I have a client who has IM&P version 11.5.1SU5 configured with SIP interdomain federation to 40+ extremal Microsoft client domains (SfB) via Expressway X12.5.6.
The client started complaining that some users are getting IM messages from non-federated domains.
I did some research and below is the summary and options for this issue that I would like to share here:
I have tested and confirmed that this issue is a limitation of Cisco solution for SIP Federation. Cisco has not designed the IM&P or Expressway applications to allow blocking of external domains for SIP federation as they did for XMPP federation, nor they have this on their application enhancement list.
For XMPP federation there is an option on Expressway-E to create a list of “Federated domains deny list”, see screenshot below:
Considering the above, I have tried to escalate internally and provide with possible workaround to overcome this limitation.
There are some workarounds that could be used to alleviate this issue, as per below:
- Option #1: Configure Call Policy Rules (CPRs) on Expressway E to allow all the domains that the traffic of the solution should be allowed to/from (federated domains, Webex, B2B domains) and then create a rule to block anything else (.*@.*) > The caveats of this options are:
- This would require maintenance (any time a domain is added for federation or B2B, a Call Policy Rule should be added to the list;
- The risk of this option is that misconfiguration of the priority/order of Call Policy Rules could impact the functionality of features provided by Expressways (Jabber MRA, Federation, Webex, B2B).
- Option #2: Create a rule for each external domain to be blocked. The caveats of this option are:
- This is a reactive measure.
- It is not a scalable solution.
- Option #3: Use Jabber Client to create a list of block domains as required. See screenshot below:
The caveats of this option are:
- This is at individual/user level.
- It is a Reactive solution.
No comments:
Post a Comment
What do you think about it