Hi
I m new to Esx3.5 and below is my issue details
1. installed esx3.5 on dell 2900 ( with PERC 6/I controller) -working ok
2. created Virtual switch configuration on NIC2 ( for internal VM traffic )-working ok
3. Created virtual switch configuration on NIC3 ( for Iscsi storage traffic)-working ok
4. created VM's on dell server and allocate storage -working ok
5. default firewall port is open by esx
however i have installed VoIP server on one of VM i found following issue
we have watchguard firebox and NAT with VOip server IP for all incoming and outgoing traffic
i am able to register and place call to outside world but i am unable to register and receive call from outside to inside world where my Voip server is placed
i am able to place call to outside pstn number also i am able to place call to internal extension but i am unable to place call to external extension
can anybody helps me to fix this
Thanks
Bhavik
Hello,
Moved to Virtual Machine and Guest OS forum.
5. default firewall port is open by esx
Not necessary for a VM. VM's do not use the ESX firewall.
we have watchguard firebox and NAT with VOip server IP for all incoming and outgoing traffic
i am able to register and place call to outside world but i am unable to register and receive call from outside to inside world where my Voip server is placed
Sounds like a NAT issue.
i am able to place call to outside pstn number also i am able to place call to internal extension but i am unable to place call to external extension
Could also be a NAT issue.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast
Hi
As suggested, i tried without Watchguard firebox to resolve NAT issue
PROBLEM NOT SOLVE.
Thanks
Bhavik
Hello,
COuld also be the firewall make sure incoming ports are properly redirecting to the VOIP VM. THere would not be anything in ESX that would prevent this, sounds like a networking issue.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast
Hi
I just directed port
5060 -(Sip ) to Voip VM and port 10,000 to 20000 (UDP) to Voip VM
As Voip workd on SIP and UDP.
is there anything to be internally directed or internal configuration on ESX??
Thanks
Bhavik
Hello,
VMware ESX's firewall is JUST for the service console. In other words it does not impact your VM network at all. So within ESX there is nothing you can do but setup the virtual network.
Since that aspect worked, the extension issue may also be a firewall issue that is outside ESX. I would assume you did a redirection on your External firewall not within the service console?
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast
Hi
Its worked.
But , without Firewall . my server is open to public now without masking.
I may need to check firewall settings
Thanks
Bhavik patel
Hello,
You should use a virtual firewall or some external to the VM network firewall. Remember the ESX firewall does not work for VMs, it is just for the service console.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast
Hi
I have checked with Watchguard - and answer is does not support SIP ( current version of watchguard fireware ) bcoz of hairpinning and monitoring issue.
and support suggested configuration below
and being a VoIP service provider i need to authenticate every calls and by using current set-up my all VM's are suppose to open to public
and does not qualify security standards.
any idea..??
Bhavik
Hello,
I would start to investigate other firewalls... a vFW you could investigate is IPcop, Smoothwall, etc.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast
Hi
Thanks for the same..right now my Voip box and esx is under Test environment ..so i have time to investigate other options.
I have found somewhere snort is also good option. and somewhere Thirdbrigade ( www.thirdbrigade.com) (they called Virtual cloud computing to protect VMs )
But, found some interesting stuff from VoIP community shows Watchguard is support SIP below is link
Thanks
Bhavik
Hi
I think smoothwall is ok. and working good.
Thanks for your extended support.
Thanks
Bhavik patel