Samsung Scopia Series Reference Manual Download Page 21 | Manualshive

Page: 21 / 39

background image

| 21

RADVISION | RADVISION Port Security Reference Guide

SCOPIA Desktop

The SCOPIA Desktop Server is typically located in the DMZ (

Figure 1-3

on page 21). It therefore

has two sides to its connections, one towards the internal enterprise network while the other is
towards the public.

Figure 1-3

Locating the SCOPIA Desktop Server in the DMZ

Table 1-12

lists the ports that need to be opened on the SCOPIA Desktop Server’s connection to

the internal network.

Table 1-12

Ports to and from the SCOPIA Desktop Server connected to the internal network

Port Range

Protocol Direction Severity

Functionality

80

TCP

Incoming

Optional

Used to access the SCOPIA Desktop Server web portal via a
web browser. The alternative is to configure the GUI to run
on port 443.

137/138

UDP

Outgoing

Recommended
for performing
Active
Directory
authentication

From SCOPIA Desktop to Active Directory in order to do auto
discovery and authentication.

139/445

TCP

Outgoing

Recommended
for Active
Directory
authentication

From SCOPIA Desktop to Active Directory in order to do auto
discovery and authentication.

443

TCP

Incoming

Mandatory

Control connection between the

SCOPIA Desktop

Client and

the

SCOPIA Desktop Server

.

1719

UDP

Outgoing

Mandatory

SCOPIA ECS Gatekeeper

«
...
19
20
21
22
23
...
»

Summary of Contents for Scopia Series

Page 1: ...RADVISION Port Security Reference Guide Version 7 6 ...

Page 2: ...ed in this guide is made either by RADVISION Ltd or its agents RADVISION Ltd reserves the right to revise this publication and make changes without obligation to notify any person of such revisions or changes RADVISION Ltd may make improvements or changes in the product s and or the program s described in this documentation at any time If there is any software on removable media described in this ...

Page 3: ...rt on the firewall The following SCOPIA Solution products are described in this document SCOPIA Elite MCU page 4 SCOPIA Video Gateway for Microsoft Lync page 8 SCOPIA ECS Gatekeeper page 9 SCOPIA iVIEW Management Suite page 12 SCOPIA PathFinder page 15 SCOPIA Desktop page 21 SCOPIA XT Desktop Server page 26 SCOPIA XT1000 page 28 SCOPIA VC240 page 30 SCOPIA Gateway page 32 3G Gateway page 34 SCOPIA...

Page 4: ... user interfaces In Cannot administer MCU Web client Used for software upgrade 161 SNMP UDP Configuration and status In Cannot configure or check the status of the MCU via SNMP iVIEW Network Manager iVIEW Management Suite or any other SNMP manager station 162 SNMP UDP SNMP Trap events Out Cannot receive Traps iVIEW Network Manager iVIEW Management Suite or any other SNMP manager station 443 HTTPS ...

Page 5: ...336 XML TCP MCU version 3 XML API Both Cannot use MCU Conference Control web user interface Cannot use version 3 XML API to control MCU Conference Control web client terminal iVIEW Management Suite or third party controlling applications 3337 XML TCP MCU version 3 Cascading XML API Both Cannot cascade between two MCUs Other MCUs 3338 XML TCP Administration XML API Both Cannot be blocked 5060 confi...

Page 6: ...media enabled entity Every call uses two audio ports and six video ports For highly utilized systems above 90 we recommend multiplying by a factor of 1 5 Using its full capacity the SCOPIA Elite 5100 Series MCU uses 180 ports for audio and 540 ports for video To configure the video base port use the MCU Advanced Commands section Enter the command advcmdmpcsetval with the parameter mf BasePort to s...

Page 7: ...setval with the parameter mf BasePort to set the lower port value 16384 16984 configure within this range RTP RTCP UDP RTP RTCP audio media upper blade only Both Cannot transmit receive audio media streams Any H 323 or SIP media enabled entity Every call uses two audio ports and six video ports For highly utilized systems above 90 we recommend multiplying the number of ports required by a factor o...

Page 8: ...nc Web client 162 SNMP UDP SNMP Trap events Out Cannot receive Traps iVIEW Network Manager iVIEW Management Suite or any other SNMP manager station 1024 1174 configurable H 245 TCP H 245 signaling Both Cannot connect H 323 calls Any H 323 entity 1719 configurable RAS UDP RAS signaling Both Cannot communicate with H 323 gatekeeper H 323 gatekeeper 1720 configurable Q 931 TCP Q 931 signaling Both Ca...

