[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cisco-voip
Subject:    Re: [cisco-voip] [EXT] Re:  Expressway E Firewall Rule Activation
From:       Ryan Huff <ryanhuff () outlook ! com>
Date:       2019-04-30 18:23:49
Message-ID: BN6PR08MB272466CF45EE76DACF95CA53C53A0 () BN6PR08MB2724 ! namprd08 ! prod ! outlook ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]

[Attachment #4 (text/plain)]


@Anthony Holloway<mailto:avholloway+cisco-voip@gmail.com> You are correct. Whether \
Expressway Control crosses a network boundary or not to talk to Expressway Edge \
(LAN1), its still communicating; it just doesn't have the additional network boundary \
(that it traverses) for protection (where the ACLs live). In essence, if someone \
compromised the Expressway Edge, they could also in theory, get to the Expressway \
Control server since edge LAN2 inherently talks to edge LAN1. Since many customers \
put the Expressway Control server on the same network as the rest of the UC \
servers... yikes.

The LAN1 DMZ (or at least a separate network with ACLs if you can't do a true \
security context) is very important in the dual NIC design. On the occasions where \
I've found customers with Expressway Control and Edge (LAN1) in the same network, I \
have advised them to change that to a DMZ or just separate network with ACLs (which \
is usually sufficient) ... anything to get some type of barrier between Expressway \
Control and Edge (LAN1).

That said, "Expressway on a Stick" works just fine barring limitations to \
"hairpinning" in whatever the firewall is; though it is not the Cisco recommended \
deployment model in the documentation. Every Expressway deployment should try to \
achieve two security contexts on the edge (or isolated networks with ACLs).

-Ryan

________________________________
From: Jeffrey McHugh <jmchugh@fidelus.com>
Sent: Tuesday, April 30, 2019 1:29 PM
To: Ryan Huff; Anthony Holloway
Cc: cisco-voip@puck.nether.net; Pawlowski, Adam
Subject: RE: [EXT] Re: [cisco-voip] Expressway E Firewall Rule Activation


I see a mixture of both and insist on the dual, even it means pushing back an \
implementation.



TAC recommends the dual and the advanced networking guide calls that out, along with \
"not all firewalls support the singe NIC type of NAT",  it uses about triple the \
bandwidth per call and I don't think you can cluster them w only single NIC



Jeffrey McHugh | Sr. Collaboration Consulting Engineer

[Company_Logo_Image]<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2F \
www.fidelus.com%2F&data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640 \
afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183579759&sdata=12L445HKngUMa7KgEKAHcJ1Q8B2juxp0QnlgqCel9%2FY%3D&reserved=0>
 Fidelus Technologies, LLC
Named Best UC Provider in the \
USA<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fidelus.com%2 \
Ffidelus-technologies-named-best-unified-communications-provider-in-the-usa%2F&data=02 \
%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0 \
%7C636922422183589770&sdata=dX1CbaWKZbL5%2F3gTq2nHG%2BF9GA01Y%2BzZmtxBJ7WbnVs%3D&reserved=0>
 240 West 35th Street, 6th Floor, New York, NY 10001
+1-212-616-7801 office | +1-212-616-7850 fax | \
www.fidelus.com<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.f \
idelus.com%2F&data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb43 \
5aaaaaaaaaaaa%7C1%7C0%7C636922422183599775&sdata=la9a%2F2nGCB%2BUBT6JxxSuLZodhixLK2qY4bVW9ws1PtU%3D&reserved=0>
 [LinkedIn]<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linke \
din.com%2Fcompany%2Ffidelus-technologies%2Fproducts&data=02%7C01%7C%7Cf85c7280f6004047 \
6fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183609786&sdata \
=Ho6IAzCFVh4UkBZdoMw8%2Bd0I5K0SavdgAZ7MuxwnI4I%3D&reserved=0>[Twitter]<https://eur01.s \
afelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.twitter.com%2FFidelusUCC&data=02 \
%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0 \
%7C636922422183619791&sdata=WJ3mKlMcZ3QwuiiJ%2B4pt6wK6Exmw4JCKwNRNpmrqacU%3D&reserved= \
0>[Facebook]<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.face \
book.com%2FFidelusUCC&data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f \
640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183629802&sdata=I%2FnjBEdwRJKy3zsEI41fW%2BZAQ \
eOkiLcbWffpF%2BlQYP8%3D&reserved=0>[YouTube]<https://eur01.safelinks.protection.outloo \
k.com/?url=http%3A%2F%2Fwww.youtube.com%2FFidelusTraining&data=02%7C01%7C%7Cf85c7280f6 \
0040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183639807&sdata=Vckk3PrVKllvNCL8ol%2Bs9O%2BGF%2FjneLYtPe6wcJyUSow%3D&reserved=0>


Disclaimer - This email and any files transmitted with it are confidential and \
intended solely for the person(s) addressed to. If you are not the named addressee \
you should not disseminate, distribute, copy or alter this email. Any views or \
opinions presented in this email are solely those of the author and might not \
represent those of Fidelus Technologies, LLC. Warning: Although Fidelus Technologies, \
LLC has taken reasonable precautions to ensure no viruses are present in this email, \
the company cannot accept responsibility for any loss or damage arising from the use \
of this email or attachments.

