Versions Compared

Version Old Version 7 New Version Current
Changes made by

Agat Support

Agat Support

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Components (SIP front end/ Edge / Bastion) that need to be installed for each scenario 


Internal / external - Describes if the user is part of the company domain or a federated / guest user

Remote/ Local - Describes the location from which a user is connecting from - local or remote network

Incoming/ Outgoing - Defines the direction of the traffic relative to the internal SIP domain


Business Case ExamplePreferred Setup
Prevent sensitive info from reaching users who are
not members of the company, except Anonymous
Guests		SIP Filter on the Skype for
Business Edge
Prevent sensitive data from reaching mobile
devices of an employee		Bastion HTTPS proxy
Block communication between different groups
inside the company		SIP on the Skype for Business
Front End
Prevent sensitive data from reaching devices of an
employee outside to corporate network		Bastion HTTPS proxy and SIP
Filter on the Skype for
Business Edge
Block file transfer for Anonymous Conference
guests and for Federated Peers		Bastion HTTPS proxy and SIP
Filter on the Skype for
Business Edge
Directional screen sharing in conference 

When using

direction for

directional screen sharing in a conference with SipFilter, if the internal participant is not allowed to share their screen and

he

they override existing sharing

from the external

externally (that IS allowed to share),
if there is another external participant in the conference,

he

they will be able to see the screen of the internal participant.

There is no new invite that we can block for

prenventing this senario, the

preventing this scenario.  The only way

was

is to manage external users in the meeting and block the sharing in the FE.

therefore

Therefore, if you

what

want to solve this issue you must to do the following steps:

  1. SipFilter must be installed on FE and EGDE (version 3.1.9.2 or higher)
  2. the
filed: 
  1. field manage-meeting-external-users must be in the YAML and set to true in both FE and EDGE
the edge

The EDGE will manage the users in the

DB

database (who join and who leave) and the FE will force the screenshare based on that

If the customer would like to block external participants from seeing Desktop of internal for anonymous (done through webapp) - Bastion is required

If the customer would like to block external participants from seeing Desktop of internal to Windows client - only sip should be installed on FE and Edge servers (Bastion is not required)
If the customer would like to block external participants from seeing Desktop of internal to mobile client - only sip should be installed on FE and Edge servers (Bastion is not required)


Info

Installing SIP Filter on the Front End may cause resource consumption and should be done following Ethical Wall Best Practice Tips

...