<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<br>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<a id="OWAAM646086" class="_3wBKpPYkzIctGJaYbD3AwM mention ms-bgc-nlr ms-fcl-b" href="mailto:avholloway+cisco-voip@gmail.com">@Anthony Holloway</a> You are correct. Whether Expressway Control crosses a network boundary or not to talk to Expressway Edge (LAN1),
its still communicating; it just doesn't have the additional network boundary (that it
<i>traverses</i>) for protection (where the ACLs live). In essence, if someone compromised the Expressway Edge, they could also in theory, get to the Expressway Control server since edge LAN2 inherently talks to edge LAN1. Since many customers put the Expressway
Control server on the same network as the rest of the UC servers... yikes.<br>
<br>
The LAN1 DMZ (or at least a separate network with ACLs if you can't do a true security context) is very important in the dual NIC design. On the occasions where I've found customers with Expressway Control and Edge (LAN1) in the same network, I have advised
them to change that to a DMZ or just separate network with ACLs (which is usually sufficient) ... anything to get some type of barrier between Expressway Control and Edge (LAN1).
<br>
<br>
That said, "Expressway on a Stick" works just fine barring limitations to "hairpinning" in whatever the firewall is; though it is not the Cisco recommended deployment model in the documentation. Every Expressway deployment should try to achieve two security
contexts on the edge (or isolated networks with ACLs). <br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div id="Signature">
<div></div>
-Ryan
<div>
<div id="appendonsend"></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> Jeffrey McHugh <jmchugh@fidelus.com><br>
<b>Sent:</b> Tuesday, April 30, 2019 1:29 PM<br>
<b>To:</b> Ryan Huff; Anthony Holloway<br>
<b>Cc:</b> cisco-voip@puck.nether.net; Pawlowski, Adam<br>
<b>Subject:</b> RE: [EXT] Re: [cisco-voip] Expressway E Firewall Rule Activation</font>
<div> </div>
</div>
<div lang="EN-US">
<div class="x_WordSection1">
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
I see a mixture of both and insist on the dual, even it means pushing back an implementation.
</p>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
</p>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
TAC recommends the dual and the advanced networking guide calls that out, along with “not all firewalls support the singe NIC type of NAT”, it uses about triple the bandwidth per call and I don’t think you can cluster them w only single NIC
</p>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
</p>
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; font-size:10pt; font-family:ARIAL">
<font face="Calibri"><strong>Jeffrey McHugh</strong> | Sr. Collaboration Consulting Engineer
</font></p>
<div style="font-size:11pt; font-family:'Calibri','sans-serif'; color:black" align="left">
<a href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fidelus.com%2F&data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183579759&sdata=12L445HKngUMa7KgEKAHcJ1Q8B2juxp0QnlgqCel9%2FY%3D&reserved=0" originalsrc="http://www.fidelus.com/" shash="lLCOuuZusjT5td5u7M8IOEfgx2/6yyg0+d5TmbLVbZw018VOX02uGgOvpGTu/7oes7HlyWmhQeREmWZQWJfpdXRpRjPNSyU6dnIqzpHk6+T2N+bIGELuOwJPoCUmiS8e1zoBTIcIaz/DpIA2tH6rWxiT9VZqaEaLR90dqI4JjOs="><font size="3" face="Calibri"><img alt="Company_Logo_Image" style="height:70px; width:155px; margin:0px" border="0" data-outlook-trace="F:1|T:1" src="cid:51bcf6eb-27cf-41d1-b704-69e32581e5be"></font></a><font size="2"><font face="Calibri"><strong><font size="3"></font></strong></font></font></div>
<div style="font-size:11pt; font-family:'Calibri','sans-serif'; color:black" align="left">
<font size="2"><strong><font size="3">Fidelus Technologies, LLC</font></strong><br>
<font color="#4d4d4f"><span style="font-size:11pt; font-family:"Calibri",sans-serif"><font size="3" color="#000000">Named
</font><a href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fidelus.com%2Ffidelus-technologies-named-best-unified-communications-provider-in-the-usa%2F&data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183589770&sdata=dX1CbaWKZbL5%2F3gTq2nHG%2BF9GA01Y%2BzZmtxBJ7WbnVs%3D&reserved=0" originalsrc="http://www.fidelus.com/fidelus-technologies-named-best-unified-communications-provider-in-the-usa/" shash="kssJqE4bRUKPz0VKBUFrz5z+CtnLtX0Wl1vYEiOVhgSw8lR956ChrhXNbBsI/RjGT4oI1GwLvCMsolNsYH9QzxOxWhJM1hIXdx7egiFc2fB4x6eTTM0Hr8sfazdeMQuIy6ZjcSdsiljywH+YzXuRlKSknJZRmchL419lH6KCHw4="><font size="3" color="#0563c1">Best
