Howto13r1:Firewall Settings: Difference between revisions
(New page: <!-- Keywords: firewall settings, ports, workload, turn config, policies, firewall rules, firewall --> ==Applies To== This information applies to V13 and up ==More Information== Here we...) |
(No difference)
|
Revision as of 13:45, 19 August 2019
Applies To
This information applies to
V13 and up
More Information
Here we would like to give an overview of the necessary ports and protocols for a reverse proxy in a DMZ.
The scenario would be that a reverse proxy is used in a DMZ. The DMZ has a link to the WAN and LAN.
Configuration
- Before you can setup your Firewall you have to read the book Reverse Proxy in the V13 IT Connect Training.
- You can see the full visual presentation in the book of the V12 Reverse Proxy Lesson.
WAN -> DMZ (Reverse Proxy) | DMZ (Reverse Proxy) -> inside (PBX) | DMZ (Reverse Proxy) -> inside (Application Platform) | DMZ (Reverse Proxy) -> WAN | inside -> DMZ (Reverse Proxy) |
---|---|---|---|---|
STUN/TURN (udp/tcp/3478) | / | / | / | STUN/TURN (udp/tcp/3478) |
LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
/ | / |
HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
/ | HTTPS (tcp/<your custom port>) • Advanced UI admin access |
H.323 (tcp/1300) • optionally HTTP (tcp/1720) if you need plaintext |
H.323 (tcp/1300) • optionally HTTP (tcp/1720) if you need plaintext |
/ | / | / |
SIPS (tcp/5061) • optionally LDAP (tcp/5060) if you need plaintext |
SIPS (tcp/5061) • optionally LDAP (tcp/5060) if you need plaintext |
/ | SIPS (tcp/5061) • optionally LDAP (tcp/5060) if you need plaintext |
/ |
/ | / | / | RTP (udp/16384-32767) • needed if you want to register a SIP Trunk from the RP to Provider |
RTP (udp/16384-32767) • needed if you want to register a SIP Trunk from the RP to Provider |