Howto13r1:Firewall Settings: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 25: | Line 25: | ||
| LDAPS (tcp/636)<br> | | LDAPS (tcp/636)<br> | ||
''• <span style="font-size:11px;">optionally LDAP (tcp/389) if you need plaintext</span>''<br> | ''• <span style="font-size:11px;">optionally LDAP (tcp/389) if you need plaintext</span>''<br> | ||
''• <span style="font-size:11px;">needed if you want offer LDAP lookups</span>'' | ''• <span style="font-size:11px;">needed if you want to offer LDAP lookups</span>'' | ||
|| LDAPS (tcp/636)<br> | || LDAPS (tcp/636)<br> | ||
''• <span style="font-size:11px;">optionally LDAP (tcp/389) if you need plaintext</span>''<br> | ''• <span style="font-size:11px;">optionally LDAP (tcp/389) if you need plaintext</span>''<br> | ||
''• <span style="font-size:11px;">needed if you want offer LDAP lookups</span>'' | ''• <span style="font-size:11px;">needed if you want to offer LDAP lookups</span>'' | ||
|| LDAPS (tcp/636)<br> | || LDAPS (tcp/636)<br> | ||
''• <span style="font-size:11px;">optionally LDAP (tcp/389) if you need plaintext</span>''<br> | ''• <span style="font-size:11px;">optionally LDAP (tcp/389) if you need plaintext</span>''<br> | ||
''• <span style="font-size:11px;">needed if you want offer LDAP lookups</span>'' | ''• <span style="font-size:11px;">needed if you want to offer LDAP lookups</span>'' | ||
|| / | || / | ||
|| / | || / | ||
| Line 37: | Line 37: | ||
| HTTPS (tcp/443)<br> | | HTTPS (tcp/443)<br> | ||
''• <span style="font-size:11px;">optionally HTTP (tcp/80) if you need plaintext</span>''<br> | ''• <span style="font-size:11px;">optionally HTTP (tcp/80) if you need plaintext</span>''<br> | ||
''• <span style="font-size:11px;">needed if you want offer myApps</span>''<br> | ''• <span style="font-size:11px;">needed if you want to offer myApps</span>''<br> | ||
''• <span style="font-size:11px;">please also allow wss/ws (websocket) connections</span>'' | ''• <span style="font-size:11px;">please also allow wss/ws (websocket) connections</span>'' | ||
|| HTTPS (tcp/443)<br> | || HTTPS (tcp/443)<br> | ||
''• <span style="font-size:11px;">optionally HTTP (tcp/80) if you need plaintext</span>''<br> | ''• <span style="font-size:11px;">optionally HTTP (tcp/80) if you need plaintext</span>''<br> | ||
''• <span style="font-size:11px;">needed if you want offer myApps</span>''<br> | ''• <span style="font-size:11px;">needed if you want to offer myApps</span>''<br> | ||
''• <span style="font-size:11px;">please also allow wss/ws (websocket) connections</span>'' | ''• <span style="font-size:11px;">please also allow wss/ws (websocket) connections</span>'' | ||
|| HTTPS (tcp/443)<br> | || HTTPS (tcp/443)<br> | ||
''• <span style="font-size:11px;">optionally HTTP (tcp/80) if you need plaintext</span>''<br> | ''• <span style="font-size:11px;">optionally HTTP (tcp/80) if you need plaintext</span>''<br> | ||
''• <span style="font-size:11px;">needed if you want offer myApps</span>''<br> | ''• <span style="font-size:11px;">needed if you want to offer myApps</span>''<br> | ||
''• <span style="font-size:11px;">please also allow wss/ws (websocket) connections</span>'' | ''• <span style="font-size:11px;">please also allow wss/ws (websocket) connections</span>'' | ||
|| HTTPS (tcp/<your custom port>)<br> | || HTTPS (tcp/<your custom port>)<br> | ||
| Line 52: | Line 52: | ||
|- | |- | ||
| H.323 (tcp/1300)<br> | | H.323 (tcp/1300)<br> | ||
''• <span style="font-size:11px;">optionally | ''• <span style="font-size:11px;">optionally H.323 (tcp/1720) if you need plaintext</span>''<br> | ||
''• <span style="font-size:11px;">needed if you want offer Phone registrations</span>'' | ''• <span style="font-size:11px;">needed if you want to offer Phone registrations</span>'' | ||
|| H.323 (tcp/1300)<br> | || H.323 (tcp/1300)<br> | ||
''• <span style="font-size:11px;">optionally | ''• <span style="font-size:11px;">optionally H.323 (tcp/1720) if you need plaintext or username/password auths with invalid certificates</span>''<br> | ||