UC Provider in the USA</font></a></span></font></font></div>
<div style="font-size:11pt; font-family:'Calibri','sans-serif'; color:black" align="left">
<font size="2"><font face="Calibri"><font face="Calibri" color="#4d4d4f"><span style="font-size:11pt; font-family:"Calibri",sans-serif"></span>240 West 35th Street, 6th Floor, New York, NY 10001</font></font></font>
</div>
<div style="font-size:10pt; font-family:'Calibri','sans-serif'; color:#4d4d4f" align="left">
<font color="#4d4d4f"><strong>+1-212-616-7801</strong> office | <strong>+1-212-616-7850
</strong>fax | <a title="" href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fidelus.com%2F&data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183599775&sdata=la9a%2F2nGCB%2BUBT6JxxSuLZodhixLK2qY4bVW9ws1PtU%3D&reserved=0" originalsrc="http://www.fidelus.com/" shash="ktVtwXgEiBZc1ssaWQerOuJedDH6d526ne4UvggkpigtVUeQC9jCTUSQNG7fTumucJfhv1fr/g4bl44kQr999I7dTJV5CB4l4jJAG9+cgpURKNT4SwP+23y0FbwFsRZ435h52R5lZXGeGDua1B2UwwVzDuIosSATp32Z6hGZ48U=" style="color:#4d4d4f">
www.fidelus.com</a></font></div>
<div style="font-size:10pt; font-family:'Calibri','sans-serif'; color:black" align="left">
<a href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Ffidelus-technologies%2Fproducts&data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183609786&sdata=Ho6IAzCFVh4UkBZdoMw8%2Bd0I5K0SavdgAZ7MuxwnI4I%3D&reserved=0" originalsrc="http://www.linkedin.com/company/fidelus-technologies/products" shash="A3ZkIktnBwmu5zLYU/2xbr0xetBW5oCt08Mj1b7EhO6FWKYw23X95pMefm/+4vKvR8LgbpdIswlYR1jlB6mtVF/5rVjkQ3pYCcuvKoFFN9+zzVWcuDwRMK3DzuIGmwTJDHsXzKRHkWbDzMqDDtn25oCMRY4G927nkex6DPMkeLM="><font face="Calibri"><img alt="LinkedIn" style="height:40px; width:40px; margin:0px" border="0" data-outlook-trace="F:1|T:1" src="cid:40bdeb8d-b568-4e1a-9464-24bae02a245c"></font></a><a href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.twitter.com%2FFidelusUCC&data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183619791&sdata=WJ3mKlMcZ3QwuiiJ%2B4pt6wK6Exmw4JCKwNRNpmrqacU%3D&reserved=0" originalsrc="http://www.twitter.com/FidelusUCC" shash="I+jQWwY/PsB5upA2xeSfEADqYzAfLkg4BTMgduR0XsQeQLOLzmhzcwXNgyl3mfYJcDdRZjU+fGiwq5BE9BxSkFYPiKd1EtFPa6a93L1y9QmjPI/AULgqvkX1KJdH+dqNg1k+UbI68TUgB41GmJgrxvkT5LNfrUnfZ7Z2DoaU5Ms="><font face="Calibri"><img alt="Twitter" style="height:40px; width:40px; margin:0px" border="0" data-outlook-trace="F:1|T:1" src="cid:6726716b-ab83-4a7d-ae2c-f7ab0c5794b6"></font></a><a href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FFidelusUCC&data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183629802&sdata=I%2FnjBEdwRJKy3zsEI41fW%2BZAQeOkiLcbWffpF%2BlQYP8%3D&reserved=0" originalsrc="http://www.facebook.com/FidelusUCC" shash="CMQwX+CpLdsKRNS7Q3yqRCr5+CPgkPTiz/87gI0EKp7u0Q8IfzMRUOh3m4rnhQ7oOubh0QTWJVqw+tNsAYiggIljx12FeAeKD6h750EvuXpPA5Jj4PWRBS80jIFJxmJIxcznbLOEfI15IGKVvf39khBsa3p4gvTkjrphsJzGPto="><font face="Calibri"><img alt="Facebook" style="height:40px; width:40px; margin:0px" border="0" data-outlook-trace="F:1|T:1" src="cid:900f704d-d079-427a-905f-1c472988dc23"></font></a><a href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.youtube.com%2FFidelusTraining&data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183639807&sdata=Vckk3PrVKllvNCL8ol%2Bs9O%2BGF%2FjneLYtPe6wcJyUSow%3D&reserved=0" originalsrc="http://www.youtube.com/FidelusTraining" shash="RXBEUZRETe9zIThuAhOw5VNjG9k6ArUMgvj3kHW19boTNxNiDG7N2yFfB+YbxZUePKSQ+9f6UMFWDv4UbRuenYxEH0eUaaycLCRj9H5vgFiiJmbqDhqtf5jvZhoKcyza+6Gqe/kPmBZEOnPD6hzw6nYi1LMVk2tCvXMbcs+ZQqI="><font face="Calibri"><img alt="YouTube" style="height:40px; width:40px; margin:0px" border="0" data-outlook-trace="F:1|T:1" src="cid:922fd257-11f4-4fac-8a20-4c680533782b"></font></a></div>
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; font-size:10pt; font-family:ARIAL">
</p>
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; font-size:10pt; font-family:ARIAL">
</p>
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; font-size:10pt; font-family:ARIAL">
Disclaimer - This email and any files transmitted with it are confidential and intended solely for the person(s) addressed to. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented
in this email are solely those of the author and might not represent those of Fidelus Technologies, LLC. Warning: Although Fidelus Technologies, LLC has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept
responsibility for any loss or damage arising from the use of this email or attachments.</p>
<div>
<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
<b>From:</b> cisco-voip <cisco-voip-bounces@puck.nether.net> <b>On Behalf Of </b>
Ryan Huff<br>
<b>Sent:</b> Tuesday, April 30, 2019 12:33 PM<br>
<b>To:</b> Anthony Holloway <avholloway+cisco-voip@gmail.com><br>
<b>Cc:</b> cisco-voip@puck.nether.net; Pawlowski, Adam <ajp26@buffalo.edu><br>
<b>Subject:</b> [EXT] Re: [cisco-voip] Expressway E Firewall Rule Activation</p>
</div>
</div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
</p>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
Not generally, no. A couple of my larger customer’s that have fully fleshed out IT departments did though.
</p>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
</p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
For a few of my customers I’ve had to walk them through setting a 2nd one up. In some cases, not even a true DMZ and just a new network and lock it down with ACLs.</p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
</p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif; margin-bottom:12.0pt">
I’ve also had customer’s which do the DMZ on “LAN2” (outside), and then keeps LAN1 in the same network as Expressway-C. This particular method doesn’t offer a lot of advantages (from a infosec perspective) over a “Single NIC”, but still makes the traffic flow
more logical, easier to support and troubleshoot and keeps you from having to “hairpin” in the firewall (ewww, like gag me with a spoon man lol), which I have never been a fan of from a design perspective.</p>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
-Ryan</p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif; margin-bottom:12.0pt">
<br>
On Apr 30, 2019, at 12:12, Anthony Holloway <<a href="mailto:avholloway+cisco-voip@gmail.com">avholloway+cisco-voip@gmail.com</a>> wrote:</p>
</div>
<blockquote style="margin-top:5.0pt; margin-bottom:5.0pt">
<div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
Ryan, </p>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
</p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
Do you have any insight as to whether or not it's common for Firewalls in the field to already have more than one DMZ defined? In my limited experience, I have never seen it done, and I am having to have that second DMZ created to support Expressway. For
that reason, I actually tend to think the single NIC approach is better, although, the NAT reflection could be a limitation of some firewalls.</p>
</div>
</div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
</p>
<div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
On Tue, Apr 30, 2019 at 11:09 AM Ryan Huff <<a href="mailto:ryanhuff@outlook.com">ryanhuff@outlook.com</a>> wrote:</p>
</div>
<blockquote style="border:none; border-left:solid #CCCCCC 1.0pt; padding:0in 0in 0in 6.0pt; margin-left:4.8pt; margin-right:0in">
<div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
<span style="font-size:12.0pt; color:black">Adam,</span></p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
<span style="font-size:12.0pt; color:black"> </span></p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
<span style="font-size:12.0pt; color:black">I certainly didn't mean to imply the, "Expressway Edge on a Stick" method doesn't work, though out of pure technical curiosity, I would be curious as to what exists in your environment that would make a " single NIC"
Expressway Edge deployment more preferred than "dual NICs" (not that I expect you would or could say). I can think of very few reasons that a single NIC edge would be more ideal than a dual NIC edge (outside of the infosec team just not wanting to screw with
the firewall, or production not being able to sustain a maintenance window); its easier to troubleshoot, easier to install, easier to support and easier to secure.<br>
<br>
Though, I suspect I'm, "preaching to the choir", lol </span><span style="font-size:12.0pt; font-family:"Segoe UI Emoji",sans-serif; color:black">😉</span><span style="font-size:12.0pt; color:black">. All good my friend.</span></p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
