Set LAN Security screen

Use the Set Lan Security screen to enable or disable network services on the corporate LAN interface to the Avaya media server. You can activate or deactivate these services as needed to control features or access to the media server. Your changes to this interface do not affect services on the other Ethernet interfaces. This topic covers:

How to check or change LAN services status
Description of common services

Caution:
The IP services that are checked on the Set LAN Security screen are already enabled. To disable IP services, you must deselect the service. Be careful about disabling common IP services, it may adversely affect your Avaya media server. See Description of common services below.

Check or change LAN IP services status

Four columns identify and provide the status of the IP service.

Input to server	The IP service you select for incoming server communications. This selection can be different from outgoing server communications.
Output from server	The IP service you select for outgoing server communications. This can be different from incoming server communications.
Service	A list of names of the most commonly used IP services. Their current status is shown: either enabled (checked) or disabled (checkbox clear). Name of IP service: The name of the service is listed. These are standard Linux services. For details on their operation and use, refer to published Linux documentation. Note: To display a complete list of all services available for this interface, click Advanced Setting.
Port/Protocol	This column shows what port on the Ethernet interface this service uses, and what protocol it uses. Common protocols include Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

To check or change the services that are allowed on the corporate LAN Ethernet interface:

In the main menu of the web administration interface under Security, click Set LAN Security.
To change the service-activation status.
To disable an IP service:
Clear the checkbox to disable this service on the corporate LAN interface.
To enable an IP service:
Check the box to activate a service on the corporate LAN interface.
To view all IP services:
Click Advanced Setting to adjust the status of a service that is not listed on the first page. This screen redisplays, listing all the Linux IP services available for this Ethernet interface.
When finished, click Set Security.
The screen lists a confirmation message for every service status that was successfully changed.
If an error message appears, contact the LAN administrator for network debugging.
To display this screen again to verify your changes, click Set LAN Security link on the main menu again.

Description of common services

The most commonly used services have the following functions and potential service impacts. Refer to published Linux documentation for details about the services that appear on the Advanced Setting page.

File Transfer Protocol (FTP): used for uploading or downloading data files, announcements, license files, or firmware.
Secure shell (SSH): A secure shell (SSH) remote interface utility can be used as an alternative to telnet. SSH commands and passwords are encrypted, and both ends of the client/server connection are authenticated through a digital certificate. The SSH suite includes a secure copy (SCP) program that can be used as an alternative to FTP. The SSH and SCP utilities provide greater security than FTP and telnet, and should be used if available.
Telecommunications network (telnet): provides a command-line interface for running server platform commands and applications such as SAT.
Simple Mail Transfer Protocol (SMTP): supports email service across the web.
World Wide Web (WWW): enables Hypertext Transport Protocol (HTTP), which is required for communication with a web browser (such as the one you are using to view these pages).
Network Time Protocol (NTP): allows the Avaya media server to synchronize its time with an external time source. See Configure Network Time Server for details.
Secure Hypertext Transport Protocol (HTTPS): A secure extension to HTTP that encrypts all messages between the web server and a browser. It also uses a digital signature to authenticate users and servers.

This screen is a front-end to the standard Linux command ipchains. Ipchains is used to set up, maintain, and inspect the IP firewall rules in the Linux kernel. These rules can be divided into four categories: the IP input chain, the IP output chain, the IP forwarding chain, and user-defined chains. This screen only allows administration of the input chain. The output chain and forwarding chain are set to "accept". There is no user-defined chain.