We need to deny VC calls some specific IP addresses through VCS control or Expressway.
Since IP addresses are not possible to filter with pattern matching in the Search Rules, or Policing,
how can i configure or filter specific IP's as 'denied' destinations.
any idea welcome, regards, hans
The VCS also has a firewall which can be configured from the web interface - System > Firewall rules > Configuration
which could block the IP addresses, though I'm not sure this would give good user experience
In general you're right. But the Firewall comes just with X7.2x and we've made too many bad experiences until now with it.
So, we are back on X7.1. running without any issue.
as far as I understood you want to restrict calls to some IP address going out of the VCS Expressway.
In general if you want to deny calls to IP addresses you can do so via search rules targeting the DNS zone, i.e. do not create “Any IP” rule
Another way would be (that in case you want to allow calls some IP addresses) to create subzone membership rules containing those IP’s and se the “Call to unknown IP addresses” configuration setting to “Indirect”.
Or perhaps turn it off completely.
Hope that helps :-)
although search rule does not provide you filtering scheme based on different IP addresses but subzone membership does provide that. you can register the endpoints on different subzones and grant/access calls and registrations by search rules or more versatile by CPL script.
Is it regards scans on the internet?
Then disabling sip-udp on the VCS-E is a big help.
Also trying not to use numbers as 100 1000 101 1001 200 for video endpoints could be helpful :-)
What kind of calls do you see as the problem? If you have some more info about the
unwanted calls (how the source and destination looks like, why you dont want them, ...)
Please remember to rate helpful responses and identify