This article explains how to set up an AudioCodes MP1xx or Mediant series device Firewall, for gateways connected with MAXCS.

Administrators can specify that the gateway can be configured only from certain IP addresses. Configuring the device’s firewall in this manner greatly diminishes network vulnerability, so that security tools can audit the gateway devices successfully.

Warning:  Be very careful when configuring the device’s firewall.  If you accidentally block all network access, then you may need to perform a factory reset in order to recover.

While following these steps, you will need to substitute the IP address for your PC and your MAXCS IP address for the placeholder addresses shown here.

• Entries in the Firewall list can be either Allow or Block. 
• Lower/smaller index numbers take precedence over higher/larger index numbers. Therefore, make sure all Allow entries have smaller index numbers than the Block entries. If Block index numbers are lower than some Allow index numbers, those Allow addresses or ports will be blocked!

  Add an Allow entry for your own PC’s IP address (10.40.0.20 in this example), so that your system can always configure the MP1xxx/Mediant device. Use a low index number.

4. If you have any other PCs that are used to configure gateways, consider adding Allow entries for those as well. Use low index numbers.

5. Add another Allow entry; this time, enter the MAXCS IP address (in the figure, we used 10.30.5.94). Use a low index number.

6. Now add a Block entry, to block network access from any other IP address. Use a much higher index number; it must be a larger number than any of your Allow entries.

Important:  If you are following AltiGen’s guide to setup the survivability, you may not want to directly block 5060 or 10060 to all IP addresses. Doing so will disable the survivability. 

If you are setting up up survivability for an AudioCodes gateway, the AudioCodes device will need to talk to Polycom or to the AltiGen phone directly. In this case, you cannot block every port; otherwise, survivability will not work. Instead, you can use the Source Port field to block individual ports, such as 23, 161, 443, 5061, or 5081. Each port requires a separate entry. For example, to block port 443, set both Start Port and End Port to 443.

7. Confirm that you can still configure the device after you make all of your firewall changes.

8. Once you confirm that you can still configure the device, click Burn to burn the settings to the gateway.



9. If you are using IP extensions/FXS port, you will need to log into MAXCS Administrator and check the Connect Media Stream to Server option for those extensions.