on 03-09-2012 10:24 AM
The Jabber Video application can operate in one of three modes:
The provisioned port ranges depend on the specific mode under which the Jabber Video application is being used and, in some cases, on specific customer requirements.
For the Jabber Video cloud service, we are provisioning the following ports and port ranges for the application:
Type | Protocol | Range Start | Destination Port/Range End |
DNS | UDP | N/A | 53 |
TURN | UDP | N/A | 3478 or 5349/TLS |
SIP Signaling | TCP | N/A | 5060 or 80 |
SIP Secure Signaling | TCP | N/A | 5061 or 443 |
RTP - Video | UDP | 16384 | 32767 |
Provisioning Software Upgrade | TCP | N/A | 80/443 |
The RTP port range listed here is specific to the computer that Jabber Video is installed on. We are provisioning a wide range of media ports, as unlike an enterprise deployment of Jabber Video, we won’t know in advance which applications are in use (and which ports/ranges other applications may have reserved).
Which ports to open on the firewall ultimately depends on your company’s firewall configuration and requirements. If you are a Cisco customer, we recommend working with your account team to determine the configuration that would best meet your needs. Generally, as most corporate firewalls use NAT, the critical metric is the number of outbound ports to open, not which specific port numbers/ranges. The general guideline is to estimate how many Jabber Video “guest access” users would be placing calls across the firewall simultaneously. Take that number and multiply by 11 in order to get an approximate number of ports needed to allow media to flow.
More restrictive firewall policies may prohibit administrators from opening many ports. In that event, it is possible to establish calls using only ports 5060/5061 (or 80/443), but this prevents media from being established in a point-to-point connection. As Cisco will attempt to relay the media through your NAT or firewall, this may affect your call quality. If you want to achieve 720p HD quality, then you should open the ports per the guidelines shown here.
I also would like to know this, but coming from a completely different angle. I want to block users from installing this our company computers. We have an enterprise client available that we provision, so how to I keep users who have installed it in my network from making calls?
Are the IP address blocks/ranges also available for the cloud based Cisco Jabber Video for TelePresence servers? We've opened up several, but everytime a new IP gets added to mix we are having to go back and make firewall adjustments.
Hi Darren,
You might want to block users from access this download link to the installer -
https://www.ciscojabbervideo.com/download
As for the IP, you can block access to
this subnet 199.19.190.x
Rick Mai
How does the company Media Network Services (medianetworkservices.com) play into the Cisco Jabber Video for TelePresence configuration? I see connection attemps to their IPs on UDP 3478 just after sign-in. It looks like they specialize in media optimazation for video traffic. Does anyone know their IP ranges needed for Cisco Jabber Video for TelePresence?
We use medianetworkservices for media relay if the environment can't pass the firewall traversal.
medianetworkservices addresses varies depends on the location that you're at. For me it's
109.205.13.x.
Rick Mai
Going forward, please post your questions to https://supportforums.cisco.com/community/netpro/small-business/jabbervideosupport?view=discussions. Thank you!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: