Samsung SyncMaster VC240 User manual
RADVISION Port Security
Reference Guide
Version 7.6
| 2
RADVISION | Reference Guide for RADVISION Port Security Version 7.6
© 2000-2011 RADVISION Ltd. All intellectual property rights in this publication are owned by RADVISION Ltd. and are
protected by United States copyright laws, other applicable copyright laws and international treaty provisions.
RADVISION Ltd. retains all rights not expressly granted.
All product and company names herein may be trademarks of their registered owners.
This publication is RADVISION confidential. No part of this publication may be reproduced in any form whatsoever or used
to make any derivative work without prior written approval by RADVISION Ltd.
Norepresentationofwarrantiesforfitnessforanypurposeotherthanwhatisspecificallymentioned in this guide is made
either by RADVISION Ltd. or its agents.
RADVISION Ltd. reserves the right to revise this publication and make changes without obligation to notify any person of
such revisions or changes. RADVISION Ltd. may make improvements or changes in the product(s) and/or the program(s)
described in this documentation at any time.
If there is any software on removable media described in this publication, it is furnished under a license agreement
included with the product as a separate document. If you are unable to locate a copy, please contact RADVISION Ltd.
and a copy will be provided to you.
Unless otherwise indicated, RADVISION registered trademarks are registered in the United States and other territories.
All registered trademarks recognized.
For further information contact RADVISION or your local distributor or reseller.
Reference Guide for RADVISION Port Security Version 7.6, March 2011
http://www.radvision.com
1
| 3RADVISION |Reference Guide forRADVISION Port Security Version 7.6
Port Security Reference Guide
This document details the use of TCP/IP/UDP ports throughout the SCOPIA Solution, organized by
product name.
Each port entry includes a description of the protocol used by the specific port, the role that the
port serves, the direction of traffic through the port (in, out or both), and the results of blocking
the port on the firewall.
The following SCOPIA Solution products are described in this document:
•SCOPIA Elite MCU ............................................................................... page 4
•SCOPIA Video Gateway for Microsoft Lync .................................................. page 8
•SCOPIA ECS Gatekeeper........................................................................ page 9
•SCOPIA iVIEW Management Suite............................................................ page 12
•SCOPIA PathFinder............................................................................. page 15
•SCOPIA Desktop ................................................................................ page 21
•SCOPIA XT Desktop Server.................................................................... page 26
•SCOPIA XT1000 ................................................................................. page 28
•SCOPIA VC240................................................................................... page 30
•SCOPIA Gateway................................................................................ page 32
•3G Gateway..................................................................................... page 34
•SCOPIA MCU..................................................................................... page 36
This document does not include details of ports required by additional servers such as LDAP, SQL,
or Oracle servers. Always check which ports your back-end servers require and open only these
ports.
| 4
RADVISION | RADVISION Port Security Reference Guide
SCOPIA Elite MCU
SCOPIA Elite MCU 5000 Series
Table 1-1 lists the ports supported by all the models in the SCOPIA Elite MCU 5000 Series,including
SCOPIA Elite 5100 Series MCU and SCOPIA Elite 5200 Series MCU.
Table 1-1 Ports Supported by SCOPIA Elite MCU 5000 Series
Port Range Protocol Functionality Direction Result of Blocking Port
on Firewall Description
21 FTP (TCP) Audio stream recording In Cannot record audio
streams FTP Server
22 SSH (TCP) MCU In Cannot view logs in real
time (logs are collected
on the compact flash
card)
SSH Client
80
(configurable) HTTP (TCP) MCUAdministratorand
Conference Control
web user interfaces
In Cannot administer MCU Web client
Used for software
upgrade
161 SNMP (UDP) Configuration and
status In Cannot configure or
check the status of the
MCU via SNMP
iVIEW Network Manager,
iVIEW Management Suite
or any other SNMP
manager station
162 SNMP (UDP) SNMP Trap events Out Cannot receive Traps iVIEW Network Manager,
iVIEW Management Suite
or any other SNMP
manager station
443 HTTPS (TCP) Secure web interface In Cannot administer MCU
1024-1324
(configure
within this
range)
H.245 (TCP) H.245 signaling Both Cannot connect H.323
calls Any H.323 entity.
The SCOPIA Elite 5100
Series MCU uses 90 ports
for H.245, while the
SCOPIA Elite 5200 Series
MCU uses 180 ports.
