Howto13r1:Firewall Settings: Difference between revisions
No edit summary |
|||
Line 83: | Line 83: | ||
== Related Articles == | == Related Articles == | ||
* [[Howto: | * [[Howto:Innovaphones_public_services]] | ||
* [[Course13:IT_Connect_-_10.0_Reverse_Proxy]] | * [[Course13:IT_Connect_-_10.0_Reverse_Proxy]] | ||
* [[Course12:Advanced_-_Reverse_Proxy]] | * [[Course12:Advanced_-_Reverse_Proxy]] | ||
[[Category:Howto|{{PAGENAME}}]] | [[Category:Howto|{{PAGENAME}}]] |
Revision as of 08:49, 6 October 2020
Applies To
This information applies to
V13 and up
Scenario: Reverse Proxy in a DMZ
Here we would like to give an overview of the necessary ports and protocols for a reverse proxy in a DMZ.
The scenario would be that a reverse proxy is used in a DMZ. The DMZ has a link to the WAN and LAN.
Configuration
- Before you can setup your Firewall you have to read the book Reverse Proxy in the V13 IT Connect Training.
- If you already have used some of the port forwards from the collumn WAN ⇒ DMZ for other Systems you have to combine all forwards in the reverse Proxy or use a separate ip address
WAN ⇒ DMZ (Reverse Proxy) | DMZ (Reverse Proxy) ⇒ inside (PBX) | DMZ (Reverse Proxy) ⇒ inside (Application Platform) | inside ⇒ DMZ (Reverse Proxy) | DMZ (Reverse Proxy) ⇒ WAN |
---|---|---|---|---|
STUN/TURN (udp/tcp/3478) | / | / | STUN/TURN (udp/tcp/3478) | / |
LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
/ | / |
HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
HTTPS (tcp/<your custom port>) • Advanced UI admin access |
/ |
H.323 (tcp/1300) • optionally H.323 (tcp/1720) if you need plaintext |
H.323 (tcp/1300) • optionally H.323 (tcp/1720) if you need plaintext or username/password auths with invalid certificates |
/ | / | / |
SIPS (tcp/5061) • optionally SIP (tcp/5060) if you need plaintext |
SIPS (tcp/5061) • optionally SIP (tcp/5060) if you need plaintext |
/ | / | SIPS (tcp/5061) • optionally SIP (tcp/5060) if you need plaintext |
/ | / | / | RTP (udp/16384-32767) • needed if you want to register a SIP Trunk from the RP to Provider and your Provider doesn't support TURN |
RTP (udp/16384-32767) • needed if you want to register a SIP Trunk from the RP to Provider and your Provider doesn't Support TURN |