Post

1 follower Follow
0
Avatar

How can I prevent guest users to use Gw Rules?

Hello Guys,

We have in my lab:
2 conf node internal
1 conf node DMZ NATed

I’ve setting several GW rules and all is working very well.

I would like to have your opinion about how can I setting the following scenario.

Today I noticed that when I use WEBRTC from outside (my home) without any authentification, I can of course join my VMR but also connect to external IP public H323 through Gateway rules.

You have the same setting in your pexipdemo portal 😉

How can I prevent external user (guest) to use these Gateway rules?

I would like that external user through WEBRTC join only the pexip VMR.

Of course I would like to do it without affect users from my company who want to use GW rules through WEBRTC.

Is there any way when you create GW rule to specify if this rules can be used by all users or just authenticated users (internal users).

Thanks by advance for your help

Abdel

 
Graham Walsh

Please sign in to leave a comment.

4 comments

0
Avatar

Hi Abdel,

You can set a Call routing rule to match from one specific location (i.e. Internal and not dmz).

If you have registered clients – we do not have a way of giving them different access to call rules… yet 🙂

Thanks for the input, it is indeed on our list of things we want to add at a later point.

Marius

 
Graham Walsh 0 votes
0
Avatar

Hi Marius,

Thanks for your quick answer.

I know that I can set a Call routing rule to match from one specific location. But I’ve some registered participant who use from outside of my company therefore it’s not possible to apply this.

It should be a good thing if you can add the ability from WEBRTC (not pexipapp) to authenticate with LDAP in order to give access to the GW rules you have setting with authentification.

Indeed If you deploy PEXIP at customer for the following feature MCU,Gateway and WEBRTC you will have problem to prevent unauthorized user to use the GW rules, especially if you have an ISDN GW in your infrastructure and want that only registered or authenticated pexip user can use it.

You can maybe first quickly add the ability in the GW rules to distinguish source protocol webRTC and Pexipapp user even if both use WebRTC protocol.

Thanks

Graham Walsh 0 votes
0
Avatar

Hello,

What you can do also, that need a little development (policy server) is:
1. Catch all dialstring that match your gateway rule
2. Send back a two_stage_dialing service configuration that would ask and id which you can use as a pin code
3. Send back a VMR with dialed string as service_name and automatic dialed participant (which is more likely a gateway usage)

Not tested but that should work.

Damien

Graham Walsh 0 votes