Manuals / TANDBERG / Computer Equipment / Network Card

TANDBERG D14049.04 manual 155, Other Issues

Models: D14049.04

1 276

Download 276 pages 37.25 Kb

Page 155

Grey Headline (continued)

Other Issues

TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE

Firewall Traversal and Dual Network Interfaces		Firewall Configuration

The Dual Network Interfaces option enables the LAN 2 interface on your VCS Expressway (the option is not available on a VCS Control). The LAN 2 interface is used in situations where your VCS Expressway is located in a DMZ that consists of two separate networks - an inner DMZ and an outer DMZ - and your firewall rules prevent communication between the two.

With the LAN 2 interface enabled, you can configure the VCS with two separate IP addresses, one for each network in the DMZ. Your VCS then acts as a proxy server between the two networks, allowing calls to pass between the internal and outer firewalls that make up your DMZ.

All ports configured on the VCS, including those relating to firewall traversal, will apply to both IP addresses; it is not possible to configure these ports separately for each IP address.

In order for Expressway™ firewall traversal to function correctly, the firewall must be configured to:

•allow initial outbound traffic from the client to the ports being used by the VCS Expressway

•allow return traffic from those ports on the VCS Expressway back to the originating client.

TANDBERG offers a downloadable tool, the Expressway Port Tester, that allows you to test your firewall configuration for compatibility issues with your network and endpoints. It will advise if necessary which ports may need to be opened on your firewall in order for the Expressway™ solution to function correctly. The Expressway Port Tester currently only supports H.323. Contact your TANDBERG representative for more information.

We recommend that you turn off any H.323 and SIP protocol support on the firewall: these ! are not needed in conjunction with the TANDBERG Expressway™ solution and may interfere

with its operation.