From: cisco-voip <cisco-voip-bounces@puck.nether.net> On Behalf Of Ryan Huff
Sent: Tuesday, April 30, 2019 12:33 PM
To: Anthony Holloway <avholloway+cisco-voip@gmail.com>
Cc: cisco-voip@puck.nether.net; Pawlowski, Adam <ajp26@buffalo.edu>
Subject: [EXT] Re: [cisco-voip] Expressway E Firewall Rule Activation



Not generally, no. A couple of my larger customer's that have fully fleshed out IT \
departments did though.



For a few of my customers I've had to walk them through setting a 2nd one up. In some \
cases, not even a true DMZ and just a new network and lock it down with ACLs.



I've also had customer's which do the DMZ on "LAN2" (outside), and then keeps LAN1 in \
the same network as Expressway-C. This particular method doesn't offer a lot of \
advantages (from a infosec perspective) over a "Single NIC", but still makes the \
traffic flow more logical, easier to support and troubleshoot and keeps you from \
having to "hairpin" in the firewall (ewww, like gag me with a spoon man lol), which I \
have never been a fan of from a design perspective.

-Ryan

On Apr 30, 2019, at 12:12, Anthony Holloway \
<avholloway+cisco-voip@gmail.com<mailto:avholloway+cisco-voip@gmail.com>> wrote:

Ryan,



Do you have any insight as to whether or not it's common for Firewalls in the field \
to already have more than one DMZ defined?  In my limited experience, I have never \
seen it done, and I am having to have that second DMZ created to support Expressway.  \
For that reason, I actually tend to think the single NIC approach is better, \
although, the NAT reflection could be a limitation of some firewalls.



On Tue, Apr 30, 2019 at 11:09 AM Ryan Huff \
<ryanhuff@outlook.com<mailto:ryanhuff@outlook.com>> wrote:

Adam,



I certainly didn't mean to imply the, "Expressway Edge on a Stick" method doesn't \
work, though out of pure technical curiosity, I would be curious as to what exists in \
your environment that would make a " single NIC" Expressway Edge deployment more \
preferred than "dual NICs" (not that I expect you would or could say). I can think of \
very few reasons that a single NIC edge would be more ideal than a dual NIC edge \
(outside of the infosec team just not wanting to screw with the firewall, or \
production not being able to sustain a maintenance window); its easier to \
troubleshoot, easier to install, easier to support and easier to secure.

Though, I suspect I'm, "preaching to the choir", lol 😉. All good my friend.



Thanks,



Ryan



________________________________

From: Pawlowski, Adam <ajp26@buffalo.edu<mailto:ajp26@buffalo.edu>>
Sent: Tuesday, April 30, 2019 11:36 AM
To: 'Ryan Huff'
Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: RE: [cisco-voip] Expressway E Firewall Rule Activation



Ryan,



The "tl;dr" is that we were sort of given the recommendation by Cisco to just run it \
with the single interface given our environment and requirements, and hasn't given us \
any trouble that I can recall.



Long story is …

Our environment ends up being the driver for a lot of this, as it is sort of a \
historic design from the early internet, with just about everything on public address \
space, and various services and networks secured behind firewalls as needed from \
internal and external alike.



In the dual interface design, the outside interface sits in a "DMZ" with a firewall, \
which we don't have available explicitly. There is a border firewall but that isn't \
really its function. The inside leg has to sit somewhere as well, which is a place \
that doesn't exist.

We did have a competitor's border proxy become compromised in the past due to a \
software update, and this model where the inside wasn't properly secured – and \
given our current VMWare topology, creating another zone to hairpin traffic around to \
separate that inside interface wasn't in the cards. Not to mention the annoyance of \
trying to setup split routes on this device to allow some traffic to go in, some to \
go out, in an environment that is MRA only.



If you trust the E enough never to be a bad actor, then you could put that interface \
in the same zone as your other collaboration appliances, like the Expressway C, but, \
we didn't want to do that either really.



Given that, we did have a call with Cisco to discuss this, and with representation \
from the Expressway group they recommended that we stick with the single interface \
design.  That was based on the public addressing (so we could avoid NAT reflection) \
and that despite the pipe dream of everyone wanting HD video calling and mobile \
client access, we didn't see that we'd be pushing that much traffic.



