Micollab Mobile/UCA mobile (rel 6.0) - a way to lock it down on the firewall

[Rixy]

Hi all,

Bit of a security based question here and wonder if anyone has any thoughts or has practiced this in real life.

Micollab mobile (or UCA mobile for the old skool) requires a fair amount of ports, effectively open to the world. Has anyone managed to lock down the amount of ports open for this application to work, or are we pretty much stuck with a larger hole in the firewall?

Cheers

Rixy

[dilkie]

don't you front it with MBG?

[Rixy]

Nope, we have the MBG in the DMZ.

[dilkie]

and your uca clients are not accessing the uca server via your MBG?

[Rixy]

yes they are, but the MBG is behind a firewall in a DMZ, and then the UCA server and the MBG can interact on the relevant ports between the DMZ and the internal network.

[bluewhite4]

yes they are, but the MBG is behind a firewall in a DMZ, and then the UCA server and the MBG can interact on the relevant ports between the DMZ and the internal network.

Then, no. You'll need all the ports open for remote UCA users to work correctly.

[dilkie]

yes they are, but the MBG is behind a firewall in a DMZ, and then the UCA server and the MBG can interact on the relevant ports between the DMZ and the internal network.

Then, no. You'll need all the ports open for remote UCA users to work correctly.

Indeed.. At least the internet can only access MBG, which is locked down more and has better security/access control than the uca server itself.. But you do need those ports open for the product to operate.

[Rixy]

Thanks Blue, pretty much confirmed my thoughts on it. The answer i discussed on a Mitel course recently was just to make sure that you have strong passwords in place!!! 

Thanks for your assistance to Dilkie.