Allowing incoming calls to Polycom VC

Hi,

 

Does anyone have any guidance around allowing incoming calls to a polycom VC?

We have an XG210 and 310, multiple WAN addresses (so can assign a separate Public address to VC)

I have created an SNAT rule as per (https://community.sophos.com/kb/en-us/123295) which should allow the VC to make outgoing calls.

 

Creating a DNAT rule seems a bit harder though due to the polycom requiring multiple ports.

I was thinking about creating 2 DNAT rules (one to list required TCP ports, and one for required UDP ports) but wanted to get someone else's view on this...

there doesn't appear to be much on this topic in the forums.

 

Thanks,

Matt

  • Hi,

    you only need one rule otherwise the traffic will be dropped before getting to the second rule.

    You can create a port group to use in the rule or you can add individual ports to your rule, this also make debugging easier as all traffic is referenced against the one rule.

    I can't provide the specifics because my XG is off until v17b is released.

  • In reply to rfcat_vk:

    I did create the services and service groups with all of the correct ports, but I couldn't see anywhere to include them into the DNAT rule.

    Using this as a reference.

  • HI Matthew, 

    I would recommend you to configure Proxy Arp for your Polycom server. This will use the WAN address dedicated to the Polycom Server . 

    Kindly refer the KB article http://sophos.com/kb/123525 for more information . 

  • In reply to Aditya Patel:

    Hi Aditya,

    Thanks for the suggestion, So to be clear, we would put the Polycom units into the DMZ, but with the dedicated public IP, setup proxy arp so we can talk to them, then configure the WAN to DMZ network rule with the appropriate service group?

    Thanks,

    Matt

  • In reply to Matthew Trigg:

    HI Matthew, 

    Yes , the proxy arp would allow you to configure Public address onto your Polycom server. Plus you could regulate the service allowed via WAN to DMZ rule and same for DMZ to WAN .