Avaya 3.7 User Manual

Public zone firewall templates

Issue 4 May 2005

301

Rule Name

Action

Source

Destination

Service

Direction

Zone

Keep
State

Description

InBoundPu
blicAccess

Permit

Any

PublicIP

IKE_IN
IPSEC_NAT_T_IN
AH/ESP
ICMPDestUnreach

In

Public

no

Permit
incoming
VPN traffic
and ICMP
unreachable
packet

InBoundPu
blictoDMZA
ccess

Permit

Any

DMZNet

ICMPEchoReq(PING)
FTP-Ctrl/PassiveFTP
SSH/TELNET
HTTP/HTTPS
DNS-TCP/DNS-UDP
POP3/IMAP/SMTP
NNTP

In

Public

Yes

Permit
incoming
traffic to
DMZ
network

InBoundPu
blicBlockAll

Deny

Any

Any

Any

In

Public

No

Deny the
rest of traffic

OutBoundP
ublicAcces
s

Permit

PublicIP

Any

IKE_OUT
IPSEC_NAT_T_OUT
AH/ESP
ICMPDestUnreach

Out

Public

no

Permit
outgoing
VPN traffic

OutBoundP
ublickPing
Access

Permit

DNZNet
PrivateN
et
SemiPriv
ateNat
Manage
mentNet

Any

ICMPEchoRequest

Out

Public

Yes

Permit
outgoing
ping access.

OutBoundP
ublicDNSA
ccess

Permit

PublicIP
DMZNet
PrivateN
et
SemiPriv
ateNet
Manage
mentNet

Any

DNS-TCP
DNS-UDP

Out

Public

Yes

Permit
outgoing
DNS
access.

OutBoundP
ublicGener
alAccess

Permit

Any

Any

ICMPEchoReq(PING)
FTP-Ctrl/PassiveFTP
SSH/TELNET
HTTP/HTTPS
DNS-TCP/DNS-UDP
POP3/IMAP/SMTP

Out

Public

Yes

Permit traffic
with the
services to
go out. The
traffic can
come from
any network.

OutBoundP
ublicBlockA
ll

Deny

Any

Any

Any

Out

Public

No

Deny the
rest of traffic