Page 9: ...king Port on Firewall Description 21 FTP TCP File Transfer Protocol for offline viewing of ECS logs and CDRs Both Cannot view logs or retrieve CDR files FTP client CDR server 80 configure via webs ini file HTTP TCP Web interface Both Cannot view ECS web user interface Web client terminal 161 SNMP UDP Configuration and status Both Cannot configure or check the status of the ECS iVIEW Network Manage...

Page 10: ...key of type REG_SZ called PortMax Give it the value of the highest port number ECS should use 6 Restart ECS There may be other applications on the same computer which altered the global maximum port for all processes running on that Windows PC Verify this global maximum is unchanged in the HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters MaxUserPort registry key If this key is...

Page 11: ... Port on Firewall Description Table 1 7 ECS outgoing ports connections Port Range Protocol Functionality Direction Result of Blocking Port on Firewall Description 23 Telnet TCP Control of Sony endpoints Out No control over endpoints Sony endpoint 53 DNS TCP Query DNS for domains per call Out DNS disabled DNS server 162 configurable SNMP UDP SNMP Trap events Out No traps are sent To iVIEW Network M...

Page 12: ...ess book feature Cannot retrieve logs from some devices such as MCM 24 Telnet TCP Polycom endpoint control Optional Out Disables Polycom endpoint control 25 TCP Connect SMTP server for sending email notifications Out iVIEW Management Suite cannot send email notifications 53 UDP DNS query Out Cannot parse domain name 80 configurable HTTP TCP In iVIEW Management Suite web interface When installing t...

Page 13: ...VIEW Management Suite XML API Out iVIEW Management Suite XML cannot communicate with the B2BUA component 3340 TCP TLS Connection to SCOPIA Desktop Out SCOPIA Desktop cannot use iVIEW Management Suite to place or manage calls 3341 TCP This port is used only when iVIEW Management Suite needs to integrate with the IBM Sametime IBM Sametime application uses this port to connect to iVIEW Management Sui...

Page 14: ...is port defaults to 80 In 8089 XML TCP SCOPIA PathFinder Server XML API port for connecting to SCOPIA PathFinder Server v7 0 and later Optional Out 11098 11099 TCP Required by the JBoss application server for correct JBoss operation Both The port is not connected from a remote host it is used by iVIEW Management Suite locally iVIEW Management Suite cannot function if the port is occupied by anothe...

Page 15: ...built in H 460 functionality thereby avoiding the need for a SCOPIA PathFinder Client If an H 323 endpoint located in a partner company does not have H 460 capabilities it must communicate via the SCOPIA PathFinder Client to access the SCOPIA PathFinder Server in the DMZ Figure 1 1 on page 15 Note There must be no firewall between the H 323 endpoint entity and the SCOPIA PathFinder Client An H 323...

Page 16: ...atekeeper 2776 UDP H 460 19 Multiplex Media Channel Client to SCOPIA PathFinder Server H 460 18 endpoints cannot set up logical channels media exchange of calls which traverse the firewall using H 460 18 and H 460 19 cannot function when using multiplexing H 460 18 endpoint H 460 18 client gatekeeper 2777 TCP H 460 18 and H 460 19 Call Control Client to SCOPIA PathFinder Server H 460 18 endpoints ...

Page 17: ...endpoints Any H 323 entity using a Q 931 signaling in DPA mode 4000 5000 configure within this range TCP UDP Direct Public Access DPA for H 323 call signaling control and media traversal ExternalH 323 gatekeeper or endpoint to SCOPIA PathFinder Server Cannot setup connect DPA mode calls The approximate number of ports required is the number of simultaneous DPA calls multipled by 10 The multiplicat...

Page 18: ... SCOPIA PathFinder Server Port Range Protocol Functionality Direction Result of Blocking Port on Firewall Recipient Client or Server Type 53 DNS UDP Query DNS for domain per call SCOPIA PathFinder Server to another server Cannot support domain name calls and dialing by URI DNS server 1719 configurable RAS UDP Communication with gatekeeper SCOPIA PathFinder Server to the main gatekeeper Cannot rela...

Page 19: ... signaling and call control SCOPIA PathFinder Server to H 323 entity Cannot setup connect DPA mode calls with external SCOPIA PathFinder Server The approximate number of ports required is the number of simultaneous DPA calls multipled by 10 The multiplication factor is lower for audio only calls higher for calls with dual video We recommend using 10 as an approximation To configure the port range ...

