RE: NetScreen XP and NetMeeting

["HOULE, FRANCIS" <francis.houle () bell ca>]

Hello,

I beleive Netmeeting is using H.323.  There is a support for H.323
sessions in the Netscreen.  If you configure that support you will not
have to open all those dynamic ports.  It will track the session and
allow the ports to be open dynamically.  That way, you are a lot more
secure than openning a range of ports permenently. 


--
Francis Houle
Conception Interréseautage
Bell Canada


-----Original Message-----
From: Sarbjit Singh Gill [mailto:ssgill () gilltechnologies com] 
Sent: 12 décembre, 2002 08:59
To: Rick Darsey; security-basics () lists securityfocus com
Subject: RE: NetScreen XP and NetMeeting


Greetings and thanks for the reply.


To give you folks some more details:

The NetScreen 5XP does not support a DMZ:Only trusted and untrusted
interfaces.

I have a ADSL router/modem. There is no NetMeeting server. What my
client would like to do is use the built-in netmeeting client in Windows
to "chat/talk(audio)/see(video)/remote control/share application with
another person on the internet with similar software. I believe this
no-server scenario can hold up 20 people in a single chat session. It is
similar when one stars the netmeeting from MSN Messenger.

Cheers

Gill

-----Original Message-----
From: Rick Darsey [mailto:rdarsey () aims1 com]
Sent: Thursday, December 12, 2002 9:49 PM
To: ssgill () gilltechnologies com
Subject: RE: NetScreen XP and NetMeeting


Gill,


What is the layout of your network. Do you have a router and a firewall,
or is the router acting as the firewall. If you have both, would it be
possible to place the Netmeeting server outside of the firewall, between
it and the router?  Depending on the type of OS, ie Windows 2000 server,
etc., there are some filtering capabilities within the OS that will let
you limit the traffic to the server.

Just an idea.

Rick

-----Original Message-----
From: Sarbjit Singh Gill [mailto:ssgill () gilltechnologies com]
Sent: Wednesday, December 11, 2002 5:19 PM
To: Rick Darsey
Subject: RE: NetScreen XP and NetMeeting


Greetings Rick,

The NS XP does not support a DMZ.

Gill

-----Original Message-----
From: Rick Darsey [mailto:rdarsey () aims1 com]
Sent: Thursday, December 12, 2002 6:22 AM
To: ssgill () gilltechnologies com; security-basics () lists securityfocus com
Subject: RE: NetScreen XP and NetMeeting


I would think you could setup the NetMeeting server in a DMZ zone
outside of the firewall, and then turn on keep state on the firewall to
allow users within the LAN to connect, but I am not sure about the keep
state part.

Rick Darsey

-----Original Message-----
From: Sarbjit Singh Gill [mailto:ssgill () gilltechnologies com]
Sent: Wednesday, December 11, 2002 1:37 PM
To: security-basics () lists securityfocus com
Subject: NetScreen XP and NetMeeting


Greetings,

As the subject goes, i need to get net meeting to work via NetScreen. I
found a KB
article(http://support.microsoft.com/default.aspx?scid=kb;en-us;158623)
but it seems to show, i had to open a whole range of ports. I am
skeptical about that!

e.g..
Pass through primary TCP connections on ports 522, 389, 1503, 1720 and
1731. Pass through secondary UDP connections on dynamically assigned
ports (1024-65535).

the above shows a whole range of ports that i have to open. Is there a
work around.

Kind Regards
Gill

Attachment: smime.p7s
Description: