Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1230
Views
0
Helpful
3
Replies

Expressway Edge - Firewall Ports

Network Admin
Level 1
Level 1

‎09-20-2015 08:03 AM - edited ‎03-19-2019 10:07 AM

We have Expressway Setup with Public IP NATed to Expressway Private IP.

 

The issue is that the Company Security Policy does not allow opening ports of huge range from Public to Inside as mentioned below :-

 

TypeDescriptionProtocolIP addressIP portTransport
H.323Call signaling port rangeH.323Public IP15000 to 19999TCP
MediaMedia port rangeRTP,RTCPPublic IP36000 to 59999UDP
TURN Srv mediaTURN server media Public IP24000 to 29999UDP

 

What is the work around for this ? Is there away to shorten these  ranges ? 

Labels:
0 Helpful
3 Replies 3

Chris Deren
Hall of Fame
Hall of Fame

‎09-20-2015 09:09 AM

I am not aware of a workaround, you need to open ports as documented in the Expressway deployment guide if your organization wants to utilize the product.

0 Helpful

Network Admin
Level 1
Level 1
In response to Chris Deren

‎09-21-2015 02:04 AM

But still I feel we can at least Squeeze the range by some way.

Is it mandatory that all these range has to be allowed from INTERNET to EXP-EDGE ?

0 Helpful

devils_advocate
Level 7
Level 7

‎09-21-2015 03:16 AM

I doubt Cisco would put a range in unless it was required.

The only thing I can suggest is to check the firewall logs to see what ports the devices are actually using. I suspect it will not be 15001, 15002, 15003 in sequence however so you may be forced to just open up the ports as described in the Deployment guide if you want it to work. 

0 Helpful
Customers Also Viewed These Support Documents