1. Operations, Administration, and Maintenance Guide
  2. Common Security
  3. Signaling Firewall

8.4 Signaling Firewall

The Signaling Firewall feature provides network security for Diameter networks in LTE domains. This feature configured with firewall rules by the System OAM only operates on DA-MP servers. When you enable or disable a diameter or RADIUS connection, a notification is sent to the servers to update the firewall rules to allow or disallow incoming network traffic.

Note:

In new DSR installations, the Signaling Firewall is enabled by default; however, during a DSR upgrade without the feature, the Signaling Firewall is disabled by default. Otherwise, it uses the setting from the previous release.
Use Common Security, and then Maintenance, and then Signaling Firewall to:
  • View the administrative state of an active signaling node and operational status of all servers.
  • Click plus (+) to view the operational status of each servers.
  • Enable or disable the administrative state of a selected signaling node.
  • Check pause updates to stop the real-time status updates.

Signaling Firewall Maintenance Elements

The following table describes fields on the Signaling Firewall maintenance page.

Table 8-4 Signaling Firewall Maintenance Elements

Field Description
Signaling Node Name of the SOAM Server group
Admin State Signaling node can be:
  • Enabled
  • Disabled
Servers Total number of active DA-MP servers reporting on the firewall status in the signaling node.
Operational Status Operational status from all active servers is collectively used to determine the status of the signaling firewall at a signaling node level. Status can be:
  • Operational: all servers operational
  • Degraded: one or more servers report failed
  • Failed: all servers failed
  • Disabled: one or more servers is administratively disabled
  • Unknown: one or more server fails to report

Cell background color is useful in troubleshooting when the operational status of the signaling firewall is degraded, unknown, orfailed:

  • Disabled - Normal/no special colorin
  • Normal - Normal/no special colorin
  • Degraded - Yellow
  • Failed - Red
  • Unknown - Red
Operational Reason Operation reason describes the status:
  • Operational: Firewall is operational on all servers
  • Degraded: Firewall has failed on some but not all servers
  • Failed: Error message
  • Disabled: Firewall is administratively disabled
  • Unknown: At least one server fails to report its firewall operational status

Enabling Signaling Firewall Nodes

Use this task to enable the Signaling Firewall on a signaling node.

The firewall status of each server contributes to the overall firewall operational status of the signaling node.

Enable is only active when you select the Signaling Node (top-level row) and the administrative state is disabled.
  1. Click Common Security, and then Maintenance, and then Signaling Firewall.
  2. Select the Signaling Node.
  3. Click Enable.
  4. Click OK or Cancel.

Disabling Signaling Firewall Nodes

Use this task to disable Signaling Firewall on a signaling node.

Disable is only active when you select the Signaling Node (top-level row) and theadministrative state is enabled. Signaling firewalls are only enabled on the DA-MPServers shown in the signaling node you select.
  1. Click Common Security, and then Maintenance, and then Signaling Firewall.
  2. Select the Signaling Node.
  3. Click Disable.
  4. Click OK or Cancel.