1. ENUM User Guide
  2. Security Firewall
  3. Firewall Configuration

5.1 Firewall Configuration

To achieve the firewall security on VENUM server, follow the below recommendations:
  • Add connection in DNS Connections MO on which external client communicates. Also, add Client’s IP in ENUM ACLs MO to make its entry in the firewall trusted list.

    Note:

    We can’t provide drop packets protection on XMI interface since it is used for external communication and this IP is a publicly exposed IP.
  • In case of Master Slave Zones and Zone Forwarding, ensure the following configurations for firewall protection:
    • For forward zone, add connection in DNS Connections MO on which the source communicates. Also, IP of the source should be in destination’s ACL MO.
    • If XMI interfaces is used, then check if there is any connection on the default DNS port at master server. If there is connection present on default DNS port, then have IP of the slave in master’s ENUM ACL MO and Connection in the DNS Connection MO.

    Note:

    Since Signaling Interfaces are blocked for SSH, do not use it for master slave replication.