PDA

View Full Version : MGC setup

Skylark
02-09-2005, 06:34 AM
In a couple of weeks Im gona be seting up a MGC 50 in a hospital enviroment. Im gona be helped bya Polycom technician but I was wondering about security issues and I would like to have 3rd party opinino awalable when I start.


The MGC 50 has two IP cards in it and as I understand it we are gona use one for the inside network and one for the outside network.

Im worried about is haveng one device with two physical card on boath networks.

How sould I go about seting this up?
Should I bypass the firewall (PIX) or mage a hole through to the MGC, should I have boath cards on the DMZ or on on the outside or inside network?

Does anyone have any whitepaper on this or any advice on this?
Sean Lessman
02-09-2005, 07:33 AM
In a couple of weeks Im gona be seting up a MGC 50 in a hospital enviroment. Im gona be helped bya Polycom technician but I was wondering about security issues and I would like to have 3rd party opinino awalable when I start.


The MGC 50 has two IP cards in it and as I understand it we are gona use one for the inside network and one for the outside network.

Im worried about is haveng one device with two physical card on boath networks.

How sould I go about seting this up?
Should I bypass the firewall (PIX) or mage a hole through to the MGC, should I have boath cards on the DMZ or on on the outside or inside network?

Does anyone have any whitepaper on this or any advice on this?
Polycom assures its clients that there is no mixing of IP information, instead on the audio/video information is mixed in the box. This is probably the case.

However, the drawback to this is all calls must be scheduled to connect to a site through the firewall. In addition, using a feature like AES (encryption) would eat up 4 ports for one point to point call (2 ports for the IP call inside, 2 for the IP call outside). The MGC also becomes the bottleneck for new features supported by the endpoint (case in point H.264 and H.239 are coming up on their 2 year anniversary in July and still no support in the MGC, AES even longer than that).

Opening the ports on the firewall is going to be a security hassle. I would investigate a firewall traversal solution as they can be used both with the MCU and any adhoc point to point that wants to go through the firewall. And shamelessly I will plug TANDBERG by saying we have a very good solution for this that was just released this week. This solution allows all features through, even the proprietary ones like Siren 14 and People+Content.

Sean