HP VCX Software manual Firewall and Client Configuration, DMZ type

Page 65

Chapter 7. Firewall and Client Configuration

Additional configuration for the firewall and the SIP clients is required to make the Telecom- muting Module work properly. The amount and nature of the configuration depends on which Telecommuting Module Type was selected.

The DMZ type

Using the DMZ type, the network configuration should look like this:

The Firewall

The firewall to which the Telecommuting Module is connected should have the following configuration:

SIP over UDP

Let through UDP traffic between the Internet (all high ports) and the Telecommuting Module (port 5060). You must allow traffic in both directions.

Let through UDP traffic between the internal networks (all high ports) and the Telecom- muting Module (port 5060). You must allow traffic in both directions.

Let through UDP traffic between the Internet (all high ports) and the Telecommuting Module (the port interval for media streams which was set on the Basic Settings page). You must allow traffic in both directions.

Let through UDP traffic between the internal networks (all high ports) and the Telecom- muting Module (the port interval for media streams which was set on the Basic Settings page). You must allow traffic in both directions.

Let through UDP traffic between the Telecommuting Module (all high ports) and the In- ternet (port 53). You must allow traffic in both directions. This enables the Telecommuting Module to make DNS queries to DNS servers on the Internet. If the DNS server is located on the same network as the Telecommuting Module, you don’t have to do this step.

NAT between the Telecommuting Module and the Internet must not be used.

NAT between the Telecommuting Module and the internal networks must not be used.

SIP over TCP/TLS

57

Image 65
Contents Getting started Guide 3Com VCX IP Telecommuting ModulePage 3Com VCX IP Telecommuting Module Getting started Guide Page Table of Contents Page Part I. Installation of the 3Com VCX IP Telecommuting Module Page Introduction What is a Telecommuting Module?Configuration alternatives DMZ ConfigurationStandalone Configuration DMZ/LAN ConfigurationOverview of the Installation License Conditions About settings in 3Com VCX IP Telecommuting ModuleInstallation Installing 3Com VCX IP Telecommuting ModuleInstallation with magic ping Installation with a serial cablePage Page Page Page Installation with a diskette Page Page Remember to lock up the Telecommuting Module Turning off a Telecommuting ModuleInstalling 3Com VCX IP Telecommuting Module Part II. Configuring 3Com VCX IP Telecommuting Module Page Telecommuting Module Type Network ConfigurationNetwork Configuration General Interface Network Interface 1Telecommuting Module Type configuration Physical device Directly Connected NetworksStatus Interface nameDNS Name Or IP Address NameIP address Netmask/BitsAlias Router Static RoutingRouted network Cancel Default GatewayMain Default Gateways SaveGateway Reference Hosts Policy For Packets From Unused GatewaysDynamic InterfaceNetworks and Computers Lower Limit NameSubgroup Interface/VLAN Upper LimitDelete Row CreateSurroundings SurroundingsNetwork Additional NegotiatorsData Interfaces Basic Configuration Default domain IP PolicyName of this Telecommuting Module Policy For Ping To Your 3Com VCX IP Telecommuting ModuleDNS Servers Reverts all the above fields to their previous configuration Network Configuration Additional SIP Signaling Ports Basic SettingsSIP Configuration SIP ModuleSIP Media Port Range Provisioning RelayTransport CommentServer Public IP address for NATed Telecommuting ModuleSIP Servers To Monitor SIP Logging Log class for SIP signalingLog class for SIP packets Log class for SIP license messagesRouting Log class for SIP errorsDNS Override For SIP Requests Log class for SIP media messagesRelay To DomainSender IP Filter Rules FilteringFrom Network ActionContent Type Content TypesDefault Policy For SIP Requests Allow InteroperabilityURI Encoding Remote SIP Connectivity Remote Clients Signaling ForwardingRemote NAT Traversal Remote NAT traversalNAT keepalive method NAT timeout for UDPNAT timeout for TCP Media Route Configuration Allowed Via Interface Administration of the Telecommuting ModuleAccess Control Configuration Transport User Authentication For Web Interface AccessConfiguration via Http Configuration ComputersConfiguration via Https Configuration via SSHVia IPsec Peer DNS Name Or Network AddressNetmask/Bits Range Log Class SSHSave/Load Configuration Duration of limited test modeTest Preliminary Configuration Apply configurationSave to diskette BackupShow Message About Unapplied Changes Save/Load CLI Command File Reload Factory Configuration Revert to Old ConfigurationsAbort All Edits Administration of the Telecommuting Module Firewall Firewall and Client ConfigurationDMZ type Other DMZ/LAN typeSIP clients Standalone type SIP clients Apply Index
Related manuals
Manual 446 pages 4.55 Kb