Recent Changes - Search:

Resources


IP PBX Systems


Telephony Switch


Phones


Access Gateway
Signaling Converter


Lawful Interception Recorder


Others


Discontinued Products


Main Domains


In Social Media


About Us
Contact Details





.

Xymphony_Programming_-_Firewall_NAT_Port_Forwarding_Issues

When an ideal internet is considered, all devices should have a public IP address and there would be end to end communication among these. However, in reality, this is not the case due to the limited number of public IP addresses. Instead, enterprises own one or some public reachable or routable IP address and any number of private IP addresses for their local area network. NAT and NAPT devices are the solutions to translate IP addresses and port numbers in private address ranges to public addresses for internet connectivity.

Second, enterprises would like to protect their network from unauthorized accesses with firewalls.

Usually, software based NATs and firewalls are embedded into DSL modem/router devices so that they become a concern for small home offices not only for large enterprises. Sometimes, these devices may create problems for VoIP interconnection and IP Telephony services. Sometimes, VoIP and other services may not be easy applications to negotiate through Firewalls and NAT since these devices are used to provide security by limiting access to private ports, IP addresses and the traffic type.

Firewall is mainly an issue for incoming traffic whereas NAT is the one for both-way traffic. This document intends to make you aware of possible problems and describes how to deal with these in the simplest way for a Telesis IP Telephony application.

Without Firewall

Installing the Telesis system with a public IP address and outside of your firewall is an easy way. In this case, un-trusted sources may be able to access to the Telesis system that is outside a firewall, but can do little. Most internet viruses and worms attack to the PC operating systems. However, Telesis systems do not use such an operating system. Consequently, there should not be a serious security risk if the Telesis system is outside the Firewall.

Using the Telesis System Behind a Firewall

Traffic for VoIP and other IP Telephony services requires the use of several ports that may be protected by the firewall. Specifically VoIP is like traditional communication such that incoming calls could be from a wide-range of unknown sources that can not be classified as trusted or un-trusted. If a firewall is between the Telesis system and the public network, certain ports must be set properly before a connection can be made between the two sites. The firewall policy should allow VoIP and other protocols, which are intended to be used, accesses from the public domain to these ports. The network owner may define further filtering rules specifying the endpoints that are allowed to communicate.

The Ports to be Considered in Firewall Filtering Policy

Telesis systems use the following ports by default:

Port NumberService
1718H.323 Umbrella Protocol
1719H.323 Umbrella Protocol
1720H.323 Umbrella Protocol
5060SIP
9874Downloading automatically recorded conversations via XTools
9876Downloading CMDR and signaling analysis via XTools
9877-9878xSIP
80HTTP
21FTP for uploading conversation records to a server
50000-50255RTP for VoIP media for PX24N, PX24U, PX24M, PX24X, Stillink 200 and Stillink 800
50000-.........RTP for VoIP media for X1 and Stillink 3200. Upper limit depends on the system configuration
389LDAP Signalling port

Although these ports are programmable in Telesis systems, some of them are standard worldwide and keeping the above mentioned default values are recommended for inter-operability issues. In Firewall filtering, any of used ports should not be blocked. Using the Telesis System Behind a NAT

A NAT maintains a table that links private ports and IP addresses to public ports and IP addresses. Similar to the Firewall issue, the NAT should be configured properly for the traffic. The ports to considered are the ones mentioned above for Firewall configuration.

The NAT may be manually configured with static mappings, i.e., bindings or without bindings.

Internal Links

Print - Recent Changes - Search
Page last modified on July 20, 2016, at 05:05 AM EST
Subject to change without any notice. All rights reserved 2010 - Telesis A.S.
Iskitler Cad. No.68 Ankara, TURKEY. Tel: +90 312 3840540 Fax: +90 312 3840549 http://www.telesis-pbx.com