Introduction

Getting Started

Overview and

System

VCS

Zones and

Call

Bandwidth

Firewall

Applications

Maintenance

Appendices

Status

Configuration

Configuration

Neighbors

Processing

Control

Traversal

D14049.04

155

JULY 2008

Image 155

TANDBERG D14049.04 manual 155, Other Issues

Contents

Guide Getting Started What’s in this Manual?Preamble IntroductionDNS Overview and StatusNTP VCS ConfigurationCall Processing Zones and NeighborsBandwidth Control 151 Applications MaintenanceAppendices Copyright 2008, Tandberg Legal NoticesApprovals Safety Instructions and ApprovalsSafety Instructions Waste Handling Digital User Guides Environmental IssuesTANDBERG’s Environmental Policy Environmental Issues Tandberg VCS Overview VCS and the Tandberg Total SolutionVCS Expressway VCS Base ApplicationsVCS Control User Policy FindMe Standard Features Optional FeaturesDual Network Interfaces What’s New in this Version? Typographical conventions Administrator GuideUsing this Administrator Guide Command Line InterfaceGetting Started Connecting the Cables InstallationInstallation Site Preparations General Installation PrecautionsPowering on the VCS Initial Configuration via Serial Cable Initial ConfigurationDown key Initial Configuration via Front PanelUP key Overview System Administrator AccessSupported Browsers Using the Web InterfaceSelect Administrator Login Web InterfaceGeneral page features How Command are Shown in this Guide Command Line Interface Supported CharactersUsing the Command Line Interface CLI Types of CommandsOverview and Status Viewing the Overview Understanding the Overview OverviewSystem Information Speed EthernetStatus System Ethernet MAC address Viewing the IP Status Understanding the IP Status IP StatusStatus System Resource Usage Traversal calls Resource UsageViewing the Resource Usage Understanding the Resource Usage Viewing the Registrations Understanding the Registrations RegistrationsEnd Time Registration HistoryReason DurationPublishers Presentities Subscribers PresenceViewing the Presence Status Pages Viewing the Calls Understanding the Calls CallsStatus Call History Filter Call HistoryViewing the Call History Understanding the Call History Status Search History Search HistoryViewing the Search History Understanding the Search History About SearchesViewing the Local Zone Understanding the Local Zone Local ZoneStatus Zones ZonesViewing the Zones Understanding the Zones Status Links LinksViewing the Links Understanding the Links Status Pipes PipesViewing the Pipes Understanding the PipesViewing the Stun Relays Understanding the Stun Relays Stun RelaysStatus Applications ApplicationsViewing the Applications Understanding the Applications Status Warnings Viewing the Warnings Understanding the WarningsEvent Log Levels Event LogViewing the Event Log Understanding the Event Log Event Log Color CodingEvent Log Format Interpreting the Event LogEvent Message Details FieldEvents and Levels Registration Accepted Message ReceivedMessage Rejected Message SentUser session Login failure System Backup errorSystem Restore error TLS Negotiation ErrorTypes of Configuration Events Configuration LogViewing the Configuration Log Understanding the Configuration LogSystem Configuration About the System Name System AdministrationOverview Configuration About Administrator Access settingsEthernet speed System Configuration EthernetXConfiguration Ethernet About Ethernet SpeedAbout IPv4 to IPv6 Gatewaying Overview IP ConfigurationXConfiguration IP XConfiguration IPProtocol XConfiguration IP Route XCommand RouteAddIPv4 subnet mask Overview LAN ConfigurationAbout LAN Configuration About Dual Network InterfacesAbout the DNS Domain Name XConfiguration IP DNSAbout DNS Servers About the Time Zone System Configuration NTPXConfiguration NTP Address XConfiguration TimeZone Name About the NTP ServerAbout Snmp XConfiguration SnmpAddress XConfiguration ExternalManagerExternal Manager About the External ManagerRemote Logging LoggingAbout Logging About Remote LoggingAbout Event Log Levels Setting the Event Log LevelXConfiguration Log Level Log LevelsVCS Configuration Overview Endpoint Registration 323XConfiguration H323 Configuring H.323SIP Registration Expiry Using the VCS as a SIP RegistrarSIP Overview About SIP on the VCSSIP protocols and ports Using the VCS as