As it is, the E clusters sit in a collaboration DMZ, where they are independent from \
any of our other appliances and treated like any other host on our network. Our \
application firewalls do not allow anything in from the Expressway E since the C \
tunnels to it, so really the only thing lacking from a security standpoint there \
could be containment of that host, but, we chose to guard from it instead.



Since we installed it back on X8.8 or whatever, I'd noted that rebooting the \
appliance does not reapply the internal rules, which can easily be forgotten, and \
would need to be remembered if you run a VMWare HA policy that restarts the guest.



That all being said the worst that we have seen are various SSH attempts (on any \
port, the zone tunnel, administrative SSH, doesn't matter) until the rules are put \
back up. We could tighten them on the border once that becomes available to do so.



The B2BUA is invoked on calls within the appliances sometimes which can cause some \
confusion with attempting to read logging if need be, but it hasn't otherwise caused \
us any trouble.



Adam







From: Ryan Huff <ryanhuff@outlook.com<mailto:ryanhuff@outlook.com>>
Sent: Tuesday, April 30, 2019 10:13 AM
To: Pawlowski, Adam <ajp26@buffalo.edu<mailto:ajp26@buffalo.edu>>
Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Expressway E Firewall Rule Activation



That seems odd and not been my experience. Let me ask; why are you using the \
application firewall rather than the actual firewall (another reason all our edge's \
should be using dual interfaces with LAN1 and LAN2 in their own separate security \
zones)? Is there a reason you have to, in other words?

Thanks,



Ryan

On Apr 30, 2019, at 08:49, Pawlowski, Adam \
<ajp26@buffalo.edu<mailto:ajp26@buffalo.edu>> wrote:

Figured I'd also ask this question



I note that it seems like any time I reboot an Expressway E, I have to go and \
re-activate all the firewall rules. They don't seem to activate automatically.



Is there something I missed or is this really what's necessary?



Adam





_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fma \
ilman%2Flistinfo%2Fcisco-voip&amp;data=02%7C01%7C%7C3fcc9eb351fe41b70dfc08d6cd6a4a65%7 \
C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922253726465693&amp;sdata=72kYzwChhoFD1 \
4H6a6mRTn4TdHUcMDcFWrMSXpRo%2Btw%3D&amp;reserved=0<https://eur01.safelinks.protection. \
outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data= \
02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7 \
C0%7C636922422183649818&sdata=rfseED4dMSZymuoVW%2BrtbugOj4FoZ9pKooPwyF3Fafc%3D&reserved=0>


_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://eur01.safelinks.protection \
.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data \
=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1% \
7C0%7C636922422183669827&sdata=tkhF0mIVJuNq6B%2BZkgFeyn%2Bf81X5cqG%2F9OeXFfUDpN4%3D&reserved=0>



[Attachment #5 (text/html)]

