08-08-2014 10:45 AM
We've had a situation pop-up when a video call is happening between two internal sites, where an incoming call window will pop-up (4-8 times in a 2 hour meeting), that incoming call is listed as the gateway IP. We've create a DMZ subnet for video conferencing/calls that allows outside calls, nothing blocked. Obviously this message is concerning as it could be an outside threat trying to gain access into our network. So my questions are: has anyone experienced this? Is it a bug in the equipment software or should it be viewed as an infiltration attack? Is there a way to configure access so that outside calls can be accepted without risking infiltration? Currently the meeting attendees just decline the call attempt.
As I mentioned this seems to only happen when the video calls are between two internal sites. The equipment on one site is a Soundstation 2 with a module connecting to both the wall jack and Soundstation 2. The equipment ont the other sides is a Soundstation Premier, with no module.
I have part and serial numbers of each unit, but unfortunately I can't provide software revs at this time. I'm a networking engineer brought into this because of the incoming gateway call, not the person who maintains the rev levels on the devices themselves.
08-09-2014 02:03 PM
welcome to the Polycom Community.
I am unsue how the SoundStations would have anything to do with any messages on the screens as they are both analog Phones that would have no real connection to a codec.
In addition it would be usefull to know what Video codecs we are discussing here.
A wireshark trace from a spanned port should show you what IP address the call is coming from and also if this is a SIP call or a H.323.
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Polycom Global Services