Having trouble placing or receiving calls or using your voicemail system on Ooma Telo VoIP Phones? Post your questions here.
#84086 by tomcat
Wed Jul 06, 2011 6:31 am
ameneses54 wrote:Considering that allocating the OOMA to the DMZ is the only option that has worked for me,I really don't have much on the table, except loose $200 and trash the OOMA.

Arturo

The DMZ is not ideal and should be used as a last resort. And, while highly unusual, your particular setup may require that. That is fine as long as you also understand that there are some risks involved and you take steps to protect yourself. (A DMZ basically opens a hole through your router allowing unsolicited traffic through.) As thunderbird mentioned in his last post be sure that you are running anti-virus on all of your PC, but more importantly, be sure you are running a firewall on those PCs as well.
#84088 by ameneses54
Wed Jul 06, 2011 7:07 am
What's unfortunate is that I suppose that hundreds or thousands that subscribe to Uverse and as such have the 2Wire incorporated modem/router may have the same problem I described.
Thanks for your guidance
#84092 by murphy
Wed Jul 06, 2011 8:50 am
Putting Ooma in a router's DMZ is no more dangerous than putting Ooma in front of a router.
#84094 by tomcat
Wed Jul 06, 2011 9:01 am
murphy wrote:Putting Ooma in a router's DMZ is no more dangerous than putting Ooma in front of a router.

For the ooma device itself, I agree 100%. However, putting the Ooma in front of the router does allow the router to continue protecting the LAN. But, opening up the DMZ on a consumer router where the LAN has no isolation from the device in the DMZ (ooma or otherwise) may lead to exploits for the rest of the LAN. I'm just saying this needs to be taken into consideration before blindly opening the DMZ for any device.
#84098 by thunderbird
Wed Jul 06, 2011 9:49 am
murphy wrote:Putting Ooma in a router's DMZ is no more dangerous than putting Ooma in front of a router.

Murphy: Thanks for you refreshing breeze of common sense.

Lately I've done some checking and research. I was told that there is more than 2 billion, probably closer to 3 billion routers in service though out the world. A high percentage of those routers have DMZs. Every router manufacture in the world manufactures at least some of their routers with DMZs. Why would any router manufacture design and manufacture even one router with a DMZ, if are such extreme, dangerous security risks involved?

The answer is that the router DMZ is a very valuable tool, when configured and used properly.

I noticed that a little more then a year ago, in this forum, there was a big uproar about use of DMZs, with many people arguing for and against DMZ use.

I read every post in the over a year ago Ooma forum thread discussions about why to use, why not to use a DMZ.

No one mentioned the Norton family of products that when setup properly, will isolate one or more router LAN connected device, from all other router connected devices, in the same LAN. This is a very valuable tool for an Ooma user. It's like having your cake and eating it too.

For anyone that MUST use the router DMZ to be able to have their Ooma device function properly, the Norton family of products, using the "Network Security Map" to set a "Trust Control" "Restricted" security level for the Ooma device, is the perfect answer for anyone concerned about Router LAN security. It's almost like Norton designed the Network Security Map feature for Ooma.

The large company that I used to work for does this very thing for their smaller remote offices that use Router DMZs. They install a high end home consumer router for the office, along with Norton products on all of their computers/servers and are protected from the DMZ server, using the "Network Security Map". This combination has proven to be very reliable.

Norton has had the Network Security Map feature for a few years, and I'm sure that Norton’s competitors also have this same feature.
#84104 by thunderbird
Wed Jul 06, 2011 11:12 am
ameneses54 wrote:Wow!
The question now is how do I setup NIS which luckily I use.
Please note that regarding modems and routers I'm null.

Arturo

Here is the Norton site with instructions that you will configure, in each of your computers connected to your router's LAN:

http://us.norton.com/support/kb/web_vie ... 09162049EN

***And***

http://us.norton.com/support/kb/web_vie ... 09160254EN
#84147 by tomcat
Thu Jul 07, 2011 6:35 pm
thunderbird wrote:
murphy wrote:Putting Ooma in a router's DMZ is no more dangerous than putting Ooma in front of a router.

Murphy: Thanks for you refreshing breeze of common sense.

Lately I've done some checking and research. I was told that there is more than 2 billion, probably closer to 3 billion routers in service though out the world. A high percentage of those routers have DMZs. Every router manufacture in the world manufactures at least some of their routers with DMZs. Why would any router manufacture design and manufacture even one router with a DMZ, if are such extreme, dangerous security risks involved?

The answer is that the router DMZ is a very valuable tool, when configured and used properly.

I noticed that a little more then a year ago, in this forum, there was a big uproar about use of DMZs, with many people arguing for and against DMZ use.

I read every post in the over a year ago Ooma forum thread discussions about why to use, why not to use a DMZ.

No one mentioned the Norton family of products that when setup properly, will isolate one or more router LAN connected device, from all other router connected devices, in the same LAN. This is a very valuable tool for an Ooma user. It's like having your cake and eating it too.

For anyone that MUST use the router DMZ to be able to have their Ooma device function properly, the Norton family of products, using the "Network Security Map" to set a "Trust Control" "Restricted" security level for the Ooma device, is the perfect answer for anyone concerned about Router LAN security. It's almost like Norton designed the Network Security Map feature for Ooma.

The large company that I used to work for does this very thing for their smaller remote offices that use Router DMZs. They install a high end home consumer router for the office, along with Norton products on all of their computers/servers and are protected from the DMZ server, using the "Network Security Map". This combination has proven to be very reliable.

Norton has had the Network Security Map feature for a few years, and I'm sure that Norton’s competitors also have this same feature.

thunderbird -
I'll have to say that you have surprised me. Your post provides an example of exactly what I have been trying to explain all along. However, I think we were approaching it from different angles and this is what caused our confusion. By providing more detail and using a specific example I am now able to understand what you are saying. I am glad to see that we are, in fact, on the same page. :)
#96682 by miserTen
Mon Jun 04, 2012 10:28 am
My understanding is that ATT Uverse gateway includes router, so there is no way to put OOMA in front. Unless you have another router connected to home network port of OOMA.

tomcat wrote:
murphy wrote:Putting Ooma in a router's DMZ is no more dangerous than putting Ooma in front of a router.

For the ooma device itself, I agree 100%. However, putting the Ooma in front of the router does allow the router to continue protecting the LAN. But, opening up the DMZ on a consumer router where the LAN has no isolation from the device in the DMZ (ooma or otherwise) may lead to exploits for the rest of the LAN. I'm just saying this needs to be taken into consideration before blindly opening the DMZ for any device.


So my understanding is as long as you have

Uverse Gateway (wired port 1) --> Writed DMZPlus to OOMA --> OOMA "Home network" port disconnected.
Uverse Gateway (wireless and wired port 2-4)--> All other computers still using gateway firewall.

Should be ok and not pose any network security risk. am I missing anything?

Also, Is there information available on what ports does OOMA service need, Uverse gateway has pinhole defined for bunch of services like yahoo messenger/net2phone etc, will opening up any one of those be enough?

Who is online

Users browsing this forum: Google [Bot] and 12 guests