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} \
</style> </head>
<body dir="ltr">
<br>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <a id="OWAAM646086" class="_3wBKpPYkzIctGJaYbD3AwM mention \
ms-bgc-nlr ms-fcl-b" href="mailto:avholloway&#43;cisco-voip@gmail.com">@Anthony \
Holloway</a> You are correct. Whether Expressway Control crosses a network boundary \
or not to talk to Expressway Edge (LAN1),  its still communicating; it just doesn't \
have the additional network boundary (that it <i>traverses</i>) for protection (where \
the ACLs live). In essence, if someone compromised the Expressway Edge, they could \
also in theory, get to the Expressway Control server since edge LAN2 inherently talks \
to edge LAN1. Since many customers put the Expressway  Control server on the same \
network as the rest of the UC servers... yikes.<br> <br>
The LAN1 DMZ (or at least a separate network with ACLs if you can't do a true \
security context) is very important in the dual NIC design. On the occasions where \
I've found customers with Expressway Control and Edge (LAN1) in the same network, I \
have advised  them to change that to a DMZ or just separate network with ACLs (which \
is usually sufficient) ... anything to get some type of barrier between Expressway \
Control and Edge (LAN1). <br>
<br>
That said, &quot;Expressway on a Stick&quot; works just fine barring limitations to \
&quot;hairpinning&quot; in whatever the firewall is; though it is not the Cisco \
recommended deployment model in the documentation. Every Expressway deployment should \
try to achieve two security  contexts on the edge (or isolated networks with \
ACLs).&nbsp; <br> </div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div id="Signature">
<div></div>
-Ryan
<div>
<div id="appendonsend"></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, \
sans-serif" color="#000000"><b>From:</b> Jeffrey McHugh \
&lt;jmchugh@fidelus.com&gt;<br> <b>Sent:</b> Tuesday, April 30, 2019 1:29 PM<br>
<b>To:</b> Ryan Huff; Anthony Holloway<br>
<b>Cc:</b> cisco-voip@puck.nether.net; Pawlowski, Adam<br>
<b>Subject:</b> RE: [EXT] Re: [cisco-voip] Expressway E Firewall Rule \
Activation</font> <div>&nbsp;</div>
</div>
<div lang="EN-US">
<div class="x_WordSection1">
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> I see a mixture of both \
and insist on the dual, even it means pushing back an implementation. </p>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> &nbsp;</p>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> TAC recommends the dual \
and the advanced networking guide calls that out, along with "not all firewalls \
support the singe NIC type of NAT", &nbsp;it uses about triple the bandwidth per call \
and I don't think you can cluster them w only single NIC </p>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> &nbsp;</p>
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; font-size:10pt; font-family:ARIAL"> <font \
face="Calibri"><strong>Jeffrey McHugh</strong> | Sr. Collaboration Consulting \
Engineer </font></p>
<div style="font-size:11pt; font-family:'Calibri','sans-serif'; color:black" \
align="left"> <a href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F% \
2Fwww.fidelus.com%2F&amp;data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7f \
e9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183579759&amp;sdata=12L445HKngUMa7KgEKAHcJ1Q8B2juxp0QnlgqCel9%2FY%3D&amp;reserved=0" \
originalsrc="http://www.fidelus.com/" \
shash="lLCOuuZusjT5td5u7M8IOEfgx2/6yyg0&#43;d5TmbLVbZw018VOX02uGgOvpGTu/7oes7HlyWmhQeR \
EmWZQWJfpdXRpRjPNSyU6dnIqzpHk6&#43;T2N&#43;bIGELuOwJPoCUmiS8e1zoBTIcIaz/DpIA2tH6rWxiT9VZqaEaLR90dqI4JjOs="><font \
size="3" face="Calibri"><img alt="Company_Logo_Image" style="height:70px; \
width:155px; margin:0px" border="0" data-outlook-trace="F:1|T:1" \
src="cid:51bcf6eb-27cf-41d1-b704-69e32581e5be"></font></a><font size="2"><font \
face="Calibri"><strong><font size="3"></font></strong></font></font></div> <div \
style="font-size:11pt; font-family:'Calibri','sans-serif'; color:black" align="left"> \
<font size="2"><strong><font size="3">Fidelus Technologies, LLC</font></strong><br> \
<font color="#4d4d4f"><span style="font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif"><font size="3" color="#000000">Named \
</font><a href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.f \
idelus.com%2Ffidelus-technologies-named-best-unified-communications-provider-in-the-us \
a%2F&amp;data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaa \
aaaaaaaa%7C1%7C0%7C636922422183589770&amp;sdata=dX1CbaWKZbL5%2F3gTq2nHG%2BF9GA01Y%2BzZmtxBJ7WbnVs%3D&amp;reserved=0" \
originalsrc="http://www.fidelus.com/fidelus-technologies-named-best-unified-communications-provider-in-the-usa/" \
shash="kssJqE4bRUKPz0VKBUFrz5z&#43;CtnLtX0Wl1vYEiOVhgSw8lR956ChrhXNbBsI/RjGT4oI1GwLvCM \
solNsYH9QzxOxWhJM1hIXdx7egiFc2fB4x6eTTM0Hr8sfazdeMQuIy6ZjcSdsiljywH&#43;YzXuRlKSknJZRmchL419lH6KCHw4="><font \
size="3" color="#0563c1">Best  UC Provider in the \
USA</font></a></span></font></font></div> <div style="font-size:11pt; \
font-family:'Calibri','sans-serif'; color:black" align="left"> <font size="2"><font \
face="Calibri"><font face="Calibri" color="#4d4d4f"><span style="font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif"></span>240 West 35th Street, 6th Floor, \