Page 20: ...ient Port Range Protocol Functionality Direction Result of Blocking Port on Firewall Recipient Client or Server Type 3089 TCP and UDP PathFinder tunneling service SCOPIAPathFinder Client to Server SCOPIA PathFinder Client cannot connect to the SCOPIA PathFinder Server Legacy H 323 endpoints behind the SCOPIA PathFinder Client cannot call external endpoints PathFinder Server 3478 STUN UDP STUN Bind...

Page 21: ...to the internal network Port Range Protocol Direction Severity Functionality 80 TCP Incoming Optional Used to access the SCOPIA Desktop Server web portal via a web browser The alternative is to configure the GUI to run on port 443 137 138 UDP Outgoing Recommended for performing Active Directory authentication From SCOPIA Desktop to Active Directory in order to do auto discovery and authentication ...

Page 22: ...eployments where the SCOPIA Desktop Server works in conjunction with the MCU only this port range is used for establishing connection from the SCOPIA Desktop Server to MCU In deployments where the SCOPIA Desktop Server works in conjunction with the iVIEW Management Suite this port range is used for establishing connection from the SCOPIA Desktop Server to ECS To edit this range 1 Navigate to C Pro...

Page 23: ...the internal network Port Range Protocol Direction Severity Functionality Table 1 13 Ports to and from the SCOPIA Desktop Server connected to the public internet Port Range Protocol Direction Severity Functionality 80 TCP Incoming Optional GUI access The alternative is to configure the GUI to run on port 443 443 TCP Incoming Mandatory Control connection between the SCOPIA Desktop Client and SCOPIA...

Page 24: ...rough the SCOPIA Desktop Server Table 1 15 STUN Server port required for access by SCOPIA Desktop Client Port Range Protocol Direction Severity Functionality 3478 UDP Incoming Optional The STUN access is for the SCOPIA Desktop Client to communicate with the STUN Server To acquire the true SIP PTP open the UDP ports 10000 65535 6972 65535 3478 If the UDP ports are not open the SCOPIA Desktop Client...

Page 25: ...fic through standard HTTP Some firewalls may inspect traffic on port 80 and not allow the tunneled RTSP RTP on that port We therefore recommend using the QuickTime standard port 7070 as the alternate TCP port for HTTP tunneling This is configured in the streaming server by default as long as you specify the port as part of the streaming server virtual address in the Streaming section of the SCOPIA...

Page 26: ...To edit this range 1 Navigate to C Program Files Radvision SCOPIA Desktop ConfSrv 2 Edit the file config val 3 Locate the 1 system section At the bottom of that section add two lines 2 portFrom lowest range limt and 2 portTo highest range limit 10000 65535 configure within this range UDP Both Recommended Media connection between the SCOPIA Desktop XT Server and Client If not open the connection wi...

Page 27: ...e tunneled via TCP port 443 and performance will not be optimal At full capacity the SCOPIA XT1009 requires 76 ports Limit the range of the of the multimedia ports in the SCOPIA Desktop XT Server Administrator web interface by naviagting to Client Settings tab Multimedia Ports Table 1 18 Ports to and from the SCOPIA Desktop XT Server connected to the public internet Port Range Protocol Direction S...

Page 28: ...cannot send SNMP events Interface to iVIEW Network Manager or any other SNMP manager station 1718 H 225 0 RAS UDP H 323 call signaling to a GK for Gatekeeper Automatic Discovery procedure Out to the multicast IP address 224 0 0 41 all GK The H 323 endpoint cannot automatically discover a gatekeeper only manual configuration available The H 323 endpoint can automatically discover a gatekeeper 1719 ...

Page 29: ...nnot discover the presence of a firewall or NAT only manual configuration available Discover the presence of a firewall or NAT and the public IP address The range can be modified by the user interface 5060 SIP TCP SIP call signaling Both Cannot connect SIP calls over TCP Common SIP service port 5060 SIP UDP SIP call signaling Both Cannot connect SIP calls over UDP Common SIP service port 5070 BFCP...

Page 30: ...ver 80 HTTP TCP Open APIs and remote software uprades either via the web interface or via iVIEW Management Suite Both Web server and open APIs do not function Web based software upgrades will not function Web application or open API based application 161 UDP SNMP Configuration and status In Cannot configure or check the status of the terminal via SNMP SCOPIA iVIEW Network Manager iVIEW Management ...