To configure, use the
MCU Advanced
Commands section.
Enter the command
h245baseport to set the
lower port value, and
h245portrangetospecify
the number of ports
above the base port to be
used.
| 5
RADVISION | RADVISION Port Security Reference Guide
In addition to the ports listed in Table 1-1, the SCOPIA Elite MCU offers configurable security
access levels enabling and disabling Telnet, FTP, SNMP and ICMP (ping) services. The security
settings are accessed in the MCU from Configuration > Setup > Security and entering the
Security Mode. Table 1-2 details the implications of each security mode on each communication
type.
1719
(configurable) RAS (UDP) RAS signaling Out Cannot communicate
with H.323 gatekeeper H.323 gatekeeper
1720
(configurable) Q.931 (TCP) Q.931 signaling Both Cannot connect H.323
calls Any H.323 entity
3336 XML (TCP) MCU version 3 XML API Both Cannot use MCU
ConferenceControlweb
user interface. Cannot
use version 3 XML API to
control MCU
Conference Control web
client terminal, iVIEW
Management Suite or
third-party controlling
applications
3337 XML (TCP) MCU version 3
Cascading XML API Both Cannot cascade
between two MCUs Other MCUs
3338 XML (TCP) Administration XML API Both Cannot be blocked
5060
(configurable) SIP
(TCP/UDP) SIP signaling Both Cannot connect SIP calls Any SIP entities
Table 1-1 Ports Supported by SCOPIA Elite MCU 5000 Series
Port Range Protocol Functionality Direction Result of Blocking Port
on Firewall Description
Table 1-2 MCU Security Mode
Security Mode Telnet FTP SNMP ICMP (ping)
Standard Active Active Active Active
High Inactive Inactive Active Active
Maximum Inactive Inactive Inactive Inactive
| 6
RADVISION | RADVISION Port Security Reference Guide
Ports specific to the SCOPIA Elite 5100 Series MCU
Table 1-3 lists the ports specific to the SCOPIA Elite 5100 Series MCU.
Ports Specific to the SCOPIA Elite 5200 Series MCU
Table 1-4 lists the ports supported by the SCOPIA Elite 5200 Series MCU.
Table 1-3 Ports supported by SCOPIA Elite 5100 Series MCU
Port Range Protocol Functionality Direction Results of
blocking port
on firewall
Description
12000-13200
16384-16984
(configure
within these
ranges)
RTP/RTCP
(UDP) RTP video and
audio media Both Cannot
transmit/recei
vevideomedia
streams
Any H.323 or SIP media enabled entity.
Every call uses two audio ports and six
video ports. For highly utilized systems
(above 90%), we recommend multiplying
by a factor of 1.5. Using its full capacity,
the SCOPIA Elite 5100 SeriesMCUuses 180
ports for audio and 540 ports for video.
To configure the video base port, use the
MCUAdvanced Commands section.Enter
thecommand advcmdmpcsetval withthe
parameter mf.BasePort to set the lower
port value.
To configure the audio base port, use the
MCUAdvanced Commands section.Enter
the command setmprtpbaseport to set
the lower port value.
Table 1-4 Ports supported by SCOPIA Elite 5200 Series MCU
Port Range Protocol Functionality Direction Result of
Blocking Port
on Firewall
Description
22 SSH (TCP) MCU In Cannot view
logs in real
time (logs are
collected on
the compact
flash card)
SSH Client
| 7
RADVISION | RADVISION Port Security Reference Guide
12000-13200
(configure
within this
range)
RTP/RTCP (UDP) RTP/RTCP video
media - lower
blade only
Both Cannot
transmit /
receive video
media
streams
Any RTP/RTCP media enabled entity.
Every call uses two audio ports and six
video ports. For highly utilized
systems (above 90%), we recommend
multiplying the number of ports
required by a factor of 1.5.
At full capacity, the SCOPIA Elite 5200
Series MCU uses 1180 ports for video.
To configure the video base port, use
the MCU Advanced Commands
section. Enter the command
advcmdmpcsetval with the
parameter mf.BasePort to set the
lower port value.
16384-16984
(configure
within this
range)
RTP/RTCP (UDP) RTP/RTCP audio
media - upper
blade only
Both Cannot
transmit /
receive audio
media
streams
Any H.323 or SIP media-enabled
entity.
Every call uses two audio ports and six
video ports. For highly utilized
systems (above 90%), we recommend
multiplying the number of ports
required by a factor of 1.5.