New York, NY 10001</font></font></font> </div>
<div style="font-size:10pt; font-family:'Calibri','sans-serif'; color:#4d4d4f" \
align="left"> <font color="#4d4d4f"><strong>&#43;1-212-616-7801</strong> office | \
<strong>&#43;1-212-616-7850 </strong>fax | <a title="" \
href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fidelus.com \
%2F&amp;data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaa \
aaaaaaa%7C1%7C0%7C636922422183599775&amp;sdata=la9a%2F2nGCB%2BUBT6JxxSuLZodhixLK2qY4bVW9ws1PtU%3D&amp;reserved=0" \
originalsrc="http://www.fidelus.com/" \
shash="ktVtwXgEiBZc1ssaWQerOuJedDH6d526ne4UvggkpigtVUeQC9jCTUSQNG7fTumucJfhv1fr/g4bl44 \
kQr999I7dTJV5CB4l4jJAG9&#43;cgpURKNT4SwP&#43;23y0FbwFsRZ435h52R5lZXGeGDua1B2UwwVzDuIosSATp32Z6hGZ48U=" \
style="color:#4d4d4f"> www.fidelus.com</a></font></div>
<div style="font-size:10pt; font-family:'Calibri','sans-serif'; color:black" \
align="left"> <a href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F% \
2Fwww.linkedin.com%2Fcompany%2Ffidelus-technologies%2Fproducts&amp;data=02%7C01%7C%7Cf \
85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422 \
183609786&amp;sdata=Ho6IAzCFVh4UkBZdoMw8%2Bd0I5K0SavdgAZ7MuxwnI4I%3D&amp;reserved=0" \
originalsrc="http://www.linkedin.com/company/fidelus-technologies/products" \
shash="A3ZkIktnBwmu5zLYU/2xbr0xetBW5oCt08Mj1b7EhO6FWKYw23X95pMefm/&#43;4vKvR8LgbpdIswl \
YR1jlB6mtVF/5rVjkQ3pYCcuvKoFFN9&#43;zzVWcuDwRMK3DzuIGmwTJDHsXzKRHkWbDzMqDDtn25oCMRY4G927nkex6DPMkeLM="><font \
face="Calibri"><img alt="LinkedIn" style="height:40px; width:40px; margin:0px" \
border="0" data-outlook-trace="F:1|T:1" \
src="cid:40bdeb8d-b568-4e1a-9464-24bae02a245c"></font></a><a \
href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.twitter.com \
%2FFidelusUCC&amp;data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640a \
fb435aaaaaaaaaaaa%7C1%7C0%7C636922422183619791&amp;sdata=WJ3mKlMcZ3QwuiiJ%2B4pt6wK6Exmw4JCKwNRNpmrqacU%3D&amp;reserved=0" \
originalsrc="http://www.twitter.com/FidelusUCC" \
shash="I&#43;jQWwY/PsB5upA2xeSfEADqYzAfLkg4BTMgduR0XsQeQLOLzmhzcwXNgyl3mfYJcDdRZjU&#43 \
;fGiwq5BE9BxSkFYPiKd1EtFPa6a93L1y9QmjPI/AULgqvkX1KJdH&#43;dqNg1k&#43;UbI68TUgB41GmJgrxvkT5LNfrUnfZ7Z2DoaU5Ms="><font \
face="Calibri"><img alt="Twitter" style="height:40px; width:40px; margin:0px" \
border="0" data-outlook-trace="F:1|T:1" \
src="cid:6726716b-ab83-4a7d-ae2c-f7ab0c5794b6"></font></a><a \
href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.co \
m%2FFidelusUCC&amp;data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640 \
afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183629802&amp;sdata=I%2FnjBEdwRJKy3zsEI41fW%2BZAQeOkiLcbWffpF%2BlQYP8%3D&amp;reserved=0" \
originalsrc="http://www.facebook.com/FidelusUCC" \
shash="CMQwX&#43;CpLdsKRNS7Q3yqRCr5&#43;CPgkPTiz/87gI0EKp7u0Q8IfzMRUOh3m4rnhQ7oOubh0QT \
WJVqw&#43;tNsAYiggIljx12FeAeKD6h750EvuXpPA5Jj4PWRBS80jIFJxmJIxcznbLOEfI15IGKVvf39khBsa3p4gvTkjrphsJzGPto="><font \
face="Calibri"><img alt="Facebook" style="height:40px; width:40px; margin:0px" \
border="0" data-outlook-trace="F:1|T:1" \
src="cid:900f704d-d079-427a-905f-1c472988dc23"></font></a><a \
href="https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.youtube.com \
%2FFidelusTraining&amp;data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9 \
f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183639807&amp;sdata=Vckk3PrVKllvNCL8ol%2Bs9O%2BGF%2FjneLYtPe6wcJyUSow%3D&amp;reserved=0" \
originalsrc="http://www.youtube.com/FidelusTraining" \
shash="RXBEUZRETe9zIThuAhOw5VNjG9k6ArUMgvj3kHW19boTNxNiDG7N2yFfB&#43;YbxZUePKSQ&#43;9f \
6UMFWDv4UbRuenYxEH0eUaaycLCRj9H5vgFiiJmbqDhqtf5jvZhoKcyza&#43;6Gqe/kPmBZEOnPD6hzw6nYi1LMVk2tCvXMbcs&#43;ZQqI="><font \
face="Calibri"><img alt="YouTube" style="height:40px; width:40px; margin:0px" \
border="0" data-outlook-trace="F:1|T:1" \
src="cid:922fd257-11f4-4fac-8a20-4c680533782b"></font></a></div> <p \
style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; font-size:10pt; font-family:ARIAL"> </p>
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; font-size:10pt; font-family:ARIAL"> </p>
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; font-size:10pt; font-family:ARIAL"> Disclaimer - This email and \
any files transmitted with it are confidential and intended solely for the person(s) \
addressed to.&nbsp;If you are not the named addressee you should not disseminate, \
distribute, copy or alter this email. Any views or opinions presented  in this email \
are solely those of the author and might not represent those of Fidelus Technologies, \
LLC. Warning: Although Fidelus Technologies, LLC has taken reasonable precautions to \
ensure no viruses are present in this email, the company cannot accept  \
responsibility for any loss or damage arising from the use of this email or \
attachments.</p> <div>
<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> <b>From:</b> cisco-voip \
&lt;cisco-voip-bounces@puck.nether.net&gt; <b>On Behalf Of </b> Ryan Huff<br>
<b>Sent:</b> Tuesday, April 30, 2019 12:33 PM<br>
<b>To:</b> Anthony Holloway &lt;avholloway&#43;cisco-voip@gmail.com&gt;<br>
<b>Cc:</b> cisco-voip@puck.nether.net; Pawlowski, Adam &lt;ajp26@buffalo.edu&gt;<br>
<b>Subject:</b> [EXT] Re: [cisco-voip] Expressway E Firewall Rule Activation</p>
</div>
