Configuring Lancom Firewall


This document describes the configuration of Lancom 1781A devices. This manual is based on firmware LCOS 9.24 and should be compatible with any device running this firmware. Although settings can be done via Telnet or the web interface, it is recommended to follow the guide via the LanTools and LanMonitor. Please note that we cannot assist you in the configuration of your firewall.

Step 1: Disable SIP ALG

  1. Open the LanTools and navigate to “Configuration → SIP-ALG” and disable it.

Step 2: Port Forwarding (NAT)

  1. To create an inbound access list open “Configuration → IP-Router → Masquerading → Port forwarding table”

  1. Use the “Add” button to set a custom list of ports which shall be allowed to connect to ECLOUD. All ports and port ranges which needs to be added into this list can be found here. When all ports have been added, click “OK”. Under “Address”add the internal IP of your ECLOUD.

Step 3: Inbound Access List

  1. Navigate to “Configuration → Firewall/QoS → General” and ensure IPv4-Firewall is enabled.
  2. Click on “Configuration → Firewall/QoS → IPv4-Rules” and create a “Station-Object” ECLOUDSRV with the internal IP of ECLOUD.
  3. Click on “Service-Object” and create a set of rules similar to Step 2 with the ports and transports as seen below. Update the ECLOUDMNG-Port according to your installation port.
    1. Finally click on the “Rules” button and create the rules using the service objects you created in the previous step.

    Step 4: Outbound Access List

    Since a Lancom router does not block any outgoing packets in the basic setting, no rules need to be set up. If there is a general rule for blocking or only certain packages should be allowed duplicate the inbound rule list for outbound.

    Step 5:Validating Your Setup

    Log into your ECLOUD Management Console → Dashboard → Firewall and run the ECLOUD Firewall Checker. This will validate if your firewall is correctly configured for use with ECLOUD.