Manuals / HP / Computer Equipment / Software

HP VCX Software manual Standalone type

Models: VCX Software

1 70

Download 70 pages 30.95 Kb

Page 67

Chapter 7. Firewall and Client Conﬁguration

The Firewall

The ﬁrewall to which the Telecommuting Module is connected should have the following conﬁguration:

SIP over UDP

•Let through UDP trafﬁc between the Internet (all high ports) and the Telecommuting Module (port 5060). You must allow trafﬁc in both directions.

•Let through UDP trafﬁc between the Internet (all high ports) and the Telecommuting Module (the port interval for media streams which was set on the Basic Settings page). You must allow trafﬁc in both directions.

•Let through UDP trafﬁc between the Telecommuting Module (all high ports) and the In- ternet (port 53). You must allow trafﬁc in both directions. This enables the Telecommuting Module to make DNS queries to DNS servers on the Internet. If the DNS server is located on the same network as the Telecommuting Module, you don’t have to do this step.

•NAT between the Telecommuting Module and the Internet must not be used.

SIP over TCP/TLS

•Let through TCP trafﬁc between the Internet (all high ports) and the Telecommuting Mod- ule (ports 1024-32767). You must allow trafﬁc in both directions.

•Let through UDP trafﬁc between the Internet (all high ports) and the Telecommuting Module (the port interval for media streams which was set on the Basic Settings page). You must allow trafﬁc in both directions.

•Let through UDP trafﬁc between the Telecommuting Module (all high ports) and the In- ternet (port 53). You must allow trafﬁc in both directions. This enables the Telecommuting Module to make DNS queries to DNS servers on the Internet. If the DNS server is located on the same network as the Telecommuting Module, you don’t have to do this step.

•NAT between the Telecommuting Module and the Internet must not be used.

SIP clients

The SIP clients on the internal network should have the Telecommuting Module’s IP address on that network as their outgoing SIP proxy and registrar.

Other

The DNS server used must have a record for the SIP domain, which states that the Telecom- muting Module handles the domain, or many SIP clients won’t be able to use it (if you don’t use plain IP addresses as domains).

The Standalone type

Using the Standalone type, the network conﬁguration should look like this:

59

Image 67

HP VCX Software manual Standalone type

Contents

Getting started Guide 3Com VCX IP Telecommuting ModulePage 3Com VCX IP Telecommuting Module Getting started Guide Page Table of Contents Page Part I. Installation of the 3Com VCX IP Telecommuting Module Page DMZ Conﬁguration What is a Telecommuting Module?Introduction Conﬁguration alternativesStandalone Conﬁguration DMZ/LAN ConﬁgurationOverview of the Installation License Conditions About settings in 3Com VCX IP Telecommuting ModuleInstallation with a serial cable Installing 3Com VCX IP Telecommuting ModuleInstallation Installation with magic pingPage Page Page Page Installation with a diskette Page Page Remember to lock up the Telecommuting Module Turning off a Telecommuting ModuleInstalling 3Com VCX IP Telecommuting Module Part II. Conﬁguring 3Com VCX IP Telecommuting Module Page Telecommuting Module Type Network ConﬁgurationNetwork Conﬁguration Telecommuting Module Type conﬁguration Interface Network Interface 1General Interface name Directly Connected NetworksPhysical device StatusNetmask/Bits NameDNS Name Or IP Address IP addressAlias Routed network Static RoutingRouter Save Default GatewayCancel Main Default GatewaysInterface Policy For Packets From Unused GatewaysGateway Reference Hosts DynamicNetworks and Computers Subgroup NameLower Limit Create Upper LimitInterface/VLAN Delete RowAdditional Negotiators SurroundingsSurroundings NetworkData Interfaces Policy For Ping To Your 3Com VCX IP Telecommuting Module Default domain IP PolicyBasic Conﬁguration Name of this Telecommuting ModuleDNS Servers Reverts all the above ﬁelds to their previous conﬁguration Network Conﬁguration SIP Module Basic SettingsAdditional SIP Signaling Ports SIP ConﬁgurationComment Provisioning RelaySIP Media Port Range TransportSIP Servers To Monitor Public IP address for NATed Telecommuting ModuleServer Log class for SIP license messages Log class for SIP signalingSIP Logging Log class for SIP packetsLog class for SIP media messages Log class for SIP errorsRouting DNS Override For SIP RequestsRelay To DomainAction FilteringSender IP Filter Rules From NetworkDefault Policy For SIP Requests Content TypesContent Type URI Encoding InteroperabilityAllow Remote NAT traversal Remote Clients Signaling ForwardingRemote SIP Connectivity Remote NAT TraversalNAT timeout for TCP NAT timeout for UDPNAT keepalive method Media Route Access Control Administration of the Telecommuting ModuleConﬁguration Allowed Via Interface Conﬁguration Transport User Authentication For Web Interface AccessConﬁguration via SSH Conﬁguration ComputersConﬁguration via Http Conﬁguration via HttpsNetmask/Bits Range DNS Name Or Network AddressVia IPsec Peer Log Class SSHApply conﬁguration Duration of limited test modeSave/Load Conﬁguration Test Preliminary ConﬁgurationShow Message About Unapplied Changes BackupSave to diskette Save/Load CLI Command File Abort All Edits Revert to Old ConﬁgurationsReload Factory Conﬁguration Administration of the Telecommuting Module DMZ type Firewall and Client ConﬁgurationFirewall SIP clients DMZ/LAN typeOther Standalone type SIP clients Apply Index