UCX Administration
Security – Firewall
IMPORTANT

E-MetroTel AWS cloud instances are pre-configured with AWS security rules that minimize the exposure of the UCX software to the internet. Proceed with caution before activating and making changes to the UCX firewall as you may unintentionally restrict remote access to Administration user interface (https) and remote support (ssh and VPN) from E-MetroTel, also system data may be lost. Recovery from such a situation, if possible, is not covered by standard E-MetroTel support services and may incur charges for support.

Firewall Rules

The Firewall Rules page allows you to configure the firewall for your UCX system. When UCX is installed, there is a set of default firewall rules, which are not active.

Prior to activating the firewall, first go to Define Ports page to make sure the port numbers are up to date.

To activate the Firewall, perform the following steps:

  1. Open UCX Administration
  2. From the Security tab, select Firewall
  3. From the left side column, select Firewall Rules
  4. Press the Activate Firewall button

Default Rules

The following diagram shows the default firewall rules for a newly installed R6.0 system. If your system was upgraded from a previous release, the existing rules are retained and the new R6.0 defaults will not be in the list.

Adding a Firewall Rule

To add a new firewall rule, perform the following steps:

  1. Open UCX Administration
  2. From the Security tab, select Firewall
  3. From the left side column, select Firewall Rules
  4. If the firewall is not active, press the Activate Firewall button to activate it
  5. Press the New Rule button.
  6. Fill in all the fields
  7. Press the Save button to create the new rule
  8. After adding new rule(s), they are displayed on the configuration page but not yet activated on the system. To activate the new rules you created, press the Save Changes button
NOTE

The Source and Destination IP fields must be entered with the corresponding IP address format, and the mask field must be a number between 0 and 32. The value of the Source Address and Destination Address fields must be entered in the format aaa.bbb.ccc.ddd / n (CIDR notation). When you set an IP address field to 0.0.0.0 (meaning "any value"), the mask is ignored. To enter a specific IP address, the mask should be set to 0.

Modifying a Firewall Rule

To edit a rule, select the corresponding Paintbrush icon in the right column, make desired changes to the rule, and press the  Save button to save the changes.

To delete a rule, select the checkbox on the left side of the rule you want to delete, press the Delete button and confirm the action.
Note: After deleting one or more rules, they are removed from the configuration page, but remain active on the system. For the change to take effect, you have to press the Save Changes button to apply the changes to the system.

To change the order of rules, select the Up or Down arrow icon under the Order column. To move a rule up 1 position in the list, select the Up arrow. To move the rule down 1 position in the list select the Down arrow. Changes to the order of rules are immediately applied.

Define Ports

The Define Ports page allows you to create, edit, or delete ports for the firewall.

To view the list of defined ports, perform the following steps:

  1. Open UCX Administration
  2. From the Security tab, select Firewall
  3. From the left side column, select Define Ports
  4. Press the Show Filter button to filter the list based on Name or Protocol
  5. Press the Show button to generate an updated list based on the filter

Update Ports

Click on the Update Ports button and the following list of port numbers will be updated to the current system configuration: 

  • AMI 
  • SSH 
  • IAX2 
  • RTP 
  • SIP 
  • UNISTIM

 

NOTE

The following diagram shows the default ports for a newly installed R6.0 system. If your system was upgraded from a previous release, the existing defined ports are retained and the new R6.0 defaults will not be in the list.

Adding a Port Definition

To define a new port or a port range, perform the following steps:

  1. Open UCX Administration
  2. From the Security tab, select Firewall
  3. From the left side column, select Define Ports
  4. Press the Define Port button
  5. Fill in the fields.  For a single port, enter the port number in the left field only.  For a port range, enter the first and last port number.
  6. Press the Save button to save the new definition

Editing a Port Definition

To edit a port definition, perform the following steps:

  1. Open UCX Administration
  2. From the Security tab, select Firewall
  3. From the left side column, select Define Ports
  4. Select the View link in the Option column
  5. Press the Edit button
  6. Update the desired fields
  7. Press the Save button to update the definition

Deleting a Port Definition

To delete a port, perform the following steps:

  1. Open UCX Administration
  2. From the Security tab, select Firewall
  3. From the left side column, select Define Ports
  4. Select the checkbox on the left side of each port definition that you want to delete
  5. Press the Delete button to delete the definition(s)

Contents