9-23
Cisco ONS 15600 Reference Manual, R7.2
Chapter 9 Management Network Connectivity
9.5 External Firewalls
The following ACL (access control list) example shows a firewall configuration when the SOCKS proxy
server gateway setting is not enabled. In the example, the CTC workstation's address is 192.168.10.10.
and the ONS 15600 address is 10.10.10.100. The firewall is attached to the GNE, so the inbound
direction is from CTC to the GNE and the outbound direction is from the GNE to CTC. The CTC
Common Object Request Broker Architecture (CORBA) Standard constant is 683 and the TCC CORBA
Default is TCC Fixed (57790).
access-list 100 remark *** Inbound ACL, CTC -> NE ***
access-list 100 remark
access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 eq www
access-list 100 remark *** allows initial contact with ONS 15600 using http (port 80) ***
access-list 100 remark
access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 eq 57790
access-list 100 remark *** allows CTC communication with ONS 15600 GNE (port 57790) ***
access-list 100 remark
access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 established
access-list 100 remark *** allows ACKs back from CTC to ONS 15600 GNE ***
access-list 101 remark *** Outbound ACL, NE -> CTC ***
access-list 101 remark
access-list 101 permit tcp host 10.10.10.100 host 192.168.10.10 eq 683
access-list 101 remark *** allows alarms etc., from the 15600 (random port) to the CTC
workstation (port 683) ***
access-list 100 remark
access-list 101 permit tcp host 10.10.10.100 host 192.168.10.10 established
access-list 101 remark *** allows ACKs from the 15600 GNE to CTC ***
The following ACL (access control list) example shows a firewall configuration when the SOCKS proxy
server gateway setting is enabled. As with the first example, the CTC workstation address is
192.168.10.10 and the ONS 15600 address is 10.10.10.100. The firewall is attached to the GNE, so
inbound is CTC to the GNE and outbound is from the GNE to CTC. CTC CORBA Standard constant
(683) and TCC CORBA Default is TCC Fixed (57790).
1080 Proxy server (socks) D
2001-2017 I/O card Telnet NA
2018 DCC processor on active TCC2/TCC2P D
2361 TL1 D
3082 Raw TL1 D
3083 TL1 D
5001 BLSR server port D
5002 BLSR client port D
7200 SNMP alarm input port D
9100 EQM port D
9401 TCC boot port D
9999 Flash manager NA
10240-12287 Proxy client D
57790 Default TCC listener port OK
1. D = deny, NA = not applicable, OK = do not deny
Table 9-7 Ports Used by the TSC (continued)
Port Function Action
1