[cisco-voip] setting up firewall security for jabber and/of IP Communicator

[Lelio Fulgenzi]

I'm about to set up firewall security so Jabber clients (and IP Communicator) can access the telephony servers (CUCM, Connection, IM&P, UCCx, etc) and I was hoping to get some ideas as to what others have done and if I'm missing anything obvious here. I'm using the CUCM/IM&P port list as well as the Jabber deployment guide to get the Jabber port list. For the firewall, we are using an ASA appliance pair, v 9.1(3). 


Typically we build the ACL statements with the source address object group coupled with destination address object group and the destination port object group. I don't think there is a need to build the ACL with a source port object group at this time. 


I've also been told that we might have some multicast limitations with the firewall, basically , multicast traffic can't pass through our firewall. 


Any comments would be helpful. But I'm wondering, specifically: 


    * Are people deploying IP Communicator still? For all the benefits of Jabber, I don't see it as a replacement for a softphone with access to all the buttons and apps that are available, like services, directories, conference/join, etc. Does UCCx work with Jabber for example? 
    * What have others done for firewall ACL building? Is there a firewall feature set I'm not aware of that will simplify my life? 
    * Are there any multicast requirements when deploying Jabber and IPCommunicator? Aside from MoH? 


Thanks in advance for any help! 


Lelio 




--- 
Lelio Fulgenzi, B.A. 
Senior Analyst, Network Infrastructure 
Computing and Communications Services (CCS) 
University of Guelph 

519‐824‐4120 Ext 56354 
lelio at uoguelph.ca 
www.uoguelph.ca/ccs 
Room 037, Animal Science and Nutrition Building 
Guelph, Ontario, N1G 2W1 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150514/240990b3/attachment.html>