1 class="title topictitle1" id="ariaid-title14">DGW Documentation</h1>
<div class="body conbody"><p class="shortdesc">Mediatrix devices are supplied with an exhaustive set of documentation. </p>
<p class="p">Mediatrix user documentation is available on the <a class="xref" href="http://documentation.media5corp.com" target="_blank">Media5 Documentation
Portal</a>.</p>
<div class="p">Several types of documents were created to clearly present the information you are looking for.
Our documentation includes:<ul class="ul" id="concept_v4k_q3h_1r__ul_bqy_cjh_1r">
<li class="li"><strong class="ph b">Release notes</strong>: Generated at each GA release, this document includes the known and
solved issues of the software. It also outlines the changes and the new features the release
includes.</li>
<li class="li"><strong class="ph b">Configuration notes</strong>: These documents are created to facilitate the configuration of a
specific use case. They address a configuration aspect we consider that most users will need to
perform. However, in some cases, a configuration note is created after receiving a question
from a customer. They provide standard step-by-step procedures detailing the values of the
parameters to use. They provide a means of validation and present some conceptual information.
The configuration notes are specifically created to guide the user through an aspect of the
configuration. </li>
<li class="li"><strong class="ph b">Technical bulletins</strong>: These documents are created to facilitate the configuration of a
specific technical action, such as performing a firmware upgrade.</li>
<li class="li"><strong class="ph b">Hardware installation guide</strong>: They provide the detailed procedure on how to safely and
adequately install the unit. It provides information on card installation, cable connections,
and how to access for the first time the Management interface.</li>
<li class="li"><strong class="ph b">User guide</strong>: The user guide explains how to customise to your needs the configuration
of the unit. Although this document is task oriented, it provides conceptual information to
help the user understand the purpose and impact of each task. The User Guide will provide
information such as where and how TR-069 can be configured in the Management Interface, how to
set firewalls, or how to use the CLI to configure parameters that are not available in the
Management Interface.</li>
<li class="li"><strong class="ph b">Reference guide</strong>: This exhaustive document has been created for advanced users. It
includes a description of all the parameters used by all the services of the Mediatrix units.
You will find, for example, scripts to configure a specific parameter, notification messages
sent by a service, or an action description used to create Rulesets. This document includes
reference information such as a dictionary, and it does not include any step-by-step
procedures. </li>
</ul></div>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic concept nested0" aria-labelledby="ariaid-title15" id="concept_fqm_rv4_k4">
<h1 class="title topictitle1" id="ariaid-title15">Copyright Notice</h1>
<div class="body conbody"><p class="shortdesc">Copyright © 2023 Media5 Corporation.</p>
<p class="p">This document contains information that is proprietary to Media5 Corporation.</p>
<p class="p">Media5 Corporation reserves all rights to this document as well as to the Intellectual Property
of the document and the technology and know-how that it includes and represents.</p>
<p class="p">This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever,
without written prior approval by Media5 Corporation.</p>
<p class="p">Media5 Corporation reserves the right to revise this publication and make changes at any time
and without the obligation to notify any person and/or entity of such revisions and/or
changes.</p>
</div>
</article></article></main></body></html> |
