Hi

As suggested, i tried without Watchguard firebox to resolve NAT issue

PROBLEM NOT SOLVE.

Thanks

Bhavik

Hello,

COuld also be the firewall make sure incoming ports are properly redirecting to the VOIP VM. THere would not be anything in ESX that would prevent this, sounds like a networking issue.

Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

Hi

I just directed port

5060 -(Sip ) to Voip VM and port 10,000 to 20000 (UDP) to Voip VM

As Voip workd on SIP and UDP.

is there anything to be internally directed or internal configuration on ESX??

Thanks

Bhavik

Hello,

VMware ESX's firewall is JUST for the service console. In other words it does not impact your VM network at all. So within ESX there is nothing you can do but setup the virtual network.

Since that aspect worked, the extension issue may also be a firewall issue that is outside ESX. I would assume you did a redirection on your External firewall not within the service console?

Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

Hi

Its worked.

But , without Firewall . my server is open to public now without masking.

I may need to check firewall settings

Thanks

Bhavik patel

Hello,

You should use a virtual firewall or some external to the VM network firewall. Remember the ESX firewall does not work for VMs, it is just for the service console.

Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

Hi

I have checked with Watchguard - and answer is does not support SIP ( current version of watchguard fireware ) bcoz of hairpinning and monitoring issue.

and support suggested configuration below

and being a VoIP service provider i need to authenticate every calls and by using current set-up my all VM's are suppose to open to public

and does not qualify security standards.

any idea..??

Bhavik

Hello,

I would start to investigate other firewalls... a vFW you could investigate is IPcop, Smoothwall, etc.

Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

Hi

Thanks for the same..right now my Voip box and esx is under Test environment ..so i have time to investigate other options.

I have found somewhere snort is also good option. and somewhere Thirdbrigade ( www.thirdbrigade.com) (they called Virtual cloud computing to protect VMs )

But, found some interesting stuff from VoIP community shows Watchguard is support SIP below is link

Thanks

Bhavik

Hi

I think smoothwall is ok. and working good.

Thanks for your extended support.

Thanks

Bhavik patel