a SIP Proxy ServerUsing the VCS as a SIP Presence Server XConfiguration SIP Configuring SIP Registrations, Protocols and PortsView/Edit Configuring SIP DomainsVCS Configuration Protocols SIP Domains CancelInterworking Configuring InterworkingXConfiguration Interworking Mode Save SIP interworking modeEndpoint Registration MCU, Gateway and Content Server RegistrationRegistration Control Registration OverviewH323 Gatekeeper AutoDiscovery Finding a VCS with which to Register323 Preventing automatic registrationsAuthentication for Local Registrations AuthenticationAuthentication Mode Configuring AuthenticationAbout External Registration Credentials Configuring External Registration CredentialsAuthentication using an Ldap Server Authentication DatabasesAlias Origin Setting XConfiguration Ldap XConfiguration Authentication Ldap Configuring Ldap Server settingsConfiguring the Local Database Authentication using a Local DatabaseAlias Registration Attempts to Register using an Existing AliasRegistering Aliases About Alias RegistrationRemoving existing registrations Allow and Deny ListsAbout Allow and Deny Lists Activating use of Allow or Deny ListsManaging Entries in the Allow List XCommand AllowListAdd XConfigurationAllowList RegistrationAdd Deny List Pattern VCS Configuration Registration Deny ListXCommand DenyListAdd XConfigurationDenyList Registration Managing Entries in the Deny ListZones and Neighbors About your Video Communications Network Example Network DiagramIntroduction Local Zone Matches Overview Configuring the Local Zone and its SubzonesLocal Zone and Subzones Bandwidth ManagementWhat are traversal calls? Configuring the Traversal Subzone PortsVCS Configuration Local Zone Traversal Subzone Traversal SubzoneNeighbor Zone About Zones Traversal Client Zone Traversal Server ZoneXCommand DefaultLinksAdd Enum Zone DNS Zone Default ZoneXConfiguration Zones Zone Adding Zones Configuring ZonesVCS Configuration Zones XCommand ZoneAddMatch1 Match5 Configuring Zones All TypesHop count Configuring Neighbor Zones Retry interval Configuring Traversal Client ZonesAuthentication username Configuring Traversal Server Zones DNS suffix Configuring Enum ZonesConfiguring DNS Zones Cluster Subzone Clustering, Peers and AlternatesAbout Clustering System Name Administration Accounts IP configurationDNS Configuration PrerequisitesUpgrading to Backup and RestoreRegistrations SIP RegistrationsEnabling the Replication of FindMe Information ConfigurationClustering and FindMe Viewing Peers Clustering and PresencePeer 1...Peer 6 address 100Neighboring the Local VCS to a Cluster Dial Plans 101Call Processing 102Search Process Call Processing Diagram103 Dialing by Enum 104Dialing by Address Types Dialing by IP Address Dialing by H.323 or SIP URIHop Counts About Hop Counts Configuring Hop CountsXConfiguration Zones Zone 1..200 HopCount 105Pre-Search Transforms 106Searches and Transforms Overview of Searches and Transforms107 Configuring Pre-Search TransformsXConfiguration Transform Zone Searching and Transforming 108Local Zone Configuring Zone Searches and TransformsDefault Settings 109Never Query a Zone 110Examples Combining Match Types and PrioritiesFilter Queries to a Zone Without Transforming 111Query a Zone for Original and Transformed Alias 112Query a Zone for Two or More Transformed Aliases 113114 About Call Policy Administrator Policy and AuthenticationAuthentication Mode On Authentication Mode OffAdministrator Policy Mode Administrator PolicyEnabling the use of Administrator Policy VCS Configuration Call Policy116 Configuring Administrator Policy via the Web InterfaceAbout CPL XSD files 117Uploading a CPL Script H323 118URI Dialing Process Configuring Matches for DNS Zones119 URI Dialing for Outgoing CallsAdvanced Adding and Configuring DNS ZonesXCommand ZoneAdd XConfiguration Zones Zone 120121 Configuring DNS ServersXConfiguration IP DNS Server URI Dialing for Incoming Calls 122URI Dialing and Firewall Traversal Example DNS Record ConfigurationRecommended Configuration 123Overview Process Enabling Enum Dialing 124Enum Dialing 7.6.5.4.3.2.1.4.4 125Enum Dialing for Outgoing Calls Example126 Configuring Matches for Enum ZonesConfiguring Transforms for Enum Zones Mode of PatternMatch Pattern string Pattern type of PrefixClick Create Zone Configuring Enum Zones127 128 About DNS Domains for Enum Configuring DNS Naptr Records129 Enum Dialing for Incoming CallsUnregistered Endpoints Recommended Configuration for Firewall TraversalXConfiguration Call Services 130Fallback Alias Overview Configuration Example UsageXConfiguration Call Services Fallback Alias 131Identifying a Particular Call 132Call IDs, Serial Numbers and Tags 133 Disconnecting CallsDisconnecting a Call via the Web Interface Issues when Disconnecting SIP CallsBandwidth Control 134Bandwidth Control on the VCS Example Network Deployment 135Bandwidth Control Overview Specifying the Subzone IP Addresses Subzone Links About the Default Subzone136 SubzonesCreating a Subzone XCommand SubZoneAdd137 138 Configuring a SubzoneXConfiguration Zones LocalZone SubZone How Different Bandwidth Limitations are Managed 139Applying Bandwidth Limitations to Subzones Types of LimitationsAbout Links Creating Links Default LinksXCommand LinkAdd 140Editing Links XConfiguration Bandwidth Link141 142 Default LinksAbout Default Links Pre-Configured LinksAbout Pipes Creating Pipes XCommand PipeAdd143 Editing an Existing Pipe XConfiguration Bandwidth Pipe144 Editing PipesOne Pipe, Two or More Links 145Applying Pipes to Links One Pipe, One Link146 Default Bandwidth and DownspeedingAbout the Default Call Bandwidth Configuring Default Call Bandwidth and DownspeedingExample Without a Firewall 147Bandwidth Control Examples Example With a Firewall VCS Expressway Subzone ConfigurationVCS Control Subzone Configuration 148Firewall Traversal 149How does it work? 150Firewall Traversal Overview About Expressway VCS as a Firewall Traversal ClientVCS Expressway Server Quick Guide to VCS Traversal Client Server Configuration151 SIP Firewall Traversal Protocols 152Firewall Traversal Protocols and Ports Overview Expressway Process Firewall Traversal ProtocolsSIP Ports Call signaling153 Media154 Firewall Traversal and AuthenticationAuthentication and NTP Configuration Zones Edit Zone, in the Configuration section155 Other IssuesTraversalClient Create Zone Configuring the VCS as a Traversal Client156 Adding a New Traversal Client Zone157 Configuring a Traversal Client ZoneTraversalServer Create Zone Configuring the VCS as a Traversal Server158 Adding a New Traversal Server Zone159 Configuring a Traversal Server ZoneClient authentication username Demux mode160 Configuring Traversal for EndpointsXConfiguration Zones LocalZone Traversal H323 161 Configuring Traversal Server Ports162 Stun Services163 Configuring Stun Services164 FindMe User Policy 165Enabling FindMe on the VCS Configuring User Policy ManagerXConfiguration Policy UserPolicy 166About User Accounts Creating a New User Account 167Managing FindMe User Accounts 168 Changing a User PasswordViewing Existing User Account Settings Are you sure...? 169Deleting a User Account About your FindMe User Account Using TANDBERG’s FindMeAccessing the FindMe Configuration 170171 Configuring your FindMe User AccountOverview Presence Server 172Registration refresh period 173Presence User Agent PUA Aggregation of Presence Information174 Enabling and Disabling Presence ServicesEnabled DisabledPresentities 175Viewing Presence Status Publishers176 MaintenanceUpgrading Software Overview Upgrading Using SCP/PSCPInstalling and Restarting 177Upgrading via the Web Interface 178Restart system Software upgrade in progressSoftware successfully upgraded 179Downgrading Software Downgrade Procedure Impact on features introduced180 Overview Adding Options via the CLI XConfiguration Option 1..64 Key181 Option KeysAdd option key Maintenance Option Keys182 Adding Options via the Web InterfaceOverview Enabling Security 183Security 184 Administration AccountsAdding an Administration Account 185 Editing an Administration AccountAccount Disabled This account can not be used Limitations Backup and RestoreOverview Creating a Backup of your VCS Configuration 186187 Restoring a Previous BackupOverview Creating a System Snapshot Error Reports188 System SnapshotRestarting Maintenance RestartXCommand Boot 189Overview Shutting Down Maintenance Shutdown190 Shutting Down191 Restoring Default ConfigurationOverview DefaultValuesSet Level XCommand DefaultValuesSet Level 3 must be192 Password EncryptionOverview Maximum length of Passwords Command Line InterfaceAppendices 193Overview of CPL on