• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The Poly Video Conferencing Knowledge Base is live! We look forward to helping you with common issues and troubleshooting advice!
HP Recommended

Hi there,

 

I've been asked to make our 7000's that were previously used for interoffice comms, into externally contactable, and have the ability to contact outside of our company.

We have a DMZ with a Cisco ASA 5 series on the the perimeter, and an FTMG inside. I have configured H.323 as Published through the TMG and NAT'ed on the ASA. I'm also going to use a H.323 policy inspection on the ASA, as well as turning off auto answer, and making sure the HDX's are patched if applicable (I'm reading about security issues in anything less than 3.1.3?) and hardened by turning off unneeded features.

With this setup, do I need any kind of VBP or Gatekeeper ?

 

Regards,

Neil.

3 REPLIES 3
HP Recommended

Hi there,

 

You can use VBP with embeded gatekeeper.

 

Kind Regards,


@Neil wrote:

Hi there,

 

I've been asked to make our 7000's that were previously used for interoffice comms, into externally contactable, and have the ability to contact outside of our company.

We have a DMZ with a Cisco ASA 5 series on the the perimeter, and an FTMG inside. I have configured H.323 as Published through the TMG and NAT'ed on the ASA. I'm also going to use a H.323 policy inspection on the ASA, as well as turning off auto answer, and making sure the HDX's are patched if applicable (I'm reading about security issues in anything less than 3.1.3?) and hardened by turning off unneeded features.

With this setup, do I need any kind of VBP or Gatekeeper ?

 

Regards,

Neil.




HP Recommended

Hi,

 

Ok, but does it give any more security than our current setup?  Published from FTMG, and inspected on a Cisco ASA?

 

Regards,

 

Neil.

HP Recommended

Hi Neil,

 

Your setup is secure but I would still use a VBP or GK adding greater security so that all the media is proxied through that device, also sometimes using H.323 inspection can cause issues with your media i.e. loss of video or audio.

 

Using a GK will also allow you to have one point contact method, so if you have multiple systems internally, external users can dial any of your systems on extension@IPaddress of your GK or IPaddress of your GK followed by ##extension number.

 

Having a GK or SIP registrar reduces the risk of any consistent video call attacks on your systems, the GK allows you to be more specific with were calls can and cannot filter.

 

There is a alternative solution where you can register your systems to a provider which will allow you all the benefits and security of a firewall traversal solution.


@Neil wrote:

Hi,

 

Ok, but does it give any more security than our current setup?  Published from FTMG, and inspected on a Cisco ASA?

 

Regards,

 

Neil.


 

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.