Dns from any ip to any, 1 of 2 – Avaya 3.7 User Manual

Public zone firewall templates

Issue 4 May 2005

299

●

DNS from any IP to any

●

Common services originating from all internal networks, private, DMZ, management and
semi-private.

All other outgoing traffic is blocked.

The medium security policy for the public zone is the same as that of the high security policy.

The low security policy allows all the traffic allowed for medium security. In addition, all TCP,
UDP packets from all networks are allowed to go out.

Table 31: Public high and medium security firewall rules

Rule Name

Action

Source

Destination

Service

Direction

Zone

Keep State

Description

InBoundPu
blicAccess

Permit

Any

PublicIP

IKE-IN
IKE-AVAYA-
IN
IPSEC-NAT
-T-IN
AH/ESP
ICMPDEST
UNREACH
ABLE

In

Public

no

Permit
incoming
VPN traffic
and ICMP
unreachable
packet

InBoundPu
blictoDMZA
ccess

Permit

Any

DMZNet

ICMPECHO
REQUEST
SSH/
TELNET
FTP-CTRL
PASSIVEFT
P
HTTP/
HTTPS
DNS-TCP/
DNS-UDP
NETBIOS-N
S-TCP/UDP
NETBIOS-D
GM-TCP/
UDP
NETBIOS-S
SN-TCP/
UDP
POP3/
IMAP/SMTP
NNTP

In

Public

Yes

Permit
incoming
traffic to
DMZ
network

InBoundPu
blicBlockAll

Deny

Any

Any

ANY

In

Public

No

Deny the
rest of traffic

OutBoundP
ublicAccess

Permit

PublicIP

Any

IKE-OUT
IKE-AVAYA-
OUT
IPSEC-NAT
-T-OUT
AH/ESP
ICMPDEST
UNREACH
ABLE

Out

Public

no

Permit
outgoing
VPN traffic

1 of 2