Configuring AudioCodes Gateway Firewalls

This article explains how to set up an AudioCodes MP1xx or Mediant series device Firewall, for gateways connected with MAXCS.

Administrators can specify that the gateway can be configured only from certain IP addresses. Configuring the device’s firewall in this manner greatly diminishes network vulnerability, so that security tools can audit the gateway devices successfully.

Warning:  Be very careful when configuring the device’s firewall.  If you accidentally block all network access, then you may need to perform a factory reset in order to recover.

While following these steps, you will need to substitute the IP address for your PC and your MAXCS IP address for the placeholder addresses shown here.

1. Under Configuration, select Full.

click-full.jpg

2. Select VoIP > Security > Firewall Settings.

menu-firewall-settings.jpg

3. Note the following consideration before you add items to the firewall list:
  • Entries in the Firewall list can be either Allow or Block
  • Lower/smaller index numbers take precedence over higher/larger index numbers. Therefore, make sure all Allow entries have smaller index numbers than the Block entries. If Block index numbers are lower than some Allow index numbers, those Allow addresses or ports will be blocked!

  Add an Allow entry for your own PC’s IP address (10.40.0.20 in this example), so that your system can always configure the MP1xxx/Mediant device. Use a low index number.

add-pc.jpg

4. If you have any other PCs that are used to configure gateways, consider adding Allow entries for those as well. Use low index numbers.

5. Add another Allow entry; this time, enter the MAXCS IP address (in the figure, we used 10.30.5.94). Use a low index number.

add-maxcs.jpg

6. Now add a Block entry, to block network access from any other IP address. Use a much higher index number; it must be a larger number than any of your Allow entries.

block-others.jpg

Important:  If you are following AltiGen’s guide to setup the survivability, you may not want to directly block 5060 or 10060 to all IP addresses. Doing so will disable the survivability. 

If you are setup up the survivability for AudioCodes gateway, the AudioCodes device will need to talk to Polycom or AltiGen phone directly. In that case, you cannot block every ports, or survivability will not work. Instead, you can use the Source Port field to block individual ports, such as 23, 161, 443, 5061, and 5081. Each port requires a separate entry. For example, to block port 443, set both Start Port and End Port to 443.
If you are setting up up survivability for an AudioCodes gateway, the AudioCodes device will need to talk to Polycom or to the AltiGen phone directly. In this case, you cannot block every port; otherwise, survivability will not work. Instead, you can use the Source Port field to block individual ports, such as 23, 161, 443, 5061, or 5081. Each port requires a separate entry. For example, to block port 443, set both Start Port and End Port to 443.

 

7. Confirm that you can still configure the device after you make all of your firewall changes.

8. Once you confirm that you can still configure the device, click Burn to burn the settings to the gateway.

burn.jpg

9. If you are using IP extensions/FXS port, you will need to log into MAXCS Administrator and check the Connect Media Stream to Server option for those extensions.

connect-media-stream.jpg



Attachments

No attachments were found.

Related Articles

Visitor Comments

Article Details

Last Updated
7th of September, 2017

Would you like to...

Print this page  Print this page

Email this page  Email this page

Post a comment  Post a comment

 Subscribe me

Subscribe me  Add to favorites

Remove Highlighting Remove Highlighting

Edit this Article

Quick Edit

Export to PDF


User Opinions



How would you rate this answer?




Thank you for rating this answer.

Continue