At full capacity, the SCOPIA Elite 5200
Series MCU uses 360 ports for video.
To configure the audio base port, use
the MCU Advanced Commands
section. Enter the command
setmprtpbaseport to set the lower
port value.
Table 1-4 Ports supported by SCOPIA Elite 5200 Series MCU
Port Range Protocol Functionality Direction Result of
Blocking Port
on Firewall
Description
| 8
RADVISION | RADVISION Port Security Reference Guide
SCOPIA Video Gateway for Microsoft Lync
Table 1-5 lists the ports supported by SCOPIA Video Gateway for Microsoft Lync.
Table 1-5 Ports supported by SCOPIA Video Gateway for Microsoft Lync
Port Protocol/Use Functionality Direction Result of Blocking
Port on Firewall Description
21 FTP (TCP) Audio stream recording In Cannot record
audio streams FTP Server. Note that this
feature is disabled by
default.
22 SSH (TCP) Logs for the SCOPIA
Video Gateway for
Microsoft Lync
In Cannot view logs in
real time (logs are
collected on the
compact flash
card)
SSH Client
80
(configurable) HTTP (TCP) Application upgrade
and upload customer
support information
In Cannot upgrade
the SCOPIA Video
Gateway for
Microsoft Lync
Web client
162 SNMP (UDP) SNMP Trap events Out Cannot receive
Traps iVIEW Network Manager,
iVIEW Management Suite
or any other SNMP
manager station
1024-1174
(configurable) H.245 (TCP) H.245 signaling Both Cannot connect
H.323 calls Any H.323 entity
1719
(configurable) RAS (UDP) RAS signaling Both Cannot
communicate with
H.323 gatekeeper
H.323 gatekeeper
1720
(configurable) Q.931 (TCP) Q.931 signaling Both Cannot connect
H.323 calls Any H.323 entity
3336 XML (TCP) Management XML API Both Cannot be blocked iVIEW Management Suite
3338 XML (TCP) Administration XML API Both Cannot be blocked
5060, 5061
(configurable) SIP (TCP/UDP) SIP signaling Both Cannot connect SIP
calls Any SIP entities
12000-13200
(configurable) RTP/RTCP RTP video media Both Cannot
transmit/receive
video media
streams
Any H.323 or SIP media
enabled entity
16384-16984
(configurable) RTP/RTCP
(UDP) RTP audio media Both Cannot
transmit/receive
audio media
streams
Any H.323 or SIP media
enabled entity
| 9
RADVISION | RADVISION Port Security Reference Guide
SCOPIA ECS Gatekeeper
Table 1-6 and Table 1-7 list the ports supported by the ECS.
Table 1-6 ECS incoming port connections
Port Range Protocol Functionality Direction Result of
Blocking Port
on Firewall
Description
21 FTP (TCP) File Transfer
Protocol for
offline viewing
of ECS logs and
CDRs
Both Cannot view
logs or
retrieve CDR
files
FTP client/CDR server
80 (configure
via webs.ini
file)
HTTP (TCP) Web interface Both Cannot view
ECS web user
interface
Web client terminal
161 SNMP (UDP) Configuration
and status Both Cannot
configure or
check the
status of the
ECS
iVIEW Network Manager, or any other SNMP
manager station
| 10
RADVISION | RADVISION Port Security Reference Guide
1024-5000
(configure
within that
range in the
Windows
registry)
H.245 (TCP) H.245 routed
calls Both No H.245
(except in
Q.931 routed
and direct
mode)
Any H.323 entity H.245 port
The number of ports ECS needs for this
purpose is the maximum calls allowed by
your license multiplied by four.
To limit ECS’s use of ports within the range
of 1024-5000:
1. Close ECS.
2. Open the registry.
3. Navigate to HKEY_LOCAL_MACHINE\
SOFTWARE\RADVISION\
Enhanced Communication Server\
Storage\Config\Stack
4. Create a new key of type REG_SZ called
PortMin. Give it the value of the
minimum port number ECS should use.
5. Create a new key of type REG_SZ called
PortMax. Give it the value of the
highest port number ECS should use.
6. Restart ECS.
There may be other applications on the
same computer which altered the global
maximum port for all processes running on
that Windows PC. Verify this global
maximum is unchanged in the
HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Services\
Tcpip\Parameters\MaxUserPort registry
key. If this key is not defined, its default
value is 5000.