</div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> &nbsp;</p>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> Not generally, no. A \
couple of my larger customer's that have fully fleshed out IT departments did though. \
</p> <div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> &nbsp;</p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> For a few of my \
customers I've had to walk them through setting a 2nd one up. In some cases, not even \
a true DMZ and just a new network and lock it down with ACLs.</p> </div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> &nbsp;</p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif; margin-bottom:12.0pt"> \
I've also had customer's which do the DMZ on "LAN2" (outside), and then keeps LAN1 in \
the same network as Expressway-C. This particular method doesn't offer a lot of \
advantages (from a infosec perspective) over a "Single NIC", but still makes the \
traffic flow  more logical, easier to support and troubleshoot and keeps you from \
having to "hairpin" in the firewall (ewww, like gag me with a spoon man lol), which I \
have never been a fan of from a design perspective.</p> <div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
                font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif">
-Ryan</p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif; margin-bottom:12.0pt"> \
<br> On Apr 30, 2019, at 12:12, Anthony Holloway &lt;<a \
href="mailto:avholloway&#43;cisco-voip@gmail.com">avholloway&#43;cisco-voip@gmail.com</a>&gt; \
wrote:</p> </div>
<blockquote style="margin-top:5.0pt; margin-bottom:5.0pt">
<div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> Ryan, </p>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> &nbsp;</p>
</div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> Do you have any insight \
as to whether or not it's common for Firewalls in the field to already have more than \
one DMZ defined?&nbsp; In my limited experience, I have never seen it done, and I am \
having to have that second DMZ created to support Expressway.&nbsp; For  that reason, \
I actually tend to think the single NIC approach is better, although, the NAT \
reflection could be a limitation of some firewalls.</p> </div>
</div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> &nbsp;</p>
<div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> On Tue, Apr 30, 2019 at \
11:09 AM Ryan Huff &lt;<a \
href="mailto:ryanhuff@outlook.com">ryanhuff@outlook.com</a>&gt; wrote:</p> </div>
<blockquote style="border:none; border-left:solid #CCCCCC 1.0pt; padding:0in 0in 0in \
6.0pt; margin-left:4.8pt; margin-right:0in"> <div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> <span \
style="font-size:12.0pt; color:black">Adam,</span></p> </div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> <span \
style="font-size:12.0pt; color:black">&nbsp;</span></p> </div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> <span \
style="font-size:12.0pt; color:black">I certainly didn't mean to imply the, \
&quot;Expressway Edge on a Stick&quot; method doesn't work, though out of pure \
technical curiosity, I would be curious as to what exists in your environment that \
would make a &quot; single NIC&quot;  Expressway Edge deployment more preferred than \
&quot;dual NICs&quot; (not that I expect you would or could say). I can think of very \
few reasons&nbsp;that a single NIC edge would be more ideal than a dual NIC edge \
(outside of the infosec team just not wanting to screw with  the firewall, or \
production not being able to sustain a maintenance window); its easier to \
troubleshoot, easier to install, easier to support and easier to secure.<br> <br>
Though, I suspect I'm, &quot;preaching to the choir&quot;, lol </span><span \
style="font-size:12.0pt; font-family:&quot;Segoe UI Emoji&quot;,sans-serif; \
color:black">😉</span><span style="font-size:12.0pt; color:black">. All good my \
friend.</span></p> </div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> <span \
style="font-size:12.0pt; color:black">&nbsp;</span></p> </div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> <span \
style="font-size:12.0pt; color:black">Thanks,</span></p> </div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> <span \
style="font-size:12.0pt; color:black">&nbsp;</span></p> </div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> <span \
style="font-size:12.0pt; color:black">Ryan</span></p> </div>
<div id="x_gmail-m_6919030558253542370Signature">
<div>
<div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> <span \
style="font-size:12.0pt; color:black">&nbsp;</span></p> </div>
<div class="x_MsoNormal" style="margin:0in 0in 0.0001pt; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; text-align:center" align="center"> <hr \
width="98%" size="2" align="center"> </div>
<div id="x_gmail-m_6919030558253542370divRplyFwdMsg">
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> <b><span \
style="color:black">From:</span></b><span style="color:black"> Pawlowski, Adam &lt;<a \
href="mailto:ajp26@buffalo.edu" target="_blank">ajp26@buffalo.edu</a>&gt;<br> \
<b>Sent:</b> Tuesday, April 30, 2019 11:36 AM<br> <b>To:</b> 'Ryan Huff'<br>
<b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net" \
