So I was wondering what is the best practice when it comes to voice networks and firewall ports, I remember that somebody told me that unrestricted access is the best way to go to avoid any one-way audio and similar, which makes sense for voice vlans, but now with Jabber and other Collaboration solutions, IP to IP is still recommended?
I found this URLs:
Adding a bunch of line on the firewall for all the ports and protocols is not completely smart (yes, you can use object groups but still is a lot of work, and difficult to troubleshoot in my opinion)
What is your recommendation or best practice to allow communication between collaboration subnets?
If you need to run voice through firewall you need to open the required ports as documented in Cisco guides. It really depends on what is behind firewall, i.e. just phones, GW, CUBE, applications, etc?
Well, my concern is mostly with Jabber.
For voice only networks I dont my go IP-IP, but whit Jabber in mind, PC networks needs those access too and the port list increase with each release, so if I have Jabber+phones+GW+CUCM?
Well, there is not magic here.
If you want firewall between CUCM/phones,client you need to open the ports.
Is the firewall on the internal network? Do you have network diagram showing which components are in which firewall zone?
No at the moment, and is not a design problem, is more a "learning" problem.
Dont worry to much Chris, thank you for all your help! :D
You should allow the required to pass-through the firewall. Yes it is a pain and there is no silver bullet.