Howto13r1:Firewall Settings: Difference between revisions

From innovaphone wiki
Jump to navigation Jump to search
No edit summary
Line 83: Line 83:


== Related Articles ==
== Related Articles ==
* [[Howto:Innovaphones_IP-Addresses]]
* [[Howto:Innovaphones_public_services]]
* [[Course13:IT_Connect_-_10.0_Reverse_Proxy]]
* [[Course13:IT_Connect_-_10.0_Reverse_Proxy]]
* [[Course12:Advanced_-_Reverse_Proxy]]
* [[Course12:Advanced_-_Reverse_Proxy]]


[[Category:Howto|{{PAGENAME}}]]
[[Category:Howto|{{PAGENAME}}]]

Revision as of 08:49, 6 October 2020

Applies To

This information applies to

V13 and up

Scenario: Reverse Proxy in a DMZ

Here we would like to give an overview of the necessary ports and protocols for a reverse proxy in a DMZ.

The scenario would be that a reverse proxy is used in a DMZ. The DMZ has a link to the WAN and LAN.

Configuration

  • Before you can setup your Firewall you have to read the book Reverse Proxy in the V13 IT Connect Training.
  • If you already have used some of the port forwards from the collumn WAN ⇒ DMZ for other Systems you have to combine all forwards in the reverse Proxy or use a separate ip address


WAN ⇒ DMZ (Reverse Proxy) DMZ (Reverse Proxy) ⇒ inside (PBX) DMZ (Reverse Proxy) ⇒ inside (Application Platform) inside ⇒ DMZ (Reverse Proxy) DMZ (Reverse Proxy) ⇒ WAN
STUN/TURN (udp/tcp/3478) / / STUN/TURN (udp/tcp/3478) /
LDAPS (tcp/636)

optionally LDAP (tcp/389) if you need plaintext
needed if you want to offer LDAP lookups

LDAPS (tcp/636)

optionally LDAP (tcp/389) if you need plaintext
needed if you want to offer LDAP lookups

LDAPS (tcp/636)

optionally LDAP (tcp/389) if you need plaintext
needed if you want to offer LDAP lookups

/ /
HTTPS (tcp/443)

optionally HTTP (tcp/80) if you need plaintext
needed if you want to offer myApps
please also allow wss/ws (websocket) connections

HTTPS (tcp/443)

optionally HTTP (tcp/80) if you need plaintext
needed if you want to offer myApps
please also allow wss/ws (websocket) connections

HTTPS (tcp/443)

optionally HTTP (tcp/80) if you need plaintext
needed if you want to offer myApps
please also allow wss/ws (websocket) connections

HTTPS (tcp/<your custom port>)

Advanced UI admin access

/
H.323 (tcp/1300)

optionally H.323 (tcp/1720) if you need plaintext
needed if you want to offer Phone registrations

H.323 (tcp/1300)

optionally H.323 (tcp/1720) if you need plaintext or username/password auths with invalid certificates
needed if you want to offer Phone registrations

/ / /
SIPS (tcp/5061)

optionally SIP (tcp/5060) if you need plaintext
needed only if you want to accept SIP registrations, i.e. for 3rd. Party SIP phones but not for SIP-Trunks

SIPS (tcp/5061)

optionally SIP (tcp/5060) if you need plaintext
needed only if you want to accept SIP registrations, i.e. for 3rd. Party SIP phones but not for SIP-Trunks

/ / SIPS (tcp/5061)

optionally SIP (tcp/5060) if you need plaintext
needed if you want to register a SIP Trunk from the RP to Provider and your Provider doesn't support TURN

/ / / RTP (udp/16384-32767)

needed if you want to register a SIP Trunk from the RP to Provider and your Provider doesn't support TURN

RTP (udp/16384-32767)

needed if you want to register a SIP Trunk from the RP to Provider and your Provider doesn't Support TURN

The complete Workload Picture

V13-workload.jpg

Related Articles

Retrieved from "https://wiki.innovaphone.com/index.php?title=Howto13r1:Firewall_Settings&oldid=57270"