IP Office Platform
  Carroll Communications Home
  Avaya IP Office
  Avaya IP Office 406 r2
  Avaya IP Office 412
  IP Office Telephones
  Voice Mail Pro
  Phone Manager Pro
  IP Office Manager
  IP Office Soft Console
  Avaya Conferencing
  Compact Business Center
  Short Codes
  Data Networking
  IP Office Expansion Modules
  IP Office Licenses
  Centrales Telefonicas
  Voice over IP Phone Systems
  IP Office 403

Telephone Systems

Telecommunications Consulting
Control Unit
Extension Form Overview
Extension | Extn
Extension | Analog
Extension | VoIP
Extension | IP DECT
User Form Overview
User | User
User | Voicemail
User | DND| Short Codes
User | Source Numbers
User | Telephony
User | Forwarding
User | Dial In
User | Voice Recording
User | Coverage
User | Button Programming
User | Twinning | Menu Programming
User | T3 Options
User | Phone Manager Options
Hunt Group Overview
Hunt Group | Hunt Group
Hunt Group | Voicemail
Hunt Group | Fallback
Hunt Group | Queuing| Voice Recording
Short Code | Short Code
Service Settings Form Overview
Service | Service
Service | Bandwidth
Service | IP
Service | Autoconnect
Service | Quota
Service | PPP
Service | Fallback| Dial In
RAS Form Overview
Incoming Call Route Overview
Incoming Call Route | Standard
WAN Port Overview
WAN Port | Frame Relay
WAN Port | DLCIs
WAN Port | Advanced
Directory | Directory Entry
Time Profile Overview
Firewall Profile Form Overview
Firewall | Custom
IP Route Overview
IP Route | IP Route
RIP Dynamic Routing
Least Cost Routing Overview
Least Cost Routing | LCR| Main Route
Least Cost Routing | Alternate Route
Account Code Overview
Account Code | Voice Recording
License | License
Tunnel | Tunnel (L2TP)
Tunnel | L2TP (L2TP)
Tunnel | PPP (L2TP)
Tunnel | Main (IPSec)
Tunnel | IKE Policies (IPSec)
Tunnel | IPSec Policies (IPSec)
Logical LAN
Wireless Overview
Wireless | Security
User Restrictions Overview
User Rights Overview
User Rights | User
User Rights | Short Codes| Telephony
User Rights | Button/Menu Programming
User Rights | Phone Manager
User Rights | Twinning| Membership
Auto Attendant Overview
Auto Attendant | Auto Attendant
Auto Attendant | Actions
Overview of Authorization Code
E911 System Overview
E911 System | E911 System
E911 System | Zones
IP Office Manager Pt.1
IP Office Manager Pt.3
about us | phone equipment | t1 lines | partner phone systems | site map | contact us

Avaya IP Office

The Avaya IP Office platform is the ultimate in converged voice and data technology. IP Office brings a combination of voice and data applications formerly reserved for only the largest corporations. Cutting edge customer service with easy to use tools is now available to the smallest of businesses.


Firewall | Custom

The tab lists custom firewall settings added to the firewall profile. The Add, Edit and Remove controls can be used to amend the settings in the list.  



Operator Rights View



















IP406 V1




IP406 V2






  • Notes
    For information only. Enter text to remind you of the purpose of the custom firewall entry.  

  • Remote IP Address
    The IP address of the system at the far end of the link. Blank allows all IP addresses.

  • Remote IP Mask
    The mask to use when checking the Remote IP Address. When left blank no mask is set, equivalent to - allow all.

  • Local IP Address
    The address of devices local to this network (pre-translated). Blank allows all IP addresses.

  • Local IP Mask
    The mask to use when checking the Local IP Address. When left blank no mask is set, equivalent to - allow all.

  • IP Protocol
    The value entered here corresponds to the IP Protocol which is to be processed by this Firewall profile: 1 for ICMP, 6 for TCP, 17 for UDP or 47 for GRE. This information can be obtained from the "pcol" parameter in a Monitor trace.

  • Match Offset
    The offset into the packet (0 = first byte of IP packet) where checking commences for either a specific port number, a range of port numbers, or data.

  • Match Length
    The number of bytes to check in the packet, from the Match Offset point, that are checked against the Match Data and Match Mask settings.

  • Match Data
    The values the data must equal once masked with the Match Mask. This information can be obtained from "TCP Dst" parameter in a Monitor trace (the firewall uses hex so a port number of 80 is 50 in hex)

  • Match Mask
    This is the byte pattern, which is logically ANDed with the data in the packet from the offset point. The result of this process is then compared against the contents of the "Match Data" field.

  • Direction
    The direction that data may take if matching this filter.


All matching traffic is dropped.


Incoming traffic can start a session.


Outgoing traffic can start a session.

Both Directions

Both incoming and outgoing traffic can start sessions.


Example Custom Firewall Entries

Example: Dropping NetBIOS searches on an ISPs DNS
We suggest that the following filter is always added to the firewall facing the Internet to avoid costly but otherwise typically pointless requests from Windows machines making DNS searches on the DNS server at your ISP.

  • Direction: Drop

  • IP Protocol: 6 (TCP)

  • Match Offset: 20

  • Match Length: 4

  • Match Data: 00890035

  • Match Mask: FFFFFFFF


Example: Browsing Non-Standard Port Numbers
The radio button for HTTP permits ports 80 and 443 through the firewall. Some hosts use non-standard ports for HTTP traffic, for example 8080, 8000, 8001, 8002, etc. You can add individual filters for these ports as you find them.

You wish to access a web page but you cannot because it uses TCP port 8000 instead of the more usual port 80, use the entry below.

  • Direction: Out

  • IP Protocol: 6 (TCP)

  • Match Offset: 22

  • Match Length: 2

  • Match Data: 1F40

  • Match Mask: FFFF


A more general additional entry given below allows all TCP ports out.

  • Direction: Out

  • IP Protocol: 6 (TCP)

  • Match Offset: 0

  • Match Length: 0

  • Match Data: 00000000000000000000000000000000

  • Match Mask: 00000000000000000000000000000000


Example: Routing All Internet Traffic through a WinProxy
If you wish to put WinProxy in front of all Internet traffic via the Control Unit. The following firewall allows only the WinProxy server to contact the Internet : -

  1. Create a new Firewall profile and select Drop for all protocols

  2. Under Custom create a new Firewall Entry

  3. In Notes enter the name of the server allowed. Then use the default settings except in Local IP Address enter the IP address of the WinProxy Server, in Local IP Mask enter and in Direction select Both Directions.

  4. Stopping PINGs
    You wish to stop pings - this is ICMP Filtering. Using the data below can create a firewall filter that performs the following; Trap Pings; Trap Ping Replies; Trap Both.

    • Trap Pings: Protocol = 1, offset = 20, data = 08, mask = FF

    • Trap Ping Replies: Protocol = 1, offset = 20, data = 00, mask = FF

    • Trap Both: Protocol = 1, offset = 20, data = 00, mask = F7, Traps Both.


avaya business partner | voice mail | avaya one x quick edition | buy phone systems | vm pro | contact us
PO BOX 186 Spring Lake, New Jersey 07762
1-800-429-0077 ::: 732-280-3200
Copyright 2006 CarrollCommunications.com All Rights Reserved.