Deploying the ShoreTel Service Appliance (SA -100) in the demilitarized zone (DMZ) is the preferred method to
facilitate external traffic. In the scenario where a service appliance is deployed in the DMZ, the following requirements apply: Enable routable traffic between the DMZ and LAN. Network Address Translation (NAT) can not be used for network traffic between these points. Adequate bandwidth between DMZ and LAN with a minimum of voice latency and jitter. DNS (Domain Name System) configuration to resolve both internal and external addresses. A DNS configured to external addressing only, with a host file configured to handle traffic internally, may be used as an alternative. If a Service Appliance is made available from the Internet, all other Service Appliances need to be accessible and addressable from the Internet. The network requires port-forwarding through the firewall which is restricted to web ports (80- unsecure HTTP and 443-secure HTTPS). In the scenario where a Service Appliance is deployed on the trusted internal network, the following requirements apply: The network requires port-forwarding through the firewall which is restricted to web ports (80- unsecure & 443-HTTPS). Alternatively, a reverse-proxy server can be used instead of portforwarding but this requires the provision of an additional server. The network requires DNS configuration both internally to resolve internal addresses and externally to resolve to external addresses. Alternatively, a network can be configured with DNS configured for external addressing only and a host file configurated to handle traffic internally.
0 Comments
|
AuthorSharmin Ferdusy Archives
August 2014
Categories |