Manualshelf

HP Survivable Branch Communication zl Module powered by Microsoft Lync Planning and Design Guide 2011-02

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
71727374757677787980
2-45
Design Considerations
Planning Security
Table 2-21 displays the rules that HP has added to the SBM’s firewall.
Table 2-21. Firewall Rules Added by HP at Factory Default Settings
USGCB Recommendations That Must Not Be Implemented
There are several settings recommended by the USGCB that you must not
implement because they will interfere with the installation process or cause
the SBM to malfunction.
Table 2-22 displays the recommended settings that must not be implemented.
The correct setting is configured by default unless a domain policy changes it
when the SBM joins the domain. Therefore, you should check your domain
policies for the settings shown in the table, and disable those policies for the
SBM.
The first column generally lists the registry path for the setting. A few settings
are not registry settings, so the first column lists other identifying information.
Rule Name Rule
CS TCP444 dir=in,action=allow,localip=any,remoteip=any,protocol=any,profile=
any,enable=yes
CS rtcmedsrv dir=in,action=allow,program="%PROGRAMFILES%\Microsoft
Communications Server 2010\Mediation
Server\MediationServerSvc.exe",service=RTCMEDSRV,localip=any,l
ocalport=any,remoteip=any,remoteport=any,protocol=TCP,profile=a
ny,enable=yes
CS rtcsrv dir=in,action=allow,program="%PROGRAMFILES%\Microsoft
Communications Server
2010\Server\Core\RTCSrv.exe",service=RTCSrv,localip=any,localport
=any,remoteip=any,remoteport=any,protocol=TCP,profile=any,enabl
e=yes
CS MSSQL dir=in,action=allow,program="%PROGRAMFILES%\Microsoft SQL
Server\MSSQL10.RTCLOCAL\MSSQL\Binn\sqlservr.exe",service="M
SSQL$RTCLOCAL",localip=any,localport=any,remoteip=any,remotep
ort=any,protocol=TCP,profile=any,enable=yes
Outbound444 dir=out,action=allow,localip=any,remoteip=any,protocol=any,profile
=any,enable=yes
PSTN Gateway TCP dir=in,action=block,localip=any,localport=5081,remoteip=any,remote
port=any,protocol=TCP,profile=any,enable=yes
PSTN Gateway TLS dir=in,action=block,localip=any,localport=5082,remoteip=any,remote
port=any,protocol=TCP,profile=any,enable=yes