Chapter 6. Basic Configuration

This is the most secure configuration, since all traffic goes through both your firewall and your Telecommuting Module. It is also the most flexible, since all networks connected to any of your firewall’s interfaces can be SIP-enabled.

The drawback is that the SIP traffic will pass the firewall twice, which can decrease perfor- mance.

On your firewall, you need to open the SIP port (normally UDP port 5060) and a range of UDP ports for RTP traffic between the Telecommuting Module and the Internet as well as between the Telecommuting Module and your internal networks. The SIP traffic finds its way to the Telecommuting Module using DNS or by setting the Telecommuting Module as an outbound proxy on the clients.

The firewall mustn’t use NAT for the traffic between the Telecommuting Module and your internal networks or for the traffic between the Telecommuting Module and the Internet. However, the Telecommuting Module can itself use NAT for traffic to the Internet.

You need to declare your internal network topology on the Surroundings page.

DMZ/LAN Configuration

Using this configuration, the Telecommuting Module is located on the DMZ of your firewall, and connected to it with one of the interfaces. The other interfaces are connected to your internal networks. The Telecommuting Module can handle several networks on the internal interface even if they are hidden behind routers.

This configuration is used to enhance the data throughput, since the traffic only needs to pass your firewall once.

On your firewall, you need to open the SIP port (normally UDP port 5060) and a range of UDP ports for RTP traffic between the Telecommuting Module and the Internet. The other interface is connected to your internal network. The Telecommuting Module can handle sev- eral networks on the internal interface even if they are hidden behind routers. No networks on other interfaces on the firewall can be handled.

100

Page 108
Image 108
HP VCX Software manual DMZ/LAN Configuration