[cisco-voip] setting up firewall security for jabber and/of IP Communicator

Brian Meade bmeade90 at vt.edu
Thu May 14 14:47:20 EDT 2015 

No multi-line support or extension mobility on Jabber which means most
people can't use it for UCCX yet.  You can use it as long as you don't need
EM or multiple lines for your agents.

Are you opening it up for people connecting remotely without VPN?  If so,
you'll want to use a Collab Edge architecture as it's not safe to open up
CUCM/IM&P directly.

If it's just for internal users, you should be good to go with the ACLs.

You shouldn't need to worry about any multicast for Jabber/CIPC outside of
MMOH which you mentioned.

On Thu, May 14, 2015 at 2:30 PM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:

>
> I'm about to set up firewall security so Jabber clients (and IP
> Communicator) can access the telephony servers (CUCM, Connection, IM&P,
> UCCx, etc) and I was hoping to get some ideas as to what others have done
> and if I'm missing anything obvious here. I'm using the CUCM/IM&P port
> list as well as the Jabber deployment guide to get the Jabber port list.
> For the firewall, we are using an ASA appliance pair, v 9.1(3).
>
> Typically we build the ACL statements with the source address object group
> coupled with destination address object group and the destination port
> object group. I don't think there is a need to build the ACL with a source
> port object group at this time.
>
> I've also been told that we might have some multicast limitations with the
> firewall, basically, multicast traffic can't pass through our firewall.
>
> Any comments would be helpful. But I'm wondering, specifically:
>
>    - Are people deploying IP Communicator still? For all the benefits of
>    Jabber, I don't see it as a replacement for a softphone with access to all
>    the buttons and apps that are available, like services, directories,
>    conference/join, etc. Does UCCx work with Jabber for example?
>    - What have others done for firewall ACL building? Is there a firewall
>    feature set I'm not aware of that will simplify my life?
>    - Are there any multicast requirements when deploying Jabber and
>    IPCommunicator? Aside from MoH?
>
> Thanks in advance for any help!
>
> Lelio
>
>
>
> ---
> Lelio Fulgenzi, B.A.
> Senior Analyst, Network Infrastructure
> Computing and Communications Services (CCS)
> University of Guelph
>
> 519‐824‐4120 Ext 56354
> lelio at uoguelph.ca
> www.uoguelph.ca/ccs
> Room 037, Animal Science and Nutrition Building
> Guelph, Ontario, N1G 2W1
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150514/c3e37349/attachment.html>

More information about the cisco-voip mailing list