Thursday, August 16, 2012

ShoreTel Reverse Proxy for Mobile Communicator

I recently ran into an issue when attempting to create a reverse proxy between the ShoreTel HQ server and the outside world. I thought I would share the steps I took to get this working.

Scenario: You have purchased the Mobile Access License which allows the utilization of the ShoreTel Mobile Communicator via a smart phone from the 3G/4G network. Now, in order for mobile access to work, ports 80, 5447, and 5449 need to be opened to allow authentication and traffic. Giving access to your ShoreTel server over port 80 from the outside world is never recommended, so building a proxy server to translate one random port to the three ports mentioned above is best practice.

Before you continue reading, download and read through the official ShoreTel Application Note#10370 found here.

Please use the steps in the application note to get everything set up. I followed this guide myself, but due to the document being outdated I had to make certain changes in order to get this working. These changes are as follows.
  • Do not use port 5500 as specified in the application note. As of ShoreTel 12, port 5500 is in use by DTAS. Not sure why this would affect this scenario, but it did. Use any other random port, like 5505 for example.
  • Change the web.config file to the following (additions in red):
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ShoreTel Authenticate Redirect" stopProcessing="true">
<match url="^authenticate(.*)" />
<action type="Rewrite" url="http://shoretelhq.internal.name:80{R:1}" logRewrittenUrl="true" />
</rule>
<rule name="ShoreTel CAS Redirect" stopProcessing="true">
<match url="^cas(.*)" />
<action type="Rewrite" url="http://shoretelhq.internal.name:5447{R:1}" logRewrittenUrl="true" />
</rule>
<rule name="ShoreTel Director2 Redirect" stopProcessing="true">
<match url="^director2(.*)" />
<action type="Rewrite" url="http://shoretelhq.internal.name:5449{R:1}" logRewrittenUrl="true" />
</rule>
</rules>
<outboundRules>
<preConditions>
<preCondition name="IsHTML">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
<urlCompression doStaticCompression="false" doDynamicCompression="false" />
</system.webServer>
</configuration>
  • Restart IIS
This is all I did to get it working. All it took was a little google fu and a packet capture.

Posted by at 7 comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)