<span style="font-size:12.0pt; color:black"> </span></p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
<span style="font-size:12.0pt; color:black">Thanks,</span></p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
<span style="font-size:12.0pt; color:black"> </span></p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
<span style="font-size:12.0pt; color:black">Ryan</span></p>
</div>
<div id="x_gmail-m_6919030558253542370Signature">
<div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
<span style="font-size:12.0pt; color:black"> </span></p>
</div>
<div class="x_MsoNormal" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif; text-align:center" align="center">
<hr width="98%" size="2" align="center">
</div>
<div id="x_gmail-m_6919030558253542370divRplyFwdMsg">
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
<b><span style="color:black">From:</span></b><span style="color:black"> Pawlowski, Adam <<a href="mailto:ajp26@buffalo.edu" target="_blank">ajp26@buffalo.edu</a>><br>
<b>Sent:</b> Tuesday, April 30, 2019 11:36 AM<br>
<b>To:</b> 'Ryan Huff'<br>
<b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> RE: [cisco-voip] Expressway E Firewall Rule Activation</span> </p>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
</p>
</div>
</div>
<div>
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D">Ryan,</span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"> </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D">The “tl;dr” is that we were sort of given the recommendation by Cisco to just run it with the single interface given our environment and requirements, and hasn’t given us any trouble that I can recall.</span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"> </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D">Long story is … </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"><br>
Our environment ends up being the driver for a lot of this, as it is sort of a historic design from the early internet, with just about everything on public address space, and various services and networks secured behind firewalls as needed from internal and
external alike. </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"> </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D">In the dual interface design, the outside interface sits in a “DMZ” with a firewall, which we don’t have available explicitly. There is a border firewall but that isn’t really its function. The inside leg has to sit somewhere as
well, which is a place that doesn’t exist. </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"><br>
We did have a competitor’s border proxy become compromised in the past due to a software update, and this model where the inside wasn’t properly secured – and given our current VMWare topology, creating another zone to hairpin traffic around to separate that
inside interface wasn’t in the cards. Not to mention the annoyance of trying to setup split routes on this device to allow some traffic to go in, some to go out, in an environment that is MRA only.</span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"> </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D">If you trust the E enough never to be a bad actor, then you could put that interface in the same zone as your other collaboration appliances, like the Expressway C, but, we didn’t want to do that either really.</span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"> </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D">Given that, we did have a call with Cisco to discuss this, and with representation from the Expressway group they recommended that we stick with the single interface design. That was based on the public addressing (so we could avoid
NAT reflection) and that despite the pipe dream of everyone wanting HD video calling and mobile client access, we didn’t see that we’d be pushing that much traffic.</span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"> </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D">As it is, the E clusters sit in a collaboration DMZ, where they are independent from any of our other appliances and treated like any other host on our network. Our application firewalls do not allow anything in from the Expressway
E since the C tunnels to it, so really the only thing lacking from a security standpoint there could be containment of that host, but, we chose to guard from it instead.
