1. User's Guide
  2. Denial of Service Protection and ACLs
  3. Host Path Protection Process
  4. Access Control for Hosts

Access Control for Hosts

ACLs are supported for the SIP signaling protocol. The OECB loads ACLs so they are applied when signaling ports are loaded. The following rules apply to static NAT entries based on your configuration:

  • If there are no ACLs applied to a realm that have the same configured trust level as that realm, the OECB adds a default NAT entry using the realm parameters.
  • If you configure a realm with none as its trust level and you have configured ACLs, the OECB only applies the ACLs.
  • If you set a trust level for the ACL that is lower than the one you set for the realm, the OECB will not add a separate NAT entry for the ACL.

ACLs provide access control based on destination addresses when you configure destination addresses as a way to filter traffic. You can set up a list of access control exceptions based on the source or the destination of the traffic.

For dynamic ACLs based on the promotion and demotion of endpoints, the rules of the matching ACL are applied.