6000 MAS

[paterson]

Does anyone know if we can turn off the ability of the 6000MAS to return PING requests from an external source?

I do have all remote access turned off, but the customer is wanting a bit more security.

This site is configured as Server&Gateway mode, has the Teleworker Blade installed, and is at the latest Releases.

Thanks!


**************************************
My Biggest problem is that I almost always believe what I tell myself.

 

[MitelInMyBlood]

Doesn't this run on Linux?
I would think with Linux running as the software router/gateway and with a Linux-savvy guru nearby that anything protocol-related would be possible.

 

[paterson]

Yep, it does run on Linux.

I guess if the customer wants to change the operating system themselves, they can (I won't do it,LOL). But I would have to question whether Mitel would support a system that had it's protocols changed on the core. I was more hoping that there was some function or setting that I am missing that is available that I could change from the Admin page.

Thanks for the reply!


**************************************
My Biggest problem is that I almost always believe what I tell myself.

 

[TheMitelGuy]

Yes, you can set your box not to respond to PING requests. I will look it up, and tell you.

 

[paterson]

Thanks MitelGuy, were you able to find it?


**************************************
My Biggest problem is that I almost always believe what I tell myself.

 

[TheMitelGuy]

Well, I guess you can't? I thought there was a on/off toggel somewhere, but I guess there is not. I did search on contribs.org, and didn't find anything there either.

 

[paterson]

Thanks, I had looked through the admin website and the documents but couldn't find anything. I was just hopefull that someone might have found a different way, thanks again!


**************************************
My Biggest problem is that I almost always believe what I tell myself.

 

[Mitelpassion]

The 6000mas server runs Red hat linxu, all be it a tweaked one. It runs iptables firewall.

You could access the shell and write a firewall rule to reject or drop icmp request. I have done this sucesfully in the past but the issue is when you reboot the rule is deleted. Wisely so cause the 6000 firewall is created from a template. I haven't looked at where these templates are stored but sure once you find this, you could easily add the rule into a chain somewhere. I have some experience with iptables, which is why I attempted to block ICMP requests.

getting a guru involved is probably the best route....

 

[paterson]

Thanks! I will suggest that to the customer.


**************************************
My Biggest problem is that I almost always believe what I tell myself.

 

[TheMitelGuy]

Just put it in as a suggestion on MOL. They are pretty good with stuff that is easy, and involves security.

 

[paterson]

LOL, I put in a DRC this morning as well. Hopefully it is simple and can get implemented. I think there would be lots of current and future customers that would like to see the product has this capability.

Thanks for hanging in there!


**************************************
My Biggest problem is that I almost always believe what I tell myself.

 

[TheMitelGuy]

Make sure you talk to your TAM, so it gets the proper attention. Good feature.