Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Components (SIP front end/ Edge / Bastion) that need to install for each scenario 

Internal / external - Describes if the user is part of the company domain or a federated / guest user

Remote/ Local- Describes the location from which a user is connecting from-  local network or remote network.

Incoming/ Outgoing- define the direction of the traffic relative to the internal SIP domain

Business Case ExamplePreferred Setup
Prevent sensitive info from reaching users who are
not members of the company, except Anonymous
Guests		SIP Filter on the Skype for
Business Edge
Prevent sensitive data from reaching mobile
devices of an employee		Bastion HTTPS proxy
Block communication between different groups
inside the company		SIP on the Skype for Business
Front End
Prevent sensitive data from reaching devices of an
employee outside to corporate network		Bastion HTTPS proxy and SIP
Filter on the Skype for
Business Edge
Block file transfer for Anonymous Conference
guests and for Federated Peers		Bastion HTTPS proxy and SIP
Filter on the Skype for
Business Edge
Directional screen sharing in conference 

When using direction for screen sharing in conference with SipFilter, if the internal not allowed to share screen and he override existing sharing from the external (that allowed to share),
if there is another external in the conference, he will be able to see the screen of the internal.

There is no new invite that we can block for prenventing this senario, the only way was to manage external users in the meeting and block the sharing in the FE.

therefore, if you what to solve this issue you must to do the following steps:

  1. SipFilter must be installed on FE and EGDE (version 3.1.9.2 or higher)
  2. the filed: manage-meeting-external-users must be in the YAML and set to true in both FE and EDGE

the edge will manage the users in the DB (who join and who leave) and the FE will force the screenshare based on that


If customer would like to block external from seeing Desktop of internal for anonymous (done through webapp) - Bastion is required

If customer would like to block external from seeing Desktop of internal to Windows client Only sip should be installed on FE and Edge servers (Bastion not required)
If customer would like to block external from seeing Desktop of internal to mobile client Only sip should be installed on FE and Edge servers (Bastion not required)

Installing SIP Filter on the Front End may cause resource consumption and should be done following Ethical Wall Best Practice Tips

  • No labels