1719 RAS (UDP) RAS Both No RAS
capabilities Any H.323 entity using RAS signaling
1720 Q.931 (TCP) Q.931 routed
calls Both No signaling
capabilities
(except in
direct mode)
Any H.323 entity using Q.931 signaling
3271 ECS XML Incoming XML
connection Both No incoming
XML
connection
XML server
Table 1-6 ECS incoming port connections
Port Range Protocol Functionality Direction Result of
Blocking Port
on Firewall
Description
| 11
RADVISION | RADVISION Port Security Reference Guide
12378
(configurable) Alternate
Gatekeeper
protocol
Synchronizatio
n and
negotiation
between
Alternate
Gatekeepers
Both No Alternate
Gatekeeper
functionality
Alternate Gatekeeper
Table 1-6 ECS incoming port connections
Port Range Protocol Functionality Direction Result of
Blocking Port
on Firewall
Description
Table 1-7 ECS outgoing ports connections
Port Range Protocol Functionality Direction Result of Blocking
Port on Firewall Description
23 Telnet (TCP) Control of Sony
endpoints Out No control over
endpoints Sony endpoint
53 DNS (TCP) Query DNS for domains
per call Out DNS disabled DNS server
162
(configurable) SNMP (UDP) SNMP Trap events Out No traps are sent To iVIEW Network Manager,
or to any other SNMP
manager station
1719 RAS (UDP) Sending LRQ messages to
Neighbor Gatekeepers Both No RAS Neighbor Gatekeepers
| 12
RADVISION | RADVISION Port Security Reference Guide
SCOPIA iVIEW Management Suite
Table 1-8 lists the ports supported by iVIEW Management Suite.
Table 1-8 Ports supported by iVIEW Management Suite
Port Range Protocol Functionality Direction Result of Blocking Port on Firewall
7 TCP Detects online status of video
network devices. Mandatory. Out
21 TCP Downloading logs from ECS or
from other devices which
allow logs to be downloaded
via FTP
Importing and Exporting
TANDBERG Local Address Book
Upgrading software
Out
22 TCP Detecting LifeSize endpoints
Downloading PathFinder
Server logs
Detecting and managing
SCOPIA VC240
Out
23 Telnet (TCP) Sony PCS address book,
elementlogs,MCMcontroland
endpoint control.
Both iVIEW Management Suite cannot use Sony
PCS address book feature. Cannot retrieve
logs from some devices such as MCM.
24 Telnet (TCP) Polycom endpoint control.
Optional. Out Disables Polycom endpoint control.
25 TCP Connect SMTP server for
sending email notifications Out iVIEW Management Suite cannot send
email notifications.
53 UDP DNS query Out Cannot parse domain name
80
(configurable) HTTP (TCP) In: iVIEW Management Suite
webinterface.Wheninstalling
the Bundle version with the
gatekeeper, this port defaults
to 8080.
Out: iVIEW Management Suite
web interface and TANDBERG
MXP management (XML API via
HTTP)
Both Cannot view iVIEW Management Suite web
interface.
161 SNMP SNMP configuration to any
managed element Both iVIEW Management Suite cannot operate
the SNMP service with devices, and
forward trap events do not function.
162 SNMP SNMP Trap events: from any
managed element to any
third-party SNMP manager
Both iVIEW Management Suite cannot operate
the SNMP service with devices, and
forward trap events do not function.
| 13
RADVISION | RADVISION Port Security Reference Guide
389 TCP LDAP servers communication Both iVIEW Management Suite cannot work with
DLAP Servers
443 TCP Tomcat/JBoss SSL In iVIEW Management Suite cannot view
iVIEW Management Suite web interface via
HTTPS
445 TCP/UDP ConnectiontoActiveDirectory
Server Out NTLM SSO does not work
636 LDAP over
SSL Connection to Directory Server Out iVIEW Management Suite cannot connect
to the Directory Server.
3089 TCP EndpointdetectionviaSCOPIA
PathFinder Out
3336 TCP Communication to the MCU
and XMPP server Both Cannot communicate with the MCU and
cannot authenticate users from
XMPP/SCOPIA Desktop Contact List
3336 XML (TCP) MCU XML API port for
connecting to MCU v4.0 and
later. Optional.
Out
3338 TCP Communication to SCOPIA
Video Gateway for Microsoft
Lync
Out Cannotremotelymanagethe SCOPIA Video
Gateway for Microsoft Lync configuration.