Page 31: ...e does not communicate with the unit Internal use 5060 TCP UDP SIP SIP signaling Both Cannot connect SIP calls Any SIP entity 3230 3251 configurable UDP RTP RTCP RTP media Both Cannot transmit receive media streams Any H 323 or SIP media enabled entity Configure these ports on the SCOPIA VC240 by navigating to Setup Network Port Configuration Table 1 20 Ports supported by SCOPIA VC240 continued Po...

Page 32: ...99 H 245 TCP H 245 Both No H 245 H 323 entity 1503 TCP T 120 data collaboration Both Cannot establish a T 120 connection to from the Gateway Any T 120 endpoint 1619 RAS UDP IVR RAS receiving Gatekeeper notifications Both No RAS capabilities Gatekeeper 1620 Q 931 TCP IVR Q 931 Both No signaling capabilities H 323 entity 1719 RAS UDP RAS receiving Gatekeeper notifications Both No RAS capabilities Ga...

Page 33: ...ports Incoming connections continued Port Range Protocol Functionality Direction Result of Blocking Port on Firewall Description Table 1 22 SCOPIA Gateway supported ports Outgoing Connections Port Range Protocol Functionality Direction Result of Blocking Port on Firewall Description 162 SNMP traps UDP Sending traps to server Outgoing Cannot send traps Gateway 1719 RAS UDP RAS sending RRQ ARQ messa...

Page 34: ...vents Out Cannot receive Traps iVIEW Network Manager iVIEW Management Suite or any other SNMP manager station 443 HTTPS TCP in use Secure web interface Both Cannot administer the Gateway 1024 4999 H 245 TCP in use H 245 signaling TCP connection to the SIU Both Cannot connect H 323 calls no connection to SIU Any H 323 entity 1719 configurable RAS UDP RAS signaling Both Cannot communicate with H 323...

Page 35: ...tion Table 1 25 MVP M II supported Ports Port Range Protocol Functionality Direction Result of Blocking Port on Firewall Description 21 FTP TCP Software upgrade and video stream recording Both Cannot upgrade version Upgrade Utility 23 Telnet TCP MVP M II online log Both Cannot view logs Telnet client 161 SNMP UDP Configuration and status Both Cannot configure or check the status of the Gateway via...

Page 36: ...IEW Network Manager iVIEW Management Suite or any other SNMP manager station 162 SNMP UDP SNMP Trap events Out Cannot receive Traps iVIEW Network Manager iVIEW Management Suite or any other SNMP manager station 443 HTTPS TCP Secure web interface Both Cannot administer MCU 1024 4999 H 245 TCP H 245 signaling Both Cannot connect H 323 calls Any H 323 entity 1719 configurable RAS UDP RAS signaling Bo...

Page 37: ...edia enabled entity 10000 11000 configurable RTP RTCP UDP RTP media Both Cannot transmit receive media stream Any H 323 or SIP media enabled entity Table 1 26 Ports Supported by SCOPIA MCU Port Protocol Use Functionality Direction Result of Blocking Port on Firewall Description Table 1 27 SCOPIA MCU Security Modes Security Mode Telnet FTP SNMP ICMP ping Standard Active Active Active Active High In...

Page 38: ...h Cannot work with different fonts Font client software 10000 10575 configurable from version 2 5 RTP RTCP UDP RTP RTCP media Both Cannot transmit receive media stream Any RTP RTCP media enabled entity Table 1 28 MVP supported Ports continued Port Protocol Use Functionality Direction Result of Blocking Port on Firewall Description ...

Page 39: ...nd wireless for high definition video conferencing systems innovative converged mobile services and highly scalable video enabled desktop platforms on IP 3G and emerging next generation networks For more information about RADVISION visit www radvision com This document is not part of a contract of license as may be expressly agreed RADVISION is registered trademarks of RADVISION Ltd All trademarks...

Reviews:

No comments

Related manuals for Scopia Series

Brand: Samsung Pages: 22

Brand: Daewoo Pages: 35

Brand: Autotrol Pages: 8

Brand: Vansco Pages: 11

65 41 2 163 268

Brand: BMW Pages: 16

SmartShop Maker

Brand: Laguna Tools Pages: 70

Brand: Chamberlain Pages: 28

Brand: Aritech Pages: 28

Brand: JVC Pages: 62

Brand: Curtis Pages: 11

Brand: Boss Audio Systems Pages: 22

Brand: Raven Pages: 50

Brand: Philips Pages: 1

Brand: Philips Pages: 1

Brand: Philips Pages: 1

Brand: Philips Pages: 1

Brand: Philips Pages: 1

Brand: Philips Pages: 1

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands