<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:remialcxesans;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Thanks Matthew – we’re on v11.5, so I’ll try to drum up the similar chapter.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m not sure we’ve got URL based firewall rules implemented or available. I will have to ask.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Good to hear you’ve not had problems with outbound access.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">As far as smart licensing is concerned, we were ok using the proxy there, since it would be ok if it went down. If we open up complete access though, the need for that goes away.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">---<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">Lelio Fulgenzi, B.A.</span></b><span style="font-family:"Arial",sans-serif"> | Senior Analyst<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#333333">Computing and Communications Services</span><span style="font-family:"Arial",sans-serif"> | University of Guelph<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">519-824-4120 Ext. 56354 |
<a href="mailto:lelio@uoguelph.ca">lelio@uoguelph.ca</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><a href="http://www.uoguelph.ca/ccs"><span style="font-family:"Arial",sans-serif;color:blue">www.uoguelph.ca/ccs</span></a><span style="font-family:"Arial",sans-serif;color:#1F497D"> | @UofGCCS on Instagram, Twitter and Facebook<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="187" height="100" style="width:1.9479in;height:1.0416in" id="_x0000_i1031" src="cid:image001.png@01D42A5E.37BEA380" alt="University of Guelph Cornerstone with Improve Life tagline"><o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Matthew Loraditch <MLoraditch@heliontechnologies.com>
<br>
<b>Sent:</b> Thursday, August 2, 2018 12:33 PM<br>
<b>To:</b> Lelio Fulgenzi <lelio@uoguelph.ca>; voyp list, cisco-voip (cisco-voip@puck.nether.net) <cisco-voip@puck.nether.net><br>
<b>Subject:</b> RE: setting up access for APNS - granular vs wide open internet access<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">See page 5 here: <a href="https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/12_0_1/systemConfig/cucm_b_system-configuration-guide-1201/cucm_b_system-configuration-guide-1201_chapter_01011000.pdf">
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/12_0_1/systemConfig/cucm_b_system-configuration-guide-1201/cucm_b_system-configuration-guide-1201_chapter_01011000.pdf</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For what servers your servers will need to talk to, if you can do URL based firewall rules that would work.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">If not the servers are all Cisco’s and in the Webex cloud so the IP blocks aren’t that many:
<a href="https://collaborationhelp.cisco.com/article/en-us/WBX264">https://collaborationhelp.cisco.com/article/en-us/WBX264</a><o:p></o:p></p>
<p class="MsoNormal">Now I’m not 100% certain if ALL webex services fall within those IPs. That article is designed for Teams and Meetings.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I will add I’ve never operated in an environment as tight/regulated as yours, but I have 23 clusters that have been able to talk outbound to internet since their beginnings and never had an issue that had to do with that.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Also you are going to have to think about this internet thing again when you go to 12.x+ and smart licensing so you may want to look up those requirements as well. A few more options exist there where going offline intermittently isn’t
as much of a deal.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td style="padding:0in 7.5pt 0in 0in">
<p class="MsoNormal"><span style="font-size:1.0pt"> <o:p></o:p></span></p>
</td>
<td style="padding:7.5pt 0in 7.5pt 7.5pt">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:#F3800B">Matthew Loraditch</span></b><b><span style="font-family:"remialcxesans",serif;color:#F3800B"></span></b><b><span style="color:#F3800B"><o:p></o:p></span></b></p>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:gray">Sr. Network Engineer<o:p></o:p></span></b></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:7.5pt 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="color:#F3800B">p:</span><span style="color:gray"> <a href="tel:443.541.1518" target="_blank"><strong><span style="font-family:"Calibri",sans-serif;color:gray;font-weight:normal;text-decoration:none">443.541.1518</span></strong></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="color:#F3800B">w:</span><span style="color:gray"> <a href="http://www.heliontechnologies.com/" target="_blank"><strong><span style="font-family:"Calibri",sans-serif;color:gray;font-weight:normal;text-decoration:none">www.heliontechnologies.com</span></strong></a><o:p></o:p></span></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="color:gray"> | <o:p></o:p></span></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="color:#F3800B">e:</span><span style="color:gray"> <a href="mailto:MLoraditch@heliontechnologies.com" target="_blank"><strong><span style="font-family:"Calibri",sans-serif;color:gray;font-weight:normal;text-decoration:none">MLoraditch@heliontechnologies.com</span></strong></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="bottom" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:1.0pt"><img border="0" width="400" height="68" style="width:4.1666in;height:.7083in" id="_x0000_i1025" src="cid:image002.png@01D42A5E.37BEA380"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:7.5pt 0in 7.5pt 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0in 2.25pt 0in 0in">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:1.0pt"><a href="https://facebook.com/heliontech" target="_blank"><span style="text-decoration:none"><img border="0" width="18" height="18" style="width:.1875in;height:.1875in" id="_x0000_i1026" src="cid:image003.png@01D42A5E.37BEA380" alt="Facebook"></span></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0in 2.25pt 0in 0in">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:1.0pt"><a href="https://twitter.com/heliontech" target="_blank"><span style="text-decoration:none"><img border="0" width="18" height="18" style="width:.1875in;height:.1875in" id="_x0000_i1027" src="cid:image004.png@01D42A5E.37BEA380" alt="Twitter"></span></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0in 2.25pt 0in 0in">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:1.0pt"><a href="https://www.linkedin.com/company/helion-technologies" target="_blank"><span style="text-decoration:none"><img border="0" width="18" height="18" style="width:.1875in;height:.1875in" id="_x0000_i1028" src="cid:image005.png@01D42A5E.37BEA380" alt="LinkedIn"></span></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:3.75pt 3.75pt 3.75pt 3.75pt">
<p class="MsoNormal"><span style="font-size:1.0pt"><a href="https://heliontechnologies.com/events/14th-annual-automotive-cx-summit-hosted-thought-leadership-summits/" target="_blank"><span style="text-decoration:none"><img border="0" width="450" height="205" style="width:4.6875in;height:2.1354in" id="_x0000_i1029" src="cid:image006.jpg@01D42A5E.37BEA380" alt="Helion joins Automotive CX Summit"></span></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a>>
<b>On Behalf Of </b>Lelio Fulgenzi<br>
<b>Sent:</b> Thursday, August 2, 2018 11:58 AM<br>
<b>To:</b> voyp list, cisco-voip (<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>) <<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>><br>
<b>Subject:</b> [cisco-voip] setting up access for APNS - granular vs wide open internet access<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Another issue we are facing is setting up the collaboration servers (CUCM, IMP) to talk out of our private network to the internet to talk to Cisco and Apple servers.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Just wondering what others have been doing. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Our networking team has suggested the simplest way would be to add a PAT rule at our edge for the servers (or network) so that they can communicate out to the internet as required. There would be no ACLs applied, so they could talk to anywhere.
By applying the PAT on the edge, all internal communications would continue with the internal addressing. The PAT would only allow established communications – no outside-to-inside initiated talk allowed.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The other alternative would be to put a bunch of xlate’s on our data centre firewall, one for each source collab server and cisco/apple dest pair – this could be 10s of statements.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The first means I have no control over who the servers can talk to on the internet. Which scares me.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The second would mean quite a bit of extra upfront work, and managing those statements if/when Cisco and apple update their ip addresses.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">There is the proxy option, but the current proxy service we have is likely not to be considered mission critical and attaching the APNS configuration to this likely wouldn’t go over well.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">What have others done in this situation?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">---<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">Lelio Fulgenzi, B.A.</span></b><span style="font-family:"Arial",sans-serif"> | Senior Analyst<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#333333">Computing and Communications Services</span><span style="font-family:"Arial",sans-serif"> | University of Guelph<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">519-824-4120 Ext. 56354 |
<a href="mailto:lelio@uoguelph.ca">lelio@uoguelph.ca</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><a href="http://www.uoguelph.ca/ccs"><span style="font-family:"Arial",sans-serif;color:blue">www.uoguelph.ca/ccs</span></a><span style="font-family:"Arial",sans-serif;color:#1F497D"> | @UofGCCS on Instagram, Twitter and Facebook<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="187" height="100" style="width:1.9479in;height:1.0416in" id="Picture_x0020_1" src="cid:image001.png@01D42A5E.37BEA380" alt="University of Guelph Cornerstone with Improve Life tagline"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>