RE: [fw-wiz] Apple's iSight and Firewalls
To: Dave Killion <Dkillion@netscreen.com> Date: Wed, 20 Aug 2003 13:58:20 -0400 (EDT)
For h.323 an netmeeting, all I needed to do was open udp 1719 to the
gatekeeper's address... am I missing something here or where does the
"swiss cheese" come into play?
On Wed, 20 Aug 2003, Dave Killion wrote:
> If it's a site-to-site video confererencing system, where both sides are
> firmly under your control (Corp HQ to Corp Office, etc), I'd strongly
> recommend a VPN tunnel, which solves most of the Swiss-cheese problems.
> This is something you should already have, anyway.
> Just a thought...
> Dave Killion
> Senior Security Engineer
> Security Group, NetScreen Technologies, Inc.
> -----Original Message-----
> From: jseymour@LinxNet.com [mailto:jseymour@LinxNet.com]
> Sent: Tuesday, August 19, 2003 5:43 PM
> To: firstname.lastname@example.org
> Subject: [fw-wiz] Apple's iSight and Firewalls
> Hi All,
> My company would like to set up inexpensive video-conferencing.
> They've been bugging me for a solution for some time. The partner
> company, being All Windows, All The Time, of course immediately
> suggested NetMeeting. ISTR a discussion about NetMeeting here, perhaps
> prompted by me, and, IIRC, it pretty much requires one make swiss
> cheese of their firewall for it to work. I vetoed it, and management
> backed me up. Doing a search on "NetMeeting" on SecurityFocus was not
> encouraging, either.
> Recently they bought me an iBook to do some WebObjects development
> with. It just hit me today that maybe Apple's iSight product would do
> the trick for video conferencing.
> Problem is: I've no idea what iSight would need through the firewall.
> There's this:
> If 5060 and 16384 through 16403 UDP are all that are required, and I
> can specify the only allowed IP address inside they would forward to,
> well, that might be acceptable.
> Comments? Opinions? Suggestions? Flames? ;)
> Jim Seymour | PGP Public Key available at:
> jseymour@LinxNet.com |
> http://jimsun.LinxNet.com |
> firewall-wizards mailing list
firewall-wizards mailing list