Different fi rewall vendors support transparent fi rewalling in
different ways, so consult your vendor for details on how to confi gure transparent fi rewalling.
If your fi rewall doesn??™t support a transparent mode, you will need to fi nd a different way
to secure your server. Under no circumstances should you put your Edge Server??™s A/V NIC
on your public Internet segment without protection; this would be a major security risk.
Instead, you may want to consider some other form of protection, such as a software-based
fi rewall.
Configuring the Edge Server ??? Chapter 5 169
It is critical that you use a publicly routable IP address for the A/V service; using a private
address via NAT will cause unpredictable results with external users and voice/video calls as
well as Live Meeting audio and video. I have tested a private IP address for the A/V service
and encountered issues each time. In fact, I opened a support case with Microsoft Support
and the fi rst thing the engineer told me was that I needed to change the IP address to a
public one. I protested to him that it shouldn??™t matter, but he correctly pointed out that the
requirements are the requirements. I took his suggestion and within minutes of changing to
a public IP, all of my A/V Edge problems disappeared.
Using ISA Server
OCS 2007 uses ISA to publish the address book to external users. The front-end server
compiles an address book that contains a list of all the users in your organization. Each time
users log in to their OCS clients, they receive a new copy of the address book from the server.
Pages:
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219