the VCS Address-switch194 CPL ReferenceField 195Otherwise Not-present 196Subfield Reject Rule-switch197 LocationCall Screening Based on Alias Call Screening of Authenticated Users198 CPL ExamplesDont accept calls from this source 199Call Screening Based on Domain Change of Domain NameAllow Calls from Locally Registered Endpoints Only Block Calls from Default Zone and Default SubzoneAddress Address is=DefaultSubZone 200201 Restricting Access to a Local GatewayUsing the address-switch node Using the rule-switch nodeMatches 0 or more repetitions of the previous match 202Regular Expression Reference Overview Common Regular ExpressionsPattern Variable Reference 203VCS Ports VCS Configuration Protocols H.323204 VCS Port ReferenceXConfiguration H323 Gatekeeper CallSignaling PortRange End XConfiguration Traversal Server Stun Relay PortXConfiguration SIP TCP Port XConfiguration SIP TLS Port206 XConfiguration SIP TCP Outbound Port StartXConfiguration SIP TCP Outbound Port End XConfiguration Traversal Media Port StartVerifying the SRV Record DNS Configuration207 Overview Microsoft DNS ServerAbout the Ldap Databases Ldap ConfigurationDownloading the Ldap schemas 208Create the Organizational Hierarchy 209Adding H.350 Objects Securing with TLSOpenLDAP Include /etc/openldap/schemas/sipidentity.ldif210 Slapadd -l ldif file 211# MeetingRoom1 endpoint 212 Command Reference xConfiguration213 214 Example Configuration Applications Presence Server Mode On215 216 Example xConfiguration Bandwidth Downspeed PerCall Mode OnExample xConfiguration Bandwidth Downspeed Total Mode On Example xConfiguration Bandwidth Link 1 Node1 Name HQ217 Example xConfiguration Bandwidth Pipe 1 Name 512Kb AsdlExample xConfiguration Error Reports Mode Off Example xConfiguration ExternalManager Address Example xConfiguration Ethernet 1 IP V4 AddressExample xConfiguration Ethernet 1 IP V4 SubnetMask Example xConfiguration Ethernet 1 Speed Auto219 Example xConfiguration H323 Gatekeeper CallTimeToLiveExample xConfiguration H323 Gatekeeper TimeToLive 220 221 222 223 Example xConfiguration Policy UserPolicy Mode Local224 Example xConfiguration Registration RestrictionPolicy NoneExample Configuration SIP Loop Detect Mode On 225 226 Example xConfiguration Transform 1 Pattern Behavior Replace Example xConfiguration SystemUnit Name Oslo HQ VCSExample xConfiguration SystemUnit Password password123 Example xConfiguration TimeZone Name GMT228 Example Traversal Server Stun Relay Port Example xConfiguration Traversal Server Stun Discovery PortExample xConfiguration Traversal Server Stun Relay Mode On 229230 231 Example xConfiguration Zones LocalZone Match 1..5 Priority232 233 234 235 Example xConfiguration Zones Zone 1 H323 Mode On236 Example xConfiguration Zones Zone 1 HopCount237 Example xConfiguration Zones Zone 1 Match 1 PriorityExample xConfiguration Zones Zone 1 Name UK Sales Office Example xConfiguration Zones Zone 1 Neighbor H323 Port238 Example xConfiguration Zones Zone 1 Neighbor Peer 1 AddressExample xConfiguration Zones Zone 1 Neighbor SIP Port 239 Example xConfiguration Zones Zone 1 SIP Mode On240 Example xConfiguration Zones Zone 3 TraversalServer SIP Port241 Example xConfiguration Zones Zone 1 Type Neighbor242 Command Reference xCommand243 Example xCommand AdminAccountDelete AdminAccountIdExample xCommand AllowListDelete AllowListId Example xCommand boot244 Example xCommand DenyListDelete DenyListId Example xCommand CredentialDelete CredentialIdExample xCommand DefaultLinksAdd Example xCommand DefaultValuesSet Level246 Example xCommand DomainAdd DomainName example.comExample xCommand DomainDelete DomainId Example xCommand FeedbackDeregister ID247 248 Example xCommand LinkDelete LinkId249 Example xCommand OptionKeyAdd Key 1X4757T5-1-60BAD5CDExample xCommand OptionKeyDelete OptionKeyId 250 Example xCommand PipeDelete PipeIdExample xCommand RouteDelete RouteId 251 Example xCommand SubZoneDelete SubZoneId2252 Example xCommand TransformDelete TransformIdExample xCommand ZoneDelete ZoneId 253 Example xCommand ZoneList Alias john.smith@example.com254 Command Reference xStatusSystemUnit 255Ethernet 256NTP 257Calls 258259 Registrations 260Zones 261262 263 Links 264Alternates 265SIP 266Stun 267268 269 Bibliography 270Glossary 271Fqdn 272Term Definition Local VCS 273RTP 274VCS 275Contact Information 276