3339 TCP iVIEW Management Suite XML
API Out iVIEW Management Suite XML cannot
communicate with the B2BUA component
3340 TCP/TLS Connection to SCOPIA Desktop Out SCOPIA Desktop cannot use iVIEW
Management Suite to place or manage calls
3341 TCP This port is used only when
iVIEW Management Suite
needs to integrate with the
IBM Sametime.
IBMSametimeapplicationuses
this port to connect to iVIEW
Management Suite.
In iVIEW Management Suite cannot work with
IBM Sametime.
3344 TCP/UDP Synchronizationofobjectdata
between multiple iVIEW
Management Suite
installations. Only used in
distributed environments.
Both iVIEWManagement Suite cannotoperatein
a distributed deployment.
4444, 4445 TCP Required by the JBoss
application server for correct
JBoss operation.
Both iVIEW Management Suite’s underlying
application server will not function
properly.
5060 SIP
(TCP/UDP) SIP signaling In Cannot connect SIP calls
5061 TLS SIP signaling Both No TLS connection will be available.
Table 1-8 Ports supported by iVIEW Management Suite (continued)
Port Range Protocol Functionality Direction Result of Blocking Port on Firewall
| 14
RADVISION | RADVISION Port Security Reference Guide
7800-7802
Configurable TCP Used for iVIEW Management
Suite redundant deployments,
for master/slave data
synchronization
Both Redundancy functionality is not available.
8011 TCP Provides web interface for
internal ECS Both iVIEW Management Suite client cannot
access internal ECS web.
8080 HTTP (TCP) SCOPIA PathFinder Server web
interface. Optional. Out Cannot remotely access the SCOPIA
PathFinder Server web interface from
iVIEW Management Suite.
8080 HTTP (TCP) iVIEW Management Suite web
user interface.
Wheninstallingthestandalone
version, this port defaults to
80.
In
8089 XML (TCP) SCOPIA PathFinder Server XML
API port for connecting to
SCOPIAPathFinder Server v7.0
and later. Optional.
Out
11098/11099 TCP Required by the JBoss
application server for correct
JBoss operation.
Both The port is not connected from a remote
host; it is used by iVIEW Management Suite
locally.
iVIEWManagementSuitecannotfunctionif
the port is occupied by another
application.
50000 Telnet (TCP) Sony endpoint control.
Optional. Out
55003 TCP SCOPIA XT1000 Out
63148 DIIOP Only used when iVIEW
Management Suite works with
Domino Server
Out The Domino Server may not be connected
with iVIEW Management Suite successfully.
Table 1-8 Ports supported by iVIEW Management Suite (continued)
Port Range Protocol Functionality Direction Result of Blocking Port on Firewall
| 15
RADVISION | RADVISION Port Security Reference Guide
SCOPIA PathFinder
SCOPIA PathFinder is SCOPIA Solution’s answer to firewall traversal. The SCOPIA PathFinder
Server is an H.460 server, usually located in the DMZ, while the SCOPIA PathFinder Client is an
H.460 client, typically located outside the enterprise firewall with the H.323 endpoint (Figure 1-1
on page 15).
Many recent H.323 endpoints have built-in H.460 functionality, thereby avoiding the need for a
SCOPIA PathFinder Client.
If an H.323 endpoint located in a partner company does not have H.460 capabilities, it must
communicate via the SCOPIA PathFinder Client to access the SCOPIA PathFinder Server in the DMZ
(Figure 1-1 on page 15).
Note: There must be no firewall between the H.323 endpoint (entity) and the SCOPIA PathFinder Client.
An H.323 endpoint in the public domain can also directly dial the SCOPIA PathFinder Server using
direct port access (ports 4000-5000 in the tables below).
Figure 1-1 H.323 connections to SCOPIA PathFinder Server
| 16
RADVISION | RADVISION Port Security Reference Guide
SCOPIA PathFinder Server
Table 1-9 lists the inbound ports supported by SCOPIA PathFinder Server.
Table 1-9 Inbound ports supported by SCOPIA PathFinder Server
Port Range Protocol Functionality Direction Result of Blocking Port on
Firewall Recipient Client or
Server Type
22 SSH/SFTP
(TCP) Initial
configuration, log
download and
upgrade
Client to
SCOPIA
PathFinder
Server
Cannot initialize the server,
download log and upgrade
the server.
