Management zone security, Converged network anaylyzer template – Avaya 3.7 User Manual

Management zone security

Issue 4 May 2005

311

Management zone security

Management interface connection can be configured to simplify network deployments to
eliminate enterprise network dependencies on switches or routers.

The Management zone is a trusted network similar to the Private zone. Outgoing traffic is
allowed, but incoming traffic is restricted. Only traffic initiated by the security gateway is allowed.

High, medium and low security rules are the same.

Incoming

All traffic is allowed to come in from the management network.

Outgoing

Only packets from the Management IP to the Management zone are allowed.

Converged Network Anaylyzer template

The converged network analyzer (CNA) template is a set of firewall rules that can be configured
to allow CNA traffic to travel through the network when the security gateway is setup as a
firewall device. Typically, the security gateway will not allow CNA traffic to travel through the
device, however; when the CNA template is configured and added to existing firewall rules CNA
traffic is allowed.

Table 43: Management high, medium, and low security firewall rules

Rule Name

Action

Source

Desti-nation

Servi
ce

Direct
-ion

Zone

Keep
State

InBoundManagementInterfacePer
mitAccess

Permit

Any

ManagementIP

Any

In

Management

No

InBoundManagementPermitAll

Permit

Any

Any

Any

In

Management

Yes

OutBoundManagementInterfaceAc
cess

Permit

Manage
mentIP

Any

Any

Out

Management

No

OutBoundManagementBlockAll

Deny

Any

Any

Any

Out

Management

No