Components (SIP front end/ Edge / Bastion) that need to install for each scenario
Internal / external - Describes if the user is part of the company domain or a federated / guest user
Remote/ Local- Describes the location from which a user is connecting from- local network or remote network.
Incoming/ Outgoing- define the direction of the traffic relative to the internal SIP domain
| Business Case Example | Preferred Setup |
|---|---|
| Prevent sensitive info from reaching users who are not members of the company, except Anonymous Guests | SIP Filter on the Skype for Business Edge |
| Prevent sensitive data from reaching mobile devices of an employee | Bastion HTTPS proxy |
| Block communication between different groups inside the company | SIP on the Skype for Business Front End |
| Prevent sensitive data from reaching devices of an employee outside to corporate network | Bastion HTTPS proxy and SIP Filter on the Skype for Business Edge |
| Block file transfer for Anonymous Conference guests and for Federated Peers | Bastion HTTPS proxy and SIP Filter on the Skype for Business Edge |
| Directional screen sharing in conference | When using direction for screen sharing in conference with SipFilter, if the internal not allowed to share screen and he override existing sharing from the external (that allowed to share), There is no new invite that we can block for prenventing this senario, the only way was to manage external users in the meeting and block the sharing in the FE. therefore, if you what to solve this issue you must to do the following steps:
the edge will manage the users in the DB (who join and who leave) and the FE will force the screenshare based on that If customer would like to block external from seeing Desktop of internal for anonymous (done through webapp) - Bastion is required |
Installing SIP Filter on the Front End may cause resource consumption and should be done following Ethical Wall Best Practice Tips