HP VCX Software manual Standalone type

Page 67

Chapter 7. Firewall and Client Configuration

The Firewall

The firewall to which the Telecommuting Module is connected should have the following configuration:

SIP over UDP

Let through UDP traffic between the Internet (all high ports) and the Telecommuting Module (port 5060). You must allow traffic in both directions.

Let through UDP traffic between the Internet (all high ports) and the Telecommuting Module (the port interval for media streams which was set on the Basic Settings page). You must allow traffic in both directions.

Let through UDP traffic between the Telecommuting Module (all high ports) and the In- ternet (port 53). You must allow traffic in both directions. This enables the Telecommuting Module to make DNS queries to DNS servers on the Internet. If the DNS server is located on the same network as the Telecommuting Module, you don’t have to do this step.

NAT between the Telecommuting Module and the Internet must not be used.

SIP over TCP/TLS

Let through TCP traffic between the Internet (all high ports) and the Telecommuting Mod- ule (ports 1024-32767). You must allow traffic in both directions.

Let through UDP traffic between the Internet (all high ports) and the Telecommuting Module (the port interval for media streams which was set on the Basic Settings page). You must allow traffic in both directions.

Let through UDP traffic between the Telecommuting Module (all high ports) and the In- ternet (port 53). You must allow traffic in both directions. This enables the Telecommuting Module to make DNS queries to DNS servers on the Internet. If the DNS server is located on the same network as the Telecommuting Module, you don’t have to do this step.

NAT between the Telecommuting Module and the Internet must not be used.

SIP clients

The SIP clients on the internal network should have the Telecommuting Module’s IP address on that network as their outgoing SIP proxy and registrar.

Other

The DNS server used must have a record for the SIP domain, which states that the Telecom- muting Module handles the domain, or many SIP clients won’t be able to use it (if you don’t use plain IP addresses as domains).

The Standalone type

Using the Standalone type, the network configuration should look like this:

59

Page 66 Page 68
Image 67
Page 66 Page 68
Contents Getting started Guide 3Com VCX IP Telecommuting ModulePage 3Com VCX IP Telecommuting Module Getting started Guide Page Table of Contents Page Part I. Installation of the 3Com VCX IP Telecommuting Module Page DMZ Configuration What is a Telecommuting Module?Introduction Configuration alternativesStandalone Configuration DMZ/LAN ConfigurationOverview of the Installation License Conditions About settings in 3Com VCX IP Telecommuting ModuleInstallation with a serial cable Installing 3Com VCX IP Telecommuting ModuleInstallation Installation with magic pingPage Page Page Page Installation with a diskette Page Page Remember to lock up the Telecommuting Module Turning off a Telecommuting ModuleInstalling 3Com VCX IP Telecommuting Module Part II. Configuring 3Com VCX IP Telecommuting Module Page Telecommuting Module Type Network ConfigurationNetwork Configuration Telecommuting Module Type configuration Interface Network Interface 1General Interface name Directly Connected NetworksPhysical device StatusNetmask/Bits NameDNS Name Or IP Address IP addressAlias Routed network Static RoutingRouter Save Default GatewayCancel Main Default GatewaysInterface Policy For Packets From Unused GatewaysGateway Reference Hosts DynamicNetworks and Computers Subgroup NameLower Limit Create Upper LimitInterface/VLAN Delete RowAdditional Negotiators SurroundingsSurroundings NetworkData Interfaces Policy For Ping To Your 3Com VCX IP Telecommuting Module Default domain IP PolicyBasic Configuration Name of this Telecommuting ModuleDNS Servers Reverts all the above fields to their previous configuration Network Configuration SIP Module Basic SettingsAdditional SIP Signaling Ports SIP ConfigurationComment Provisioning RelaySIP Media Port Range TransportSIP Servers To Monitor Public IP address for NATed Telecommuting ModuleServer Log class for SIP license messages Log class for SIP signalingSIP Logging Log class for SIP packetsLog class for SIP media messages Log class for SIP errorsRouting DNS Override For SIP RequestsRelay To DomainAction FilteringSender IP Filter Rules From NetworkDefault Policy For SIP Requests Content TypesContent Type URI Encoding InteroperabilityAllow Remote NAT traversal Remote Clients Signaling ForwardingRemote SIP Connectivity Remote NAT TraversalNAT timeout for TCP NAT timeout for UDPNAT keepalive method Media Route Access Control Administration of the Telecommuting ModuleConfiguration Allowed Via Interface Configuration Transport User Authentication For Web Interface AccessConfiguration via SSH Configuration ComputersConfiguration via Http Configuration via HttpsNetmask/Bits Range DNS Name Or Network AddressVia IPsec Peer Log Class SSHApply configuration Duration of limited test modeSave/Load Configuration Test Preliminary ConfigurationShow Message About Unapplied Changes BackupSave to diskette Save/Load CLI Command File Abort All Edits Revert to Old ConfigurationsReload Factory Configuration Administration of the Telecommuting Module DMZ type Firewall and Client ConfigurationFirewall SIP clients DMZ/LAN typeOther Standalone type SIP clients Apply Index
Related manuals
Manual 446 pages 4.55 Kb
Top Page Image Contents