</span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"> </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D">Since we installed it back on X8.8 or whatever, I’d noted that rebooting the appliance does not reapply the internal rules, which can easily be forgotten, and would need to be remembered if you run a VMWare HA policy that restarts
the guest. </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"> </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D">That all being said the worst that we have seen are various SSH attempts (on any port, the zone tunnel, administrative SSH, doesn’t matter) until the rules are put back up. We could tighten them on the border once that becomes available
to do so.</span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"> </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D">The B2BUA is invoked on calls within the appliances sometimes which can cause some confusion with attempting to read logging if need be, but it hasn’t otherwise caused us any trouble.</span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"> </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D">Adam</span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"> </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"> </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="color:#1F497D"> </span></p>
<div style="border:none; border-left:solid blue 1.5pt; padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<b>From:</b> Ryan Huff <<a href="mailto:ryanhuff@outlook.com" target="_blank">ryanhuff@outlook.com</a>>
<br>
<b>Sent:</b> Tuesday, April 30, 2019 10:13 AM<br>
<b>To:</b> Pawlowski, Adam <<a href="mailto:ajp26@buffalo.edu" target="_blank">ajp26@buffalo.edu</a>><br>
<b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> Re: [cisco-voip] Expressway E Firewall Rule Activation</p>
</div>
</div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
</p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin-right:0in; margin-bottom:12.0pt; margin-left:0in">
That seems odd and not been my experience. Let me ask; why are you using the application firewall rather than the actual firewall (another reason all our edge’s should be using dual interfaces with LAN1 and LAN2 in their own separate security zones)? Is there
a reason you have to, in other words?</p>
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
Thanks,</p>
</div>
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
</p>
</div>
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
Ryan</p>
</div>
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin-right:0in; margin-bottom:12.0pt; margin-left:0in">
<br>
On Apr 30, 2019, at 08:49, Pawlowski, Adam <<a href="mailto:ajp26@buffalo.edu" target="_blank">ajp26@buffalo.edu</a>> wrote:</p>
</div>
<blockquote style="margin-top:5.0pt; margin-bottom:5.0pt">
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
Figured I’d also ask this question</p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
</p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
I note that it seems like any time I reboot an Expressway E, I have to go and re-activate all the firewall rules. They don’t seem to activate automatically.
</p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
</p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
Is there something I missed or is this really what’s necessary?</p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
</p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
Adam</p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
</p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
</p>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt; margin-bottom:5.0pt">
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; font-family:"Calibri",sans-serif; margin:0in; margin-bottom:.0001pt">
<span style="font-size:12.0pt; font-family:"Times New Roman",serif">_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183649818&sdata=rfseED4dMSZymuoVW%2BrtbugOj4FoZ9pKooPwyF3Fafc%3D&reserved=0" originalsrc="https://puck.nether.net/mailman/listinfo/cisco-voip" shash="TuTA+1Szka5Yq/Kr5muGC2iJIH18x73q/8kIdIEc2Ne+NP5hdBquK079D8Yvfim2wZfVtWBAIrvZe5mYdJ4kIPUdndL3OJGa12flPC3wY2xWcEIOJHvwXn8QSY5xd6WrvpyqAkI/CLA356EKqzisdbY+BAVq4+V4qdAzxg5DuFE=" target="_blank">https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C3fcc9eb351fe41b70dfc08d6cd6a4a65%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922253726465693&sdata=72kYzwChhoFD14H6a6mRTn4TdHUcMDcFWrMSXpRo%2Btw%3D&reserved=0</a></span></p>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; font-size:11pt; font-family:"Calibri",sans-serif">
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183669827&sdata=tkhF0mIVJuNq6B%2BZkgFeyn%2Bf81X5cqG%2F9OeXFfUDpN4%3D&reserved=0" originalsrc="https://puck.nether.net/mailman/listinfo/cisco-voip" shash="C5bSPJhsKFnKn9E0eQ6E11RDKzUCF69Z7GLlL2zym5TeW7+V1q1bCuKo3mUdhGWHqy9IqB6awU4zKowi2SvHXck0iO2BIkCb9IOpvbyTxOdFsIq1f3NyBay698zEysw9jjLImQrPPkHtMO7sxOnc9u4nNW6IounlWOeIwxaTcGc=" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a></p>
</blockquote>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</body>
</html>