Current Active Firewall Rules; Configuring Automated Intrusion Protection - Cisco TelePresence Administrator's Manual

Network and system settings
Field Description
Start and The port range to which the
end port rule applies.
Action The action to take against
any IP traffic that matches
the rule.
Allow: Accept the traffic.
Drop: Drop the traffic
without any response to the
sender.
Reject: Reject the traffic
with an 'unreachable'
response.
Description An optional free-form
description of the firewall
rule.

Current active firewall rules

The Current active firewall rules
shows the user-configured firewall rules that are currently in place on the system. Note that there is also a set
of built-in rules that are not shown in this list.
If you want to change the rules you must go to the
set up and activate a new set of rules.

Configuring automated intrusion protection

The automated protection service can be used to detect and block malicious traffic and to help protect the
VCS from dictionary-based attempts to breach login security.
It works by parsing the system log files to detect repeated failures to access specific service categories,
such as SIP, SSH and web/HTTPS access. When the number of failures within a specified time window
reaches the configured threshold, the source host address (the intruder) and destination port are blocked for a
specified period of time. The host address is automatically unblocked after that time period so as not to lock
out any genuine hosts that may have been temporarily misconfigured.
You can configure ranges of addresses that are exempted from one or more categories (see
exemptions [p.38] below).
Automated protection should be used in combination with the
to dynamically detect and temporarily block specific threats, and use firewall rules to permanently block a
range of known host addresses.
About protection categories
The set of available protection categories on your VCS are pre-configured according to the software version
that is running. You can enable, disable or configure each category, but you cannot add additional categories.
The rules by which specific log file messages are associated with each category are also pre-configured and
cannot be altered. You can view example log file entries that would be treated as an access failure/intrusion
Cisco VCS Administrator Guide (X8.1.1)
Usage tips
Only applies if specifying a UDP or TCP Custom service.
Dropping the traffic means that potential attackers are not provided
with information as to which device is filtering the packets or why.
For deployments in a secure environment, you may want to
configure a set of low priority rules (for example, priority 50000) that
deny access to all services and then configure higher priority rules
(for example, priority 20) that selectively allow access for specific IP
addresses.
If you have a lot of rules you can use the Filter by description options
to find related sets of rules.
page (System > Protection > Firewall rules > Current active
Firewall rules configuration page from where you can
firewall rules feature - use automated protection
Intrusion protection
rules)
Configuring
Page 36 of 507