''• <span style="font-size:11px;">needed if you want offer Phone registrations</span>'' | ''• <span style="font-size:11px;">needed if you want to offer Phone registrations</span>'' | ||
|| / | || / | ||
|| / | || / | ||
| Line 62: | Line 62: | ||
|- | |- | ||
| SIPS (tcp/5061)<br> | | SIPS (tcp/5061)<br> | ||
''• <span style="font-size:11px;">optionally | ''• <span style="font-size:11px;">optionally SIP (tcp/5060) if you need plaintext</span>''<br> | ||
''• <span style="font-size:11px;">needed '''only''' if you want to accept SIP | ''• <span style="font-size:11px;">needed '''only''' if you want to accept SIP registrations</span>'' | ||
|| SIPS (tcp/5061)<br> | || SIPS (tcp/5061)<br> | ||
''• <span style="font-size:11px;">optionally | ''• <span style="font-size:11px;">optionally SIP (tcp/5060) if you need plaintext</span>''<br> | ||
''• <span style="font-size:11px;">needed '''only''' if you want to accept SIP | ''• <span style="font-size:11px;">needed '''only''' if you want to accept SIP registrations</span>'' | ||
|| / | || / | ||
|| / | || / | ||
|| SIPS (tcp/5061)<br> | || SIPS (tcp/5061)<br> | ||
''• <span style="font-size:11px;">optionally | ''• <span style="font-size:11px;">optionally SIP (tcp/5060) if you need plaintext</span>''<br> | ||
''• <span style="font-size:11px;">needed if you want to register a SIP Trunk from the RP to Provider and your Provider doesn't | ''• <span style="font-size:11px;">needed if you want to register a SIP Trunk from the RP to Provider and your Provider doesn't support TURN</span>'' | ||
|- | |- | ||
| / || / || / || RTP (udp/16384-32767)<br> | | / || / || / || RTP (udp/16384-32767)<br> | ||
''• <span style="font-size:11px;">needed if you want to register a SIP Trunk from the RP to Provider and your Provider doesn't | ''• <span style="font-size:11px;">needed if you want to register a SIP Trunk from the RP to Provider and your Provider doesn't support TURN</span>'' | ||
|| RTP (udp/16384-32767)<br> | || RTP (udp/16384-32767)<br> | ||
''• <span style="font-size:11px;">needed if you want to register a SIP Trunk from the RP to Provider and your Provider doesn't Support TURN</span>'' | ''• <span style="font-size:11px;">needed if you want to register a SIP Trunk from the RP to Provider and your Provider doesn't Support TURN</span>'' | ||
Revision as of 15:39, 20 August 2019
Applies To
This information applies to
V13 and up
Scenario: Reverse Proxy in a DMZ
Here we would like to give an overview of the necessary ports and protocols for a reverse proxy in a DMZ.
The scenario would be that a reverse proxy is used in a DMZ. The DMZ has a link to the WAN and LAN.
Configuration
- Before you can setup your Firewall you have to read the book Reverse Proxy in the V13 IT Connect Training.
- You can see the full visual presentation in the book of the V12 Reverse Proxy Lesson.
| WAN ⇒ DMZ (Reverse Proxy) | DMZ (Reverse Proxy) ⇒ inside (PBX) | DMZ (Reverse Proxy) ⇒ inside (Application Platform) | inside ⇒ DMZ (Reverse Proxy) | DMZ (Reverse Proxy) ⇒ WAN |
|---|---|---|---|---|
| STUN/TURN (udp/tcp/3478) | / | / | STUN/TURN (udp/tcp/3478) | / |
| LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
LDAPS (tcp/636) • optionally LDAP (tcp/389) if you need plaintext |
/ | / |
| HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
HTTPS (tcp/443) • optionally HTTP (tcp/80) if you need plaintext |
HTTPS (tcp/<your custom port>) • Advanced UI admin access |
/ |
| H.323 (tcp/1300) • optionally H.323 (tcp/1720) if you need plaintext |
H.323 (tcp/1300) • optionally H.323 (tcp/1720) if you need plaintext or username/password auths with invalid certificates |
/ | / | / |
| SIPS (tcp/5061) • optionally SIP (tcp/5060) if you need plaintext |
SIPS (tcp/5061) • optionally SIP (tcp/5060) if you need plaintext |
/ | / | SIPS (tcp/5061) • optionally SIP (tcp/5060) if you need plaintext |
| / | / | / | RTP (udp/16384-32767) • needed if you want to register a SIP Trunk from the RP to Provider and your Provider doesn't support TURN |
RTP (udp/16384-32767) • needed if you want to register a SIP Trunk from the RP to Provider and your Provider doesn't Support TURN |