Configure Networks
Grant Access Privileges to Trusted Local Networks
By default, several MSL services, including server manager access, SSH and system monitoring, are accessible only from computers that are located on the same network where the MSL server is installed. If you need to manage the server from a different subnet on the LAN, then you must configure the other subnet as a "Trusted Network." This configuration opens the firewall and allows access to the services on the MSL server.
Example of Default Routing Configuration
In the example illustrated below, the LAN interface of the MSL server has an IP address of 10.36.20.20. Accordingly, the server will accept traffic only from the 10.36.20.x network while blocking traffic from all other subnets on the LAN.
Example of Trusted Network Configuration
In the example illustrated below, the MSL server has been configured an IP address of 10.36.20.20 on its LAN interface and with a "trusted network" of 10.34.20.0/255.255.255.0. Accordingly, the server will accept traffic from both the 10.36.20.x and 1034.20.x subnets.
-
If only one network is being serviced by the server, you do not need to add any information here.
-
Adding a "trusted network" automatically opens the firewall:
-
allows access to the HTTP services on the MSL server
-
allows access to all MiVoice Business network services
-
-
If your server has an IPv6 address configured on its LAN interface, then you can extend privileges to IPv6 networks as well as IPv4 networks. (IPv6 is not supported by MiVoice Business)
-
Use the Secure Shells Settings topic in MSL Server Manager document to control access to HTTP and SSH services to specified networks..
-
If you only need to enable traffic to/from remote (or "untrusted") servers but not want them to access MSL services, simply add a network route.
-
Depending on the architecture of your network infrastructure, the instructions for configuring the clients on an additional network may be different than the following instructions. For more information about adding networks, contact your authorized Mitel Reseller.
-
Under Configuration, click Networks.
-
Click Add a new trusted network.
-
In the Network Address field, enter the IPv4 or IPv6 address of the network to designate as “local”.
-
In the Subnet mask or network prefix length field, enter the dot-decimal subnet mask or CIDR network prefix to apply to the Network Address. If this field is blank, the system assigns a network prefix length of /24 for IPv4 networks or /64 for IPv6 networks.
Note: If you are using the Mitel Performance Analytics (MPA) application for analyzing the MiVoice Business system, then:- Refer the Secure Shells Settings topic in MSL Server Manager document to enable Secure Shells for trusted and remote management networks.
- Add trusted network for the MPA with Network as the IP address of MPA and Subnet mask or network prefix length as 255.255.255.255.
-
In the Router field, enter the IP address of the router you will use to access the newly-added network.
-
Click Add.
Add Network Routes
Use this procedure to add new routes to the MSL server's routing table. This configuration opens the firewall and enables traffic to flow to/from remote servers but does not grant access to the MSL services (as would adding a trusted network).
-
The additional network routes are firewalled.
-
Adding additional network routes is an advanced option and should only be used if you have a thorough understanding of both routing and your network topology.
-
Under Configuration, click Networks.
-
Click Add a new network route.
-
In the Network Address field, enter the IPv4 or IPv6 address of the network route.
-
In the Subnet mask or network prefix length field, enter the subnet mask or CIDR prefix to apply to the Network Address. If this field is left blank, the system assigns a network prefix length of /24 for IPv4 networks or /64 for IPv6 networks.
-
In the Router field, enter the IP address of the router you will use to access the newly-added network.
-
Click Add.