target="_blank">cisco-voip@puck.nether.net</a><br> <b>Subject:</b> RE: [cisco-voip] \
Expressway E Firewall Rule Activation</span> </p> <div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> &nbsp;</p>
</div>
</div>
<div>
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">Ryan,</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">&nbsp;</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">The "tl;dr" is that we were sort of given the recommendation by \
Cisco to just run it with the single interface given our environment and \
requirements, and hasn't given us any trouble that I can recall.</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">&nbsp;</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">Long story is … </span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D"><br> Our environment ends up being the driver for a lot of \
this, as it is sort of a historic design from the early internet, with just about \
everything on public address space, and various services and networks secured behind \
firewalls as needed from internal and  external alike. </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">&nbsp;</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">In the dual interface design, the outside interface sits in a \
"DMZ" with a firewall, which we don't have available explicitly. There is a border \
firewall but that isn't really its function. The inside leg has to sit somewhere as  \
well, which is a place that doesn't exist.&nbsp; </span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D"><br> We did have a competitor's border proxy become compromised \
in the past due to a software update, and this model where the inside wasn't properly \
secured – and given our current VMWare topology, creating another zone to hairpin \
traffic around to separate that  inside interface wasn't in the cards. Not to mention \
the annoyance of trying to setup split routes on this device to allow some traffic to \
go in, some to go out, in an environment that is MRA only.</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">&nbsp;</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">If you trust the E enough never to be a bad actor, then you \
could put that interface in the same zone as your other collaboration appliances, \
like the Expressway C, but, we didn't want to do that either really.</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">&nbsp;</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">Given that, we did have a call with Cisco to discuss this, and \
with representation from the Expressway group they recommended that we stick with the \
single interface design.&nbsp; That was based on the public addressing (so we could \
avoid  NAT reflection) and that despite the pipe dream of everyone wanting HD video \
calling and mobile client access, we didn't see that we'd be pushing that much \
traffic.</span></p> <p class="x_gmail-m6919030558253542370xmsonormal" \
style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">&nbsp;</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">As it is, the E clusters sit in a collaboration DMZ, where they \
are independent from any of our other appliances and treated like any other host on \
our network. Our application firewalls do not allow anything in from the Expressway  \
E since the C tunnels to it, so really the only thing lacking from a security \
standpoint there could be containment of that host, but, we chose to guard from it \
instead. </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">&nbsp;</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">Since we installed it back on X8.8 or whatever, I'd noted that \
rebooting the appliance does not reapply the internal rules, which can easily be \
forgotten, and would need to be remembered if you run a VMWare HA policy that \
restarts  the guest. </span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">&nbsp;</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">That all being said the worst that we have seen are various SSH \
attempts (on any port, the zone tunnel, administrative SSH, doesn't matter) until the \
rules are put back up. We could tighten them on the border once that becomes \
available  to do so.</span></p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">&nbsp;</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">The B2BUA is invoked on calls within the appliances sometimes \
which can cause some confusion with attempting to read logging if need be, but it \
hasn't otherwise caused us any trouble.</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">&nbsp;</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">Adam</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">&nbsp;</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">&nbsp;</span></p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="color:#1F497D">&nbsp;</span></p> <div style="border:none; border-left:solid \
blue 1.5pt; padding:0in 0in 0in 4.0pt"> <div>
<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> \
<b>From:</b> Ryan Huff &lt;<a href="mailto:ryanhuff@outlook.com" \
target="_blank">ryanhuff@outlook.com</a>&gt; <br>
<b>Sent:</b> Tuesday, April 30, 2019 10:13 AM<br>
<b>To:</b> Pawlowski, Adam &lt;<a href="mailto:ajp26@buffalo.edu" \
target="_blank">ajp26@buffalo.edu</a>&gt;<br> <b>Cc:</b> <a \
