Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
816
Views
0
Helpful
4
Replies

CMS WebRTC over Expressway

amit611988
Level 1
Level 1

‎06-26-2018 04:24 AM - edited ‎03-18-2019 02:12 PM

So we are about to deploy CMS WebRTC over Expressway as people would like to use the Webbridge over Internet.  We have the VCS-E with a single NIC and single CMS server with all the configurations in place. WebRTC internally is working fine. I checked the guide 

https://www.cisco.com/c/en/us/support/docs/conferencing/meeting-server/210800-configure-cms-webrtc-proxy-over-expressw.html

And in the Configuration prerequisites it mentions "TCP Port 443 opened on Firewall from the public internet to the Expressway-E's public IP address". I am not a security expert, this is why I suspect that opening the port 443 to the Expressway's Public would be a probable risk as anyone from outside could access the Management interface of the CMS then. Is there any suggestion to either translate the port from 443 to any other port. If not then, what could be the solution for this?

Thanks for the feedback.

0 Helpful
4 Replies 4

R0g22
Cisco Employee
Cisco Employee

‎06-26-2018 07:03 AM

Web management interface is through Web admin. For WebRTC, users access the Web bridge. Both web admin and web bridge cannot listen on the same port. So, you basically have Web bridge listening on port 443 ONLY. CMS Web Admin and VCS-E Web Admin should not be port 443.

0 Helpful

amit611988
Level 1
Level 1
In response to R0g22

‎06-26-2018 07:13 AM - edited ‎06-26-2018 07:23 AM

Yes we have Web Bridge on 443 and WebAdmin on 445. The VCS-E Web Administration is using port 443. So currently what I am trying to do is ask the Firewall team is to open port 7443 or port 9000 for VCS-E Web Administration and port 443 for WebRTC. I think this should work. 

0 Helpful

R0g22
Cisco Employee
Cisco Employee
In response to amit611988

‎06-26-2018 07:48 AM

That's incorrect. Change your VCS-E admin port to something other than 443. With your current config, the WebRTC users will be presented with the VCS-E admin page rather than the webbridge.

0 Helpful

amit611988
Level 1
Level 1
In response to R0g22

‎06-27-2018 02:51 AM

Yes, this is what I was trying. I thought I found a way as in Expressway X8.10 I have the possibility to change the Administration port from 443 to either 7443 or 9000. But in case of VCS-E version X8.8.8,  it is not possible to change the port as the port usage page states the port is not changeable. it's totally grayed out. Is this only due to the Software version? or is it because of the Advanced Networking option key? 

We were also thinking to block the VCS-E admin sub-URL on the firewall and allow all other url's. Should this workaround also work?

 

Regards,

Amit

0 Helpful
Customers Also Viewed These Support Documents