TANDBERG Gatekeeper 13. Call Policy

TANDBERG Gatekeeper User Guide

Page 53 of 105

13. Call Policy

13.1. About Call Policy

Your TANDBERG Gatekeeper allows you to set up policy to control which calls are allowed and even

redirect selected calls to different destinations. You specify this policy by uploading a script written in the

Call Processing Language (CPL). Each time a call is made the Gatekeeper executes the script to decide,

based on the source and destination of the call, whether to

 Proxy the call to its original destination

 Redirect the call to a different destination

 Reject the call.

The Gatekeeper will only execute scripts for source or destinations which are registered directly with the

system.

13.1.1. Uploading the CPL script

To upload the CPL script, go to Gatekeeper Configuration -> Files. In the Policy section, enter the path of

the file in the CPL file field.

Note: The CPL script cannot be uploaded via the command line interface.

13.1.2. Enabling use of the CPL script

To enable or disable use of the CPL script, either:

issue the command:

xConfiguration Gatekeeper Policy Mode <On/Off>

or go to Gatekeeper Configuration -> Gatekeeper and in the Configuration section, tick or clear the CPL

policy box.

13.1.3. Call Policy and Authentication

Policy interacts with authentication (see section 8.2). If authentication is enabled on the local

Gatekeeper and a call is received from a remote, unauthenticated Gatekeeper, the call's source aliases

will be removed from the call request before it is passed to the policy engine. This is because the

unauthenticated source aliases could be forged and so should not be used for policy decisions in a

secure environment.

13.1.4. CPL Standard

The following sections give details of the Gatekeeper's implementation of the CPL language and should

be read in conjunction with the CPL standard (RFC 3880 [5]).

Contents

Main Contents Page Page Page Page Page 1. Product Information 1.1. Trademarks and Copyright 1.2. Disclaimer 1.3. Environmental Issues Page 1.4. Operator Safety Summary Page 2. Introduction 2.1. Main Features 2.2. Hardware Overview Page 3. Installation 3.1. Precautions 3.2. Preparing the Installation Site 3.3. Unpacking 3.4. Mounting 3.5. Connecting the Cables 3.6. Switching on the System 4. Getting started 4.1. Initial Configuration 4.2. System Administration the IP address of the system the system name. Page 4.3. Backups 4.4. IP Configuration 4.5. Endpoint Registration Automatically Manually by specifying the IP address of the Gatekeeper. One or more H.323 IDs One or more E.164 aliases. 4.6. Neighbor Gatekeepers Page 4.7. Alternates TANDBERG Gatekeeper User Guide Page 24 of 105 4.8. Call Processing Overview Figure 6 illustrates the process the Gatekeeper performs when receiving call requests. Page 5. Transforming Destination Aliases 5.1. Alias Transforms 5.2. Zone Transforms 6. Unregistered Endpoints 6.1. Calling from an Unregistered Endpoint 6.2. Calling to an Unregistered Endpoint Page 7. Bandwidth Control 7.1. About Bandwidth Control 7.2. Subzones Page 7.3. Insufficient Bandwidth 7.4. Bandwidth Control and Firewall Traversal 7.5. Bandwidth Control Examples Page 8. Registration Control 8.1. Setting Registration Restriction Policy Page 8.2. Authentication Page Page 9. URI Dialing 9.1. About URI Dialing 9.2. Making a Call Using URI Dialing 9.3. Receiving a Call Using URI Dialing 9.4. DNS Records 10. ENUM Dialing 10.1. About ENUM Dialing 10.2. Configuring ENUM Page 10.3. Configuring DNS NAPTR Records 11. Example Traversal Deployments 11.1. Simple Enterprise Deployment Enter the address of your DNS server on the Border Controller. This can be done via either: Enable URI dialing on the Border Controller. This can be done via either: Disable URI dialing on the Gatekeeper. This is because you wish calls to be routed from the 11.2. Enterprise Gatekeepers 11.3. Dialing Public IP Addresses 11.4. Neighbored Enterprises 11.5. URI Dialing from within the Enterprise 12. Third Party Call Control 12.1. About Third Party Call Control 12.2. Placing a Call 12.3. Transferring a Call 12.4. Disconnecting a Call 13. Call Policy 13.1. About Call Policy 13.2. Making Decisions Based on Addresses 13.3. CPL Script Actions 13.4. Unsupported CPL Elements 13.5. CPL Examples Page 14. Logging 14.1. About Logging 14.2. Viewing the event log 14.3. Controlling what is Logged 14.4. Event Log Format 14.5. Logged Events Page H.225 H.245 NTP DNS LDAP Neighbor Gatekeeper Page 14.6. Remote Logging 15. Software Upgrading 15.1. About Software Upgrading Using a web browser (HTTP/HTTPS). Using secure copy (SCP). 15.2. Upgrading Using HTTP(S) 15.3. Upgrading Using SCP/PSCP a text file containing the release key, and a file containing the software image. Page 16. Command Reference 16.1. Status Page Page Page 16.2. Configuration Page Page Page Page Page Page Page Page Page Page Page 16.3. Command IP address, subnet mask, gateway and interface speed. The default IP address is Page Page Page Page 16.4. History 16.5. Feedback Page 16.6. Other Commands 17. Appendix A: Configuring DNS Servers 17.1. Microsoft DNS Server 17.2. Verifying the SRV Record 18. Appendix B: Configuring LDAP Servers 18.1. Microsoft Active Directory Be located in the Local Computer's Personal certificate store. This can be seen using the Have the private details on how to obtain a key associated for use with it stored locally. When Have a private key that does not have strong private key protection enabled. This is an attribute 18.2. OpenLDAP Page Page 19. Appendix C: Regular Expression Reference 20. Appendix D: Technical data 20.1. Technical Specifications 20.2. Approvals 21. Bibliography 22. Glossary TANDBERG Gatekeeper User Guide Page 104 of 105 23. Index A B C D TANDBERG Gatekeeper User Guide Page 105 of 105 M N