Oki BS1200 Application notes - page 6
BS1200 and Network Access Security.
A Basic Network Primer
MCS v4.0 Firmware v2.0
6
First a Firewall Situation:
A firewall can be described as a filter or guard at the gate. They are setup to allow only certain kinds of
incoming data packets, permissible outside requests for information from inside the firewall, returning
information requested from inside the firewall. If an incoming data packet does not have permission to go
through it is rejected. This filtering process adds delay to the data streams. Delay is always a consideration
for a BS1200 installation. A firewall does not change the IP addresses of the devices inside its zone. All IP
addresses remain public and static
It is generally preferable that a BS1200 network installation be connected to the IP network outside of any
existing firewall installation.
(See fig 4)
When for practical or policy reasons, an installation must be
routed through a firewall some performance degradation may occur.
(See fig 4a)
If possible the BS1200 should be installed according to fig 4. This places the BS1200 IVG in the public IP
address zone. The advantages to this are the elimination of added delay due to the firewall, maintaining a
static public IP address, and less systems administration with communication port assignments on the
firewall. The only thing that may be needed for the client to implement is another hub in front of the
firewall and maybe some table listings on the Router.
ROUTER
BS1200
PHONE LINKS
PBX OR KTS OR
ANALOG PHONES
LAN
FIREWALL
SERVER
EXTERNAL
IP ADDRESS
NNN.NNN.NNN.NNN
(PUBLIC)
HUB
HUB
INTERNET
(STATIC PUBLIC IP ADDRESS)
fig 4
OUTSIDE A FIREWALL ZONE EXAMPLE
INTERNAL
IP ADDRESS
NNN.NNN.NNN.NNN
(PUBLIC)
Figure 4 is the preferred installation method for the BS1200 with a firewall.
In figure 4a the addition of a switch or connection to an existing switch just after the firewall and making
sure the proper ports for voice and fax packets are open for use.
(See table 1)
Figure 4a is the preferred
installation method for the BS1200 after a firewall.
ROUTER
BS1200
PHONE LINKS
PBX OR KTS OR
ANALOG PHONES
LAN
EXTERNAL
IP ADDRESS
NNN.NNN.NNN.NNN
(PUBLIC)
SWITCH
FIREWALL
SERVER
INTERNET
STATIC IP ADDRESS
(PUBLIC)
fig 4a
INSIDE A FIREWALL ZONE EXAMPLE
INTERNAL
IP ADDRESS
NNN.NNN.NNN.NNN
(PUBLIC)
OPEN PORTS
Reference
TABLE 1
You should also be aware that, as in the above example, when a BS1200 IVG is routed through a firewall
the Router IP address no longer serves as the BS1200 Gateway address. Instead, the internal IP address of
the firewall becomes the Gateway address to be associated with the BS1200 IVG.