06-01-2016 01:44 AM
Hello,
is there a way to let our users use proxmity without exposing the admin-interface of our telepresence-systems?
Because all our telepresence systems are registered on our CUCMs the share the network as DHCP-clients with normal ip-phones.
To get Proximity working, we need to give the clients access to port 443 (https) to this network. This means, that users cannot only use proximity, but also access the administrative interface of the telepresence-systems and IP-Phones. I think, that this is unacceptable, not only in our company.
Is there a way to separate this? So the proximity service listens on different port, then the admin-interfaces?
Thanks for help
regards
Florian
Solved! Go to Solution.
06-05-2016 09:36 PM
If you have admin username/password combinations on your endpoints, then the users, unless they know the credentials will not be able to change any settings on the endpoints by accessing the web browser interfaces.
If you don't have your endpoints web interfaces protected with something other than the default admin username and password, it's strongly recommended to do so.
Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
06-05-2016 09:36 PM
If you have admin username/password combinations on your endpoints, then the users, unless they know the credentials will not be able to change any settings on the endpoints by accessing the web browser interfaces.
If you don't have your endpoints web interfaces protected with something other than the default admin username and password, it's strongly recommended to do so.
Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
07-26-2016 12:44 AM
Although restricting access via auth is possible, it would be preferential to block this further upstream. This is particularly relevant for any environments where there is a desire to provide proximity access from guest networks.
I'm sure the problem is already being considered, but it appears a simple solution would be to have the proximity server operate on an alternative port in future firmware.
08-30-2016 10:38 PM
Hi Wayne,
i do not agree to that. It was and it is always best practice to hide administrative interfaces from normal users. Nobody can hack into a system, that he is unable to access at all. Deployingn Proximity in a typical enterprise environment means giving access from internal networks and guest networks as well, so also guests can share their screens via proximity.
So in my opinion its not acceptable to have the admin-page also reachable for guests...
Perhaps Cisco should reconsider, if this is really a good idea and not a showstopper for many enterprises to deploy Proximity within their networks.
Regards
Florian
10-10-2016 12:41 AM
This is actually a planned feature, just not a prioritized one right now. Sorry about that.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: