04-16-2013 04:47 AM - edited 03-18-2019 12:56 AM
Hello,
We need to deny VC calls some specific IP addresses through VCS control or Expressway.
Since IP addresses are not possible to filter with pattern matching in the Search Rules, or Policing,
how can i configure or filter specific IP's as 'denied' destinations.
any idea welcome, regards, hans
04-16-2013 07:09 AM
Could use VCS's call policy using regex and the destination field.
04-16-2013 07:13 AM
The VCS also has a firewall which can be configured from the web interface - System > Firewall rules > Configuration
which could block the IP addresses, though I'm not sure this would give good user experience
04-16-2013 11:01 AM
Guy,
In general you're right. But the Firewall comes just with X7.2x and we've made too many bad experiences until now with it.
So, we are back on X7.1. running without any issue.
regards, hans
04-16-2013 09:32 AM
Hi Hans,
as far as I understood you want to restrict calls to some IP address going out of the VCS Expressway.
In general if you want to deny calls to IP addresses you can do so via search rules targeting the DNS zone, i.e. do not create “Any IP” rule
Another way would be (that in case you want to allow calls some IP addresses) to create subzone membership rules containing those IP’s and se the “Call to unknown IP addresses” configuration setting to “Indirect”.
Or perhaps turn it off completely.
Hope that helps :-)
Regards//Andrey
04-16-2013 11:07 AM
Andrey,
Both your possibilities 1 and 2 might have the potential to invent something. I will try.
Thanks, Hans
04-16-2013 02:53 PM
Hi Haprinz,
although search rule does not provide you filtering scheme based on different IP addresses but subzone membership does provide that. you can register the endpoints on different subzones and grant/access calls and registrations by search rules or more versatile by CPL script.
regards, Ahmad
04-17-2013 02:40 PM
Is it regards scans on the internet?
Then disabling sip-udp on the VCS-E is a big help.
Also trying not to use numbers as 100 1000 101 1001 200 for video endpoints could be helpful :-)
What kind of calls do you see as the problem? If you have some more info about the
unwanted calls (how the source and destination looks like, why you dont want them, ...)
Please remember to rate helpful responses and identify
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide