Howto13r1:Firewall Settings: Difference between revisions
| Line 19: | Line 19: | ||
{| class="wikitable" border="1" cellspacing="0" cellpadding="10" | {| class="wikitable" border="1" cellspacing="0" cellpadding="10" | ||
! style="background-color: #EAECF0;text-align:center"|WAN ⇒ DMZ (Reverse Proxy) !! style="background-color: #EAECF0;text-align:center"|DMZ (Reverse Proxy) ⇒ inside (PBX) !! style="background-color: #EAECF0;text-align:center"|DMZ (Reverse Proxy) ⇒ inside (Application Platform) !! style="background-color: #EAECF0;text-align:center"|DMZ (Reverse Proxy) | ! style="background-color: #EAECF0;text-align:center"|WAN ⇒ DMZ (Reverse Proxy) !! style="background-color: #EAECF0;text-align:center"|DMZ (Reverse Proxy) ⇒ inside (PBX) !! style="background-color: #EAECF0;text-align:center"|DMZ (Reverse Proxy) ⇒ inside (Application Platform) !! style="background-color: #EAECF0;text-align:center"|inside ⇒ DMZ (Reverse Proxy) !! style="background-color: #EAECF0;text-align:center"|DMZ (Reverse Proxy) ⇒ WAN | ||
|- | |- | ||
| STUN/TURN (udp/tcp/3478) | | STUN/TURN (udp/tcp/3478) || / || / || STUN/TURN (udp/tcp/3478) || / | ||
|- | |- | ||
| LDAPS (tcp/636)<br> | | LDAPS (tcp/636)<br> | ||
| Line 47: | Line 47: | ||
''• <span style="font-size:11px;">needed if you want offer myApps</span>''<br> | ''• <span style="font-size:11px;">needed if you want offer myApps</span>''<br> | ||
''• <span style="font-size:11px;">please also allow wss/ws (websocket) connections</span>'' | ''• <span style="font-size:11px;">please also allow wss/ws (websocket) connections</span>'' | ||
|| HTTPS (tcp/<your custom port>)<br> | || HTTPS (tcp/<your custom port>)<br> | ||
''• <span style="font-size:11px;">Advanced UI admin access</span>'' | ''• <span style="font-size:11px;">Advanced UI admin access</span>'' | ||
|| / | |||
|- | |- | ||
| H.323 (tcp/1300)<br> | | H.323 (tcp/1300)<br> | ||
| Line 68: | Line 68: | ||
''• <span style="font-size:11px;">needed '''only''' if you want to accept SIP registers</span>'' | ''• <span style="font-size:11px;">needed '''only''' if you want to accept SIP registers</span>'' | ||
|| / | || / | ||
|| / | |||
|| SIPS (tcp/5061)<br> | || SIPS (tcp/5061)<br> | ||
''• <span style="font-size:11px;">optionally LDAP (tcp/5060) if you need plaintext</span>''<br> | ''• <span style="font-size:11px;">optionally LDAP (tcp/5060) if you need plaintext</span>''<br> | ||
''• <span style="font-size:11px;">needed if you want to register a SIP Trunk from the RP to Provider</span>'' | ''• <span style="font-size:11px;">needed if you want to register a SIP Trunk from the RP to Provider</span>'' | ||
|- | |- | ||
| / || / || / || RTP (udp/16384-32767)<br> | | / || / || / || RTP (udp/16384-32767)<br> | ||
Revision as of 15:55, 19 August 2019
Applies To
This information applies to
V13 and up
More Information
Here we would like to give an overview of the necessary ports and protocols for a reverse proxy in a DMZ.
The scenario would be that a reverse proxy is used in a DMZ. The DMZ has a link to the WAN and LAN.
Configuration
- Before you can setup your Firewall you have to read the book Reverse Proxy in the V13 IT Connect Training.
- You can see the full visual presentation in the book of the V12 Reverse Proxy Lesson.
| WAN ⇒ DMZ (Reverse Proxy) | DMZ (Reverse Proxy) ⇒ inside (PBX) | DMZ (Reverse Proxy) ⇒ inside (Application Platform) | inside ⇒ DMZ (Reverse Proxy) | DMZ (Reverse Proxy) ⇒ WAN |
|---|---|---|---|---|
| STUN/TURN (udp/tcp/3478) | / | / | STUN/TURN (udp/tcp/3478) | / |
| LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
/ | / |
| HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
HTTPS (tcp/<your custom port>) • Advanced UI admin access |
/ |
| H.323 (tcp/1300) • optionally HTTP (tcp/1720) if you need plaintext |
H.323 (tcp/1300) • optionally HTTP (tcp/1720) if you need plaintext |
/ | / | / |
| SIPS (tcp/5061) • optionally LDAP (tcp/5060) if you need plaintext |
SIPS (tcp/5061) • optionally LDAP (tcp/5060) if you need plaintext |
/ | / | SIPS (tcp/5061) • optionally LDAP (tcp/5060) if you need plaintext |
| / | / | / | RTP (udp/16384-32767) • needed if you want to register a SIP Trunk from the RP to Provider |
RTP (udp/16384-32767) • needed if you want to register a SIP Trunk from the RP to Provider |