Ethical Wall and DLP Business Cases Implementation Table

Owned by Agat Support
Last updated: Dec 28, 2021

Components (SIP front end/ Edge / Bastion) that need to be installed for each scenario 


Internal / external - Describes if the user is part of the company domain or a federated / guest user

Remote/ Local - Describes the location from which a user is connecting from - local or remote network

Incoming/ Outgoing - Defines the direction of the traffic relative to the internal SIP domain

Business Case ExamplePreferred Setup
Prevent sensitive info from reaching users who are
not members of the company, except Anonymous
Guests		SIP Filter on the Skype for
Business Edge
Prevent sensitive data from reaching mobile
devices of an employee		Bastion HTTPS proxy
Block communication between different groups
inside the company		SIP on the Skype for Business
Front End
Prevent sensitive data from reaching devices of an
employee outside to corporate network		Bastion HTTPS proxy and SIP
Filter on the Skype for
Business Edge
Block file transfer for Anonymous Conference
guests and for Federated Peers		Bastion HTTPS proxy and SIP
Filter on the Skype for
Business Edge
Directional screen sharing in conference 

When using directional screen sharing in a conference with SipFilter, if the internal participant is not allowed to share their screen and they override existing sharing externally (that IS allowed to share),
if there is another external participant in the conference, they will be able to see the screen of the internal participant.

There is no new invite that we can block for preventing this scenario.  The only way is to manage external users in the meeting and block the sharing in the FE.

Therefore, if you want to solve this issue you must to do the following steps:

  1. SipFilter must be installed on FE and EGDE (version 3.1.9.2 or higher)
  2. the field manage-meeting-external-users must be in the YAML and set to true in both FE and EDGE

The EDGE will manage the users in the database (who join and who leave) and the FE will force the screenshare based on that

If the customer would like to block external participants from seeing Desktop of internal for anonymous (done through webapp) - Bastion is required

If the customer would like to block external participants from seeing Desktop of internal to Windows client - only sip should be installed on FE and Edge servers (Bastion is not required)
If the customer would like to block external participants from seeing Desktop of internal to mobile client - only sip should be installed on FE and Edge servers (Bastion is not required)

Installing SIP Filter on the Front End may cause resource consumption and should be done following Ethical Wall Best Practice Tips