SSH client terminal
1719 UDP H.460.18 RAS Client to
SCOPIA
PathFinder
Server
H.460.18 endpoints cannot
register through Pathfinder
server, firewall traversal
function based on H.460.18
and H.460.19 cannot
function.
H.460.18 endpoint/
H.460.18 client
gatekeeper
2776 TCP H.460.18 Call
Signaling Client to
SCOPIA
PathFinder
Server
H.460.18 endpoints cannot
register through Pathfinder
server.
H.460.18 endpoint/
H.460.18 client
gatekeeper
2776 UDP H.460.19 Multiplex
Media Channel Client to
SCOPIA
PathFinder
Server
H.460.18 endpoints cannot
set up logical channels,
media exchange of calls
which traverse the firewall
using H.460.18 and H.460.19
cannot function when using
multiplexing.
H.460.18 endpoint/
H.460.18 client
gatekeeper
2777 TCP H.460.18 and
H.460.19 Call
Control
Client to
SCOPIA
PathFinder
Server
H.460.18 endpoints cannot
set up Call Control channel,
firewall traversal function
based on H.460.18 and
H.460.19 cannot function.
H.460.18 endpoint/
H.460.18 client
gatekeeper
2777 UDP H.460.19 Multiplex
Media Control
Channel
Client to
SCOPIA
PathFinder
Server
H.460.18 endpoints cannot
set up logical channels,
media exchange of calls
which traverse the firewall
using H.460.18 and H.460.19
cannot function when using
multiplexing.
H.460.18 endpoint/
H.460.18 client
gatekeeper
3089 TCP Signaling and
media traversal Client to
SCOPIA
PathFinder
Server
SCOPIA PathFinder Client
cannot connect to SCOPIA
PathFinder Server. Legacy
H.323 endpoints behind the
SCOPIA PathFinder Client
cannot call external
endpoints.
SCOPIA PathFinder
Client
| 17
RADVISION | RADVISION Port Security Reference Guide
3089 UDP Media traversal Client to
SCOPIA
PathFinder
Server
Cannot use UDP to traverse
media; can only use TCP to
traverse media.
SCOPIA PathFinder
Client
8080 HTTP
(TCP) Web interface Client to
SCOPIA
PathFinder
Server
Cannot configure SCOPIA
PathFinder Server. Web client/browser
8089 XML (TCP) PathFinder version
7.0 XML API service Client to
SCOPIA
PathFinder
Server
The External Management
System cannot get SCOPIA
PathFinder Server status or
receive traps from SCOPIA
PathFinder Server.
XML API Client
1720 TCP, DPA IP call signaling ExternalH.323
endpoint to
SCOPIA
PathFinder
Server
No signaling capabilities:
guest users cannot dial into
internal endpoints
Any H.323 entity using a
Q.931 signaling in DPA
mode
4000-5000
(configure
within this
range)
TCP, UDP Direct Public
Access (DPA) for
H.323 call
signaling, control
and media
traversal
ExternalH.323
gatekeeper or
endpoint to
SCOPIA
PathFinder
Server
Cannot setup/connect DPA
mode calls.
The approximate number of
ports required is the number
of simultaneous DPA calls
multipled by 10. The
multiplication factor is
lower for audio-only calls,
higher for calls with dual
video. We recommend using
10 as an approximation.
To configure the port range
on the SCOPIA PathFinder
Server:
1. Select Settings >
General.
2. Enable H.323 Direct
Access.
3. Enter the Port Range
numbers.
AnyH.323gatekeeperor
entity using a Q.931
signaling in DPA mode.
Table 1-9 Inbound ports supported by SCOPIA PathFinder Server
Port Range Protocol Functionality Direction Result of Blocking Port on
Firewall Recipient Client or
Server Type
| 18
RADVISION | RADVISION Port Security Reference Guide
Note: When an H.323 endpoint (or other H.323 entity) within the enterprise connects to the SCOPIA
PathFinder Server in the DMZ via the internal firewall (Figure 1-2 on page 18), you need to install
a SCOPIA PathFinder Client within the enterprise, or use H.460-enabled endpoints. Otherwise you
must open the internal firewall to the SCOPIA PathFinder Server (1024-65535).
Figure 1-2 Contacting SCOPIA PathFinder Server from within the enterprise
Table 1-10 lists the outbound ports supported by SCOPIA PathFinder Server.
