Actions

Difference between revisions of "Firewall (Zenitel Connect Pro)"

From Zenitel Wiki

(Created page with "{{C}} ==Introduction== The firewall allows inbound rules rules to be set. Rules can be set for each network port individually. An ICX-510 has...")
 
(Adding, editing and deleting rules)
 
Line 53: Line 53:
 
==Adding, editing and deleting rules==
 
==Adding, editing and deleting rules==
 
* Add a rule: Click on [[File:ZC_PlusIcon.PNG|25px]] on the right hand top side of the inbound rules or outbound rules table and edit the new line as appropriate
 
* Add a rule: Click on [[File:ZC_PlusIcon.PNG|25px]] on the right hand top side of the inbound rules or outbound rules table and edit the new line as appropriate
* Edit a rule: Click on [[File:ZC_PencilIcon.PNG|25px]] at the end of each rule; edit the rule as appropriate
+
* Edit a rule: Click on the field you want to edit
 
* Delete a rule: Select or multi-select the rules to be deleted; click on [[File:ZC_DustbinIcon.PNG|25px]] on the right hand top side of the inbound rules table.
 
* Delete a rule: Select or multi-select the rules to be deleted; click on [[File:ZC_DustbinIcon.PNG|25px]] on the right hand top side of the inbound rules table.
  

Latest revision as of 16:37, 22 October 2024

ZCP IconPlatf.PNG

Introduction

The firewall allows inbound rules rules to be set. Rules can be set for each network port individually. An ICX-510 has 2 network ports. Zenitel Connect Pro running on a virtual machine can have 1 or more ports, depending on how many ports have been assigned to the VM.

Rules can be added, edited and deleted.

Firewall rules can be set in the tile Firewall in the System section.
ZC FirewallTile.PNG

Inbound rules

Inbound rules can be assigned different criterias:

  • Protocol:
    • TCP
    • UDP
  • Destination port, select any port number from 1 to 65535
  • Source address
    • The source address can be left empty; if left empty, there is no filtering based on the IP-address of the source
    • The source address can be assigned a subnet address in CIDR notation; example: 192.168.0.0/24 will only allow traffic from IP-addresses in the range 192.168.0.1 - 192.168.0.254
    • The source address can be assigned a specific IP-address; only traffic originating from that IP-address is allowed
  • The network port on which the inbound traffic is allowed

Points to consider

Zenitel Link is the protocol through which external applications can integrate with Zenitel Connect Pro. Ideally it should use encryption. For this it needs inbound ports 443 and 8086 to be open, which is the default setting.

While developing the integration it can be an advantage to be able to trace the network traffic with an application like Wireshark. Is is then beneficial that the network traffic is not encrypted. This is available by using ports 80, and 8087 (default closed).

Default rules

Protocol Port Name Comment
TCP 80 HTTP Unsecure web access and log in for Zenitel Link. It is advisable to close this port after initial system setup.
TCP 443 HTTPS Secure web access and log in for Zenitel Link
UDP 5060 SIP/UDP
TCP 5060 SIP/TCP
TCP 5061 SIPS SIP secure
TCP 8086 WAMP/WSS Secure data connection for Zenitel Link
TCP 8087 WAMP/WS Unsecure data connection for Zenitel Link. Default closed
UDP 10000:20000 RTP/RTPS
UDP 123 NTP

Adding, editing and deleting rules

  • Add a rule: Click on ZC PlusIcon.PNG on the right hand top side of the inbound rules or outbound rules table and edit the new line as appropriate
  • Edit a rule: Click on the field you want to edit
  • Delete a rule: Select or multi-select the rules to be deleted; click on ZC DustbinIcon.PNG on the right hand top side of the inbound rules table.
ZCP Firewall.PNG
Firewall settings

Homepage (Zenitel Connect Pro)