Specifications

ManualsBrandsAcard ManualsMusical equipmentARS-2051F

MBG Engineering Guidelines, Release 8.0

UDP 1024 -

65535 (RTP)

Server -> LAN

Server -> Internet

Voice Communications. Allow outgoing SRTP on UDP ports greater than, or

equal to 1024 from the server to all streaming devices on the LAN and the

Internet. Misconfiguration here is a common cause of one-way audio

problems. Note that as of release 7.0, MBG defaults to using even-

numbered ports for RTP, leaving the odd-numbered ports for RTCP. The

Internet portion of this rule can be safely omitted in the absence of Internet

traffic.

TCP 443

(HTTPS)

Server -> LAN

Web Proxy client connections (Optional). If using the Web Proxy ap-

plication, traffic must be permitted to and from the LAN to the proxy on the

DMZ.

TCP 443

(HTTPS)

Internet -> Firewall

ConnectionPoint traffic (Optional). To support AWC through the Web Proxy,

a second, dedicated IP address is required for the ConnectionPoint traffic.

This traffic will arrive on TCP port 443 and must be forwarded to the Proxy

at the port configured in the Proxy interface to handle it. The Proxy will then

forward this traffic to port 4443 on the LAN.

TCP ? Firewall -> Server

ConnectionPoint traffic (Optional). If using AWC through the Web Proxy,

traffic from the Internet to each port configured to receive Connection- Point

traffic in the Web Proxy must be permitted.

TCP 4443 Server -> LAN

ConnectionPoint traffic (Optional). If using AWC through the Web Proxy,

traffic to this destination port must be permitted between the proxy on the

DMZ and the server on the LAN.

TCP 80

Internet -> Server

LAN -> Server

Certificate Management (Optional). On any server hosting clients that make

use of MiSSLTunnel with a client certificate (UCA, CIS, etc), this port must

be open to the Internet to permit the web service to submit a certificate

signing request (CSR), check on the status of that request, and download

the certificate. Also needed for CREs to register with SRC control interface.

TCP 443 Server -> LAN

UC Advanced Support (Optional). If making use of the UC Advanced sup-

port, and the ability to remotely access NuPoint voicemail is required, this

port must be permitted from the Server to the LAN IP of the NuPoint server.

TCP 36005 Internet -> Server

UC Advanced Support (Optional). If making use of the UC Advanced sup-

port, this port must be permitted from the Internet to the Server. This port

permits a SOAP web service from UCA to a server on the LAN.

TCP 36006 Internet -> Server

UC Advanced Support. To permit the UCA client to connect and retrieve

NuPoint voicemail, this port must be permitted.

TCP 36007 Internet -> Server

UC Advanced Support. To permit the UCA client to connect to the UCA

server via SIP over TLS, this port must be permitted.

TCP 36008

Internet -> Server

Server -> LAN

UC Advanced Support. To permit the UCA client to connect to the UCA

server for presence information, this port must be permitted.

TCP 37000

Server <-> LAN

Internet -> Server

UC Advanced Support. To permit the UCA client to connect to the

collaboration server on the LAN side, this port must be permitted. Failure to

do so will result in the collaboration features failing to function.