Specifications
Network Configuration Specifics
285
Embedded firewalls
The 3300ICP/MiVoice Business product and phones include micro-firewalls to protect against
unexpected levels of activity and will restrict traffic and responses according to some built in
rules.
The 3300/MiVoice Business system will limit traffic based on current operating conditions and
traffic expected to be handled. The phones use a “credit” system to limit unexpected packet
rates and will discard if these limits are exceeded. This may occur during an attack, but may
also occur for certain protocols where there are large subnets. Subnets greater than 1022 (/22)
are not encouraged, the normal being 254 (/24).
Voice gateway IP ports
Table 82 shows the Voice Gateway IP port numbers.
IP Address Restrictions
• The controller reserves some IP addresses for internal use. Communication to the 3300
ICP using an IP address in these ranges will fail to get a response. See the 3300 ICP
Technician’s Handbook for the up-to-date list of reserved IP addresses.
• Reserved IP Addresses: 169.254.10.0/15 -> 169.254.30.0/15, inclusive
Table 81: Packet Rate Limits at Phone Firewall
Packet type
Rate
(packet/second)
Burst handling (packets)
CDP, STP, LLDP 5 25
DNS 30 20
ARP, ICMP 5 50
RTP (per stream) 110 0
Table 82: Voice Gateway IP Port Numbers
Ports Platform Stream
50000-50127 CX/CXi/CXi II RTP even ports
50000-50127 MX RTP even ports
50000-50255 LX, MXe RTP even ports (See Note)
50000-50255 AX RTP even ports
Note: The ports on the LX and MXe expanded are associated with the E2T (voice gateway) IP address
rather than the RTC IP Address. Other platforms use the common RTC/E2T IP address.
Note: None of these reserved addresses can be used by devices that need to
communicate with the 3300 ICP (e.g. MITEL Phones, E2T). These reserved IP address
ranges can be used elsewhere in an IP network (i.e. network not connected to the 3300
ICP).