Cisco Cisco TelePresence Video Communication Server Expressway Maintenance Manual
■
Addresses are blocked against only the peer on which the access failures occurred. This means that if an
address is blocked against one peer it may still be able to attempt to access another peer (from which it may
too become blocked).
address is blocked against one peer it may still be able to attempt to access another peer (from which it may
too become blocked).
■
A blocked address can only be unblocked for the current peer. If an address is blocked by another peer, you
must log in to that peer and then unblock it.
must log in to that peer and then unblock it.
■
Category settings and the exemption list are applied across the cluster.
■
The statistics displayed on the Automated detection overview page are for the current peer only.
Automated Protection in MRA Deployments
The VCS Control receives a lot of inbound traffic from Unified CM and from the VCS Expressway when it is used for
Mobile and Remote Access.
Mobile and Remote Access.
If you want to enable automated protection on the VCS Control, you should add exemptions for all hosts that use the
automatically created neighbor zones and the Unified Communications secure traversal zone. The VCS does not
automatically create exemptions for discovered Unified CM or related nodes.
automatically created neighbor zones and the Unified Communications secure traversal zone. The VCS does not
automatically create exemptions for discovered Unified CM or related nodes.
Additional Information
■
When a host address is blocked and tries to access the system, the request is dropped (the host receives no
response).
response).
■
A host address can be blocked simultaneously for multiple categories, but may not necessarily be blocked by
all categories. Those blocks may also expire at different times.
all categories. Those blocks may also expire at different times.
■
When an address is unblocked (either manually or after its block duration expires), it has to fail again for the
full number of times as specified by the category's trigger level before it will be blocked for a second time by
that category.
full number of times as specified by the category's trigger level before it will be blocked for a second time by
that category.
■
A category is reset whenever it is enabled. All categories are reset if the system is restarted or if the automated
protection service is enabled at the system level. When a category is reset:
protection service is enabled at the system level. When a category is reset:
—
Any currently blocked addresses are unblocked.
—
Its running totals of failures and blocks are reset to zero.
■
You can view all Event Log entries associated with the automated protection service by clicking View all
intrusion protection events on the Automated detection overview page.
intrusion protection events on the Automated detection overview page.
Network Services
Configuring System Name and Access Settings
The System administration page (System > Administration) is used to configure the name of the VCS and the means
by which it is accessed by administrators.
by which it is accessed by administrators.
System Settings
System name
The System name is used to identify the VCS. It appears in various places in the web interface, and in the display on
the front panel of the unit (so that you can identify it when it is in a rack with other systems). The System name is also
used by Cisco TMS.
the front panel of the unit (so that you can identify it when it is in a rack with other systems). The System name is also
used by Cisco TMS.
We recommend that you give the VCS a name that allows you to easily and uniquely identify it.
Ephemeral port range
You can specify the Ephemeral port range start and end values. This defines the port range to use for ephemeral
outbound connections not otherwise constrained by VCS call processing.
outbound connections not otherwise constrained by VCS call processing.
39
Cisco TelePresence Video Communication Server Administrator Guide
Network and System Settings