Support User Manuals

Cisco Systems ONS 15600 Security Camera User Manual

Open as PDF

of 350

9-23

Cisco ONS 15600 Reference Manual, R7.2

Chapter 9 Management Network Connectivity

9.5 External Firewalls

The following ACL (access control list) example shows a firewall configuration when the SOCKS proxy

server gateway setting is not enabled. In the example, the CTC workstation's address is 192.168.10.10.

and the ONS 15600 address is 10.10.10.100. The firewall is attached to the GNE, so the inbound

direction is from CTC to the GNE and the outbound direction is from the GNE to CTC. The CTC

Common Object Request Broker Architecture (CORBA) Standard constant is 683 and the TCC CORBA

Default is TCC Fixed (57790).

access-list 100 remark *** Inbound ACL, CTC -> NE ***

access-list 100 remark

access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 eq www

access-list 100 remark *** allows initial contact with ONS 15600 using http (port 80) ***

access-list 100 remark

access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 eq 57790

access-list 100 remark *** allows CTC communication with ONS 15600 GNE (port 57790) ***

access-list 100 remark

access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 established

access-list 100 remark *** allows ACKs back from CTC to ONS 15600 GNE ***

access-list 101 remark *** Outbound ACL, NE -> CTC ***

access-list 101 remark

access-list 101 permit tcp host 10.10.10.100 host 192.168.10.10 eq 683

access-list 101 remark *** allows alarms etc., from the 15600 (random port) to the CTC

workstation (port 683) ***

access-list 100 remark

access-list 101 permit tcp host 10.10.10.100 host 192.168.10.10 established

access-list 101 remark *** allows ACKs from the 15600 GNE to CTC ***

The following ACL (access control list) example shows a firewall configuration when the SOCKS proxy

server gateway setting is enabled. As with the first example, the CTC workstation address is

192.168.10.10 and the ONS 15600 address is 10.10.10.100. The firewall is attached to the GNE, so

inbound is CTC to the GNE and outbound is from the GNE to CTC. CTC CORBA Standard constant

(683) and TCC CORBA Default is TCC Fixed (57790).

1080 Proxy server (socks) D

2001-2017 I/O card Telnet NA

2018 DCC processor on active TCC2/TCC2P D

2361 TL1 D

3082 Raw TL1 D

3083 TL1 D

5001 BLSR server port D

5002 BLSR client port D

7200 SNMP alarm input port D

9100 EQM port D

9401 TCC boot port D

9999 Flash manager NA

10240-12287 Proxy client D

57790 Default TCC listener port OK

1. D = deny, NA = not applicable, OK = do not deny

Table 9-7 Ports Used by the TSC (continued)

Port Function Action

1

previous next