CMA Desktop: TCP\UDP ports question

Anonymous · ‎11-08-2012

Hi Guys,

i have recently implemented a CMA- VBP ST solution and everything is running fine. Now we want to test CMA-D on branch offices, registering on VBP Access proxy.

Branch offices are composed by small firewalled LAN and consequently we have to tune firewalls.

Release notes says:

INCOMING ports:

1720 (TCP) H.225.0 CS
1719 (UDP) H.225.0 RAS
3230 - 3237 (TCP) H.245
3230 - 3237 (UDP) Media (RTP/RTCP), configurable on
provisioning server
5060 (TCP/UDP) SIP
Random port (TCP) BFCP

BFCP ( should be used for content token in SIP calls), says "Random".... what does it means? It's configurable somewhere or it has a specific range and a random port is used?

Could you kindly advice if BFCP plays any role in H323 calls (Since our customer will use H323 only)

Thanks and regards

Dan

simons3 · ‎11-08-2012

Dan,

BFCP is a content sharing protocol for SIP. The CMAD can do both H323 and SIP which is why it is listed here. Unfortunately the ports you list are only specific to the CMAD and not to the solution. You will have to refer to the VBP guide to find out the other ports which would be used. Access proxy for example uses 443, 5222, and 389 which are not even listed in the list you have.

S.

Anonymous · ‎11-09-2012

Thanks for your reply Simon,

if i understood correctly, ports listed on release notes for CMAD, are used only if the provisoned site on CMA have specified "allowed via h323 firewall".

In case we used an ALG/SBC as VBP we will tunnel media into H.460... could you kindly specify which ports would be involved?

To clarify i designed this diagram (attachment1):

On network 2 i have a CMAD registered to VBP-ST on network 1... which port range should ispecify for inbound\outbound connections on netowrk 2 firewall?

Thanks

Anonymous · ‎11-09-2012

Simon,

Moving one step forward... just created the whole scenario:

sitting in my company i have registered my CMA-D on customer VBP-ST, then i started a call to a system registered to CMA Server on customer premise.

During that i was monitoring my firewall connection and i reported the result in the attached document.. it seems to use a couple of not documented ports.

Do you have any comment?

Thanks for your kind collaboration.

Regards

simons3 · ‎11-09-2012

Dan,

In your previous post, your laser focused on the ports for the CMAD client. Like you have your document, this only represents part of the story. The VBP-ST will have some additional ports in order to support a video call and especially for H.460.

Please see this link for the VBP config guide - starting on page 55 begins the port listings for the ST which lists the ports used in your doc.

http://supportdocs.polycom.com/PolycomService/support/global/documents/support/setup_maintenance/pro...

Which direction are you concerned about (source or destination ports or both)? Looking at this guide, I don't see any ports out of range that you have listed. There is the 3230 ports range, but this is probably from the CMAD client. Each client can use a different set of ports of the RTP UDP media. Plus, like you mentioned, it can be overrided in the CMA provisioning settings.

S.

Create an account on the HP Community to personalize your profile and ask a question