Table 1-10 Outbound ports supported by SCOPIA PathFinder Server
Port Range Protocol Functionality Direction Result of Blocking Port on
Firewall Recipient Client
or Server Type
53 DNS (UDP) Query DNS for
domain per call SCOPIA
PathFinder
Server to
another server
Cannot support domain
name calls and dialing by
URI.
DNS server
1719
(configurable) RAS (UDP) Communication
with gatekeeper SCOPIA
PathFinder
Server to the
main
gatekeeper
Cannot relay H.323
communication. Gatekeeper
1720 TCP H.323 IP call
signaling SCOPIA
PathFinder
Server to
externalSCOPIA
PathFinder
Server
No signaling capabilities:
guest users cannot dial into
internal endpoints
Any H.323 entity
using a Q.931
signaling in DPA
mode
3089 TCP Neighbor server
signalingandmedia
connection
SCOPIA
PathFinder
Server to
another Server
Cannot connect to neighbor
server. PathFinder Server
| 19
RADVISION | RADVISION Port Security Reference Guide
Pathfinder Client
Note: You cannot have a firewall between the H.323 endpoint (or other H.323 entity) and the SCOPIA
PathFinder Client (see Figure 1-1 on page 15). If there is a firewall, you must open all the high
ports in both directions (1025-65535).
Table 1-11 lists the outbound ports supported by SCOPIA PathFinder Client, when the client
connects to the SCOPIA PathFinder Server.
3089 UDP Neighbor server
media connection SCOPIA
PathFinder
Server to
SCOPIA
PathFinder
Client
Cannot traverse media to
neighbor server using UDP. PathFinder Server
4000-5000
(configure
within this
range)
TCP, UDP Direct Public
Access for H.323
call media,
signaling and call
control
SCOPIA
PathFinder
Server to H.323
entity
Cannot setup/connect DPA
mode calls with external
SCOPIA PathFinder Server.
Theapproximatenumberof
ports required is the
number of simultaneous
DPA calls multipled by 10.
The multiplication factor is
lower for audio-only calls,
higher for calls with dual
video.Werecommendusing
10 as an approximation.
To configure the port range
on the SCOPIA PathFinder
Server:
1. Select Settings >
General.
2. Enable H.323 Direct
Access.
Enter the Port Range
numbers.
Any H.323 entity
using a Q.931
signaling in DPA
mode.
The recipient
H.323 entity
probably works
with ports outside
this range. Your
firewallruleshould
therefore specify
From4000-5000To
Any.
Table 1-10 Outbound ports supported by SCOPIA PathFinder Server
Port Range Protocol Functionality Direction Result of Blocking Port on
Firewall Recipient Client
or Server Type
| 20
RADVISION | RADVISION Port Security Reference Guide
Note: As mentioned above, if there is a firewall between the H.323 client and the SCOPIA PathFinder
Client, all ports must be opened in both directions (1024-65535). We therefore recommend no
firewall between the endpoint and the SCOPIA PathFinder Client.
Table 1-11 Outbound ports supported by SCOPIA PathFinder Client
Port Range Protocol Functionality Direction Result of Blocking Port on
Firewall Recipient Client
or Server Type
3089 TCP and UDP PathFinder
tunneling service SCOPIAPathFinder
Client to Server SCOPIA PathFinder Client
cannot connect to the
SCOPIA PathFinder Server.
Legacy H.323 endpoints
behind the SCOPIA
PathFinder Client cannot call
external endpoints.
PathFinder Server
3478 STUN (UDP) STUN Binding
Request SCOPIAPathFinder
Client to Server SCOPIA PathFinder Client
cannot determine its public
IP address. Smart Direct
Media Connect cannot
function.
STUN server
Other manuals for SyncMaster VC240
5
This manual suits for next models
1
Table of contents
Other Samsung Conference System manuals
Samsung
Samsung DCS Compact User manual
Samsung
Samsung SVMi-8 User manual
Samsung
Samsung DCS Owner's manual
Samsung
Samsung STN-WM55R User manual
Samsung
Samsung SyncMaster VC240 User manual
Samsung
Samsung iDCS 16 Specification sheet
Samsung
Samsung OFFICESERV 500 Series Operating instructions
Samsung
Samsung SIMATIC NET CP 5611 A2 User manual
Samsung
Samsung OfficeServ500 User manual
Samsung
Samsung iDCS500 User manual