href="mailto:cisco-voip@puck.nether.net" \
target="_blank">cisco-voip@puck.nether.net</a><br> <b>Subject:</b> Re: [cisco-voip] \
Expressway E Firewall Rule Activation</p> </div>
</div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> \
&nbsp;</p> <p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin-right:0in; margin-bottom:12.0pt; \
margin-left:0in"> That seems odd and not been my experience. Let me ask; why are you \
using the application firewall rather than the actual firewall (another reason all \
our edge's should be using dual interfaces with LAN1 and LAN2 in their own separate \
security zones)? Is&nbsp;there  a reason you have to, in other words?</p>
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> \
Thanks,</p> </div>
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> \
&nbsp;</p> </div>
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> \
Ryan</p> </div>
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin-right:0in; margin-bottom:12.0pt; \
margin-left:0in"> <br>
On Apr 30, 2019, at 08:49, Pawlowski, Adam &lt;<a href="mailto:ajp26@buffalo.edu" \
target="_blank">ajp26@buffalo.edu</a>&gt; wrote:</p> </div>
<blockquote style="margin-top:5.0pt; margin-bottom:5.0pt">
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> \
Figured I'd also ask this question</p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> \
&nbsp;</p> <p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> I \
note that it seems like any time I reboot an Expressway E, I have to go and \
re-activate all the firewall rules. They don't seem to activate automatically. </p>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> \
&nbsp;</p> <p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> Is \
there something I missed or is this really what's necessary?</p> <p \
class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; margin-bottom: \
0px;margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-top:0px; margin-bottom:0px; margin-top:0px; margin-bottom:0px; \
margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> \
&nbsp;</p> <p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> \
Adam</p> <p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> \
&nbsp;</p> <p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> \
&nbsp;</p> </div>
</blockquote>
<blockquote style="margin-top:5.0pt; margin-bottom:5.0pt">
<div>
<p class="x_gmail-m6919030558253542370xmsonormal" style="margin-top: 0px; \
margin-bottom: 0px;margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-right:0in; margin-left:0in; font-size:11pt; \
font-family:&quot;Calibri&quot;,sans-serif; margin:0in; margin-bottom:.0001pt"> <span \
style="font-size:12.0pt; font-family:&quot;Times New \
Roman&quot;,serif">_______________________________________________<br> cisco-voip \
mailing list<br> <a href="mailto:cisco-voip@puck.nether.net" \
target="_blank">cisco-voip@puck.nether.net</a><br> <a \
href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.ne \
t%2Fmailman%2Flistinfo%2Fcisco-voip&amp;data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd91 \
8314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183649818&amp;sdata=rfseED4dMSZymuoVW%2BrtbugOj4FoZ9pKooPwyF3Fafc%3D&amp;reserved=0" \
originalsrc="https://puck.nether.net/mailman/listinfo/cisco-voip" \
shash="TuTA&#43;1Szka5Yq/Kr5muGC2iJIH18x73q/8kIdIEc2Ne&#43;NP5hdBquK079D8Yvfim2wZfVtWB \
AIrvZe5mYdJ4kIPUdndL3OJGa12flPC3wY2xWcEIOJHvwXn8QSY5xd6WrvpyqAkI/CLA356EKqzisdbY&#43;BAVq4&#43;V4qdAzxg5DuFE=" \
target="_blank">https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck \
.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&amp;amp;data=02%7C01%7C%7C3fcc9eb351fe41 \
b70dfc08d6cd6a4a65%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922253726465693&amp \
;amp;sdata=72kYzwChhoFD14H6a6mRTn4TdHUcMDcFWrMSXpRo%2Btw%3D&amp;amp;reserved=0</a></span></p>
 </div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin-top:0px; \
margin-bottom:0px; margin-top:0px; margin-bottom:0px; margin:0in 0in 0.0001pt; \
font-size:11pt; font-family:&quot;Calibri&quot;,sans-serif"> \
_______________________________________________<br> cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" \
target="_blank">cisco-voip@puck.nether.net</a><br> <a \
href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.ne \
t%2Fmailman%2Flistinfo%2Fcisco-voip&amp;data=02%7C01%7C%7Cf85c7280f60040476fa308d6cd91 \
8314%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636922422183669827&amp;sdata=tkhF0mIVJuNq6B%2BZkgFeyn%2Bf81X5cqG%2F9OeXFfUDpN4%3D&amp;reserved=0" \
originalsrc="https://puck.nether.net/mailman/listinfo/cisco-voip" \
shash="C5bSPJhsKFnKn9E0eQ6E11RDKzUCF69Z7GLlL2zym5TeW7&#43;V1q1bCuKo3mUdhGWHqy9IqB6awU4 \
zKowi2SvHXck0iO2BIkCb9IOpvbyTxOdFsIq1f3NyBay698zEysw9jjLImQrPPkHtMO7sxOnc9u4nNW6IounlWOeIwxaTcGc=" \
target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a></p> \
</blockquote> </div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</body>
</html>


["Outlook-Company_Lo.png" (image/png)]
["Outlook-LinkedIn.png" (image/png)]
["Outlook-Twitter.png" (image/png)]
["Outlook-Facebook.png" (image/png)]
["Outlook-YouTube.png" (image/png)]

_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

--===============6510753728241877034==--

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic