Howto13r1:Firewall Settings
Applies To
This information applies to
V13 and up
More Information
Here we would like to give an overview of the necessary ports and protocols for a reverse proxy in a DMZ.
The scenario would be that a reverse proxy is used in a DMZ. The DMZ has a link to the WAN and LAN.
Configuration
- Before you can setup your Firewall you have to read the book Reverse Proxy in the V13 IT Connect Training.
- You can see the full visual presentation in the book of the V12 Reverse Proxy Lesson.
| WAN ⇒ DMZ (Reverse Proxy) | DMZ (Reverse Proxy) ⇒ inside (PBX) | DMZ (Reverse Proxy) ⇒ inside (Application Platform) | DMZ (Reverse Proxy) ⇒ WAN | inside ⇒ DMZ (Reverse Proxy) |
|---|---|---|---|---|
| STUN/TURN (udp/tcp/3478) | / | / | / | STUN/TURN (udp/tcp/3478) |
| LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
/ | / |
| HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
/ | HTTPS (tcp/<your custom port>) • Advanced UI admin access |
| H.323 (tcp/1300) • optionally HTTP (tcp/1720) if you need plaintext |
H.323 (tcp/1300) • optionally HTTP (tcp/1720) if you need plaintext |
/ | / | / |
| SIPS (tcp/5061) • optionally LDAP (tcp/5060) if you need plaintext |
SIPS (tcp/5061) • optionally LDAP (tcp/5060) if you need plaintext |
/ | SIPS (tcp/5061) • optionally LDAP (tcp/5060) if you need plaintext |
/ |
| / | / | / | RTP (udp/16384-32767) • needed if you want to register a SIP Trunk from the RP to Provider |
RTP (udp/16384-32767) • needed if you want to register a SIP Trunk from the RP to Provider |