I am struggling to make sense of the Cisco documentation for firewall rules required for Cisco Cloud Video Interop (CVI) for Microsoft Teams. This is for an environment where videoconferencing traffic is not allowed in or out unless it is explicitly allowed.
In this document, it lists ports for CVI. I assume they are outbound ports. Maybe they are inbound and outbound ports? It doesn't say.
It then says that, for signalling, you need to enable Webex meeting traffic, and refers to this document. The second document lists a wider set of ports for signalling, inbound and outbound. So which is it?
The second document then refers to the Expressway IP Port usage guide, if you have on-premises room kit. This guide says that you need to allow outbound TCP and UDP to any destination, any port > or = 1024; and TCP and UDP from any source port to the Expressway-Edge listening ports. If you do that, then you don't need either the first or the second document.
Finally, when we use the Cisco CVI, we actually hit a destination address on a destination port that is not on the list of ports in the first document, and not on the list of required destinations and ports in the second document.
So what do you actually need, inbound and outbound, if you just want to use Cisco CVI with on-premises room kit, and not any other external videoconferencing?
As a note, other CVI vendors list just a set of destination addresses and ports for outgoing connections. No incoming connections, and no outgoing "all ports, all destinations".