my customer wants to allow endpoints to only register via SIP TLS on their VCS-Expressway.
B2B calls shall be allowed via both SIP TLS & TCP as well as H323.
Is there a way on VCS to deny SIP TCP and H323 registrations via CPL?
If yes, how?
I made a quick drawing and attached it as pdf, to clarify what I mean.
Thanks in advance!
H323 registration can be stopped simply be creating a Deny rule for your H323 registration port (default is 1719/udp) on the VCS's built-in firewall. I had to restart the VCS for it to take effect, although I shouldn't have. SIP is much more difficult though because the registration port is not unique--it's the same port used for call setup. I don't recall anything in CPL that will let you do this, but I'm sure others have more experience with CPL than I do.
please check if setting up Default Zone Access Rules would resolve your problem - (
Configuration>Zones >Default Zone access rules).
And also I imagine that the local and remote expressway will establish client - server traversal zone , correct?