cancel
Showing results for 
Search instead for 
Did you mean: 

[FAQ] Ports in a firewall that need to be open in order to utilize video conferencing

Polycom Employee & Community Manager

[FAQ] Ports in a firewall that need to be open in order to utilize video conferencing

Firewall Port usage:

 

You might require the below detailed information when configuring network equipment for video conferencing.

 

NOTE: Please bear security in mind before opening all the above ports for a unit on an external IP / Internet !

 

As an example to establish a basic H.323 call between 2 End Points the following ports are required:

 

  • TCP 1720 for the initial call setup
  • TCP 49152 => 65535 for additional signalling
  • UDP 16384 => 32764 for the media between the two endpoints

The above is just a basic guideline and additional ports are described below and ports may vary if Desktop or Mobile clients are being used.

 

NOTE: Always check the Release notes or Admin Guides for ports being utilized!

 

For basic SIP troubleshooting please check => here <=

 

The following tables show IP port usage.

 

NOTE: The below example port list is from a GroupSeries and some of the ports listed below may not be applicable to any older codec's or desktop / mobile clients!

 

Inbound ports to a Polycom Video product

 

        Configuration  
Inbound
Port
Type Protocol Function On By
Default?
(Low
Security
Profile)
Enable/Disable? Configurable
Port Number
22 Static TCP Polycom Touch
Control over
SSH
Yes Admin Settings > General Settings >
Pairing > Polycom Touch Control >
Enable Polycom Touch Control
No
23 Static TCP Telnet
Diagnostics
No Admin Settings > Security > Global
Security > Access > Enable Telnet
Access
No
24 Static TCP Polycom API No Admin Settings > Security > Global
Security > Access > Enable Telnet
Access
No
80 Static TCP RealPresence
Group Web UI
over HTTP
Yes Admin Settings > Security > Global
Security > Access > Enable Web
Access
- disables HTTP and HTTPS port
Admin Settings > Security > Global
Security > Access > Restrict to
HTTPS
- disables HTTP port
Admin Settings >
Security > Global
Security >
Access > Web
Access Port
(http)
161 Static UDP SNMP No Admin Settings > Security > Global
Security > Access > Enable SNMP
Access
Admin Settings > Servers > SNMP >
Enable SNMP
Admin Settings >
Servers > SNMP
> Listening Port
443 Static TLS RealPresence
Group Web UI
over HTTPS
Yes Admin Settings > Security > Global
Security > Access > Enable Web
Access
No
1719 Static UDP H.225.0 RAS No Admin Settings > Network > IP
Network > H.323 > Use Gatekeeper
No
1720 Static TCP H.225.0 Call Signaling Yes Admin Settings > Network > IP
Network > H.323 > Enable IP H.323
No
5001 Static TCP People+Content™ IP Yes Admin Settings > Audio / Video >
Video Input > General Camera
Settings > Enable People+Content IP
No
5060 Static TCP / UDP SIP (Protocol
depends on
Transport
Protocol
setting)
Yes Admin Settings > Network > IP
Network > SIP > Enable SIP
Admin Settings > Network > IP
Network > SIP > Transport Protocol
No
5061 Static TLS Secure SIP Yes Admin Settings > Network > IP
Network > SIP > Enable SIP
Admin Settings > Network > IP
Network > SIP > Transport Protocol
No
49152-65535 Dynamic TCP H.245 Yes Admin Settings > Network > IP
Network > H.323 > Enable IP H.323
Admin Settings >
Network > IP
Network >
Firewall > Fixed
Ports > TCP
Ports
(1024-65535)
16384-32764 (Default) Dynamic UDP RTP/RTCP Video and Audio Yes Admin Settings > Network > IP
Network > H.323 > Enable IP H.323
Admin Settings > Network > IP
Network > SIP > Enable SIP
Admin Settings >
Network > IP
Network >
Firewall > Fixed
Ports > UDP
Ports
(1024-65535)

 

Outbound ports to a Polycom Video product

 

          Configuration  
Outbound
Port
Type Protocol Function On By
Default?
(Low
Security
Profile)
Enable/Disable? Configurable
Port Number
80 Static TCP Polycom Product Registration Yes Uncheck "Register" checkbox during
OOB setup
No
123 Static UDP NTP Yes Admin Settings > General Settings >
Date and Time > System Time >
Time Server
No
162 Static UDP SNMP Trap Yes Admin Settings > Servers > SNMP >
Enable SNMP
Admin Settings > Servers > SNMP >
Destination Address <1,2,3>
Yes - Admin
Settings >
Servers > SNMP
> Destination
Address <1,2,3>
> Port
389 Static TLS LDAP Yes Admin Settings > Servers > Directory
Servers > Server Type
Yes
- Admin Settings
> Servers >
Directory
Servers >
Server Type =
LDAP
- Admin Settings
> Servers >
Directory
Servers >
Server Port
389 Static TLS LDAP to ADS
(External
Authentication)
No Admin Settings > Security > Global
Security > Authentication > Enable
Active Directory External
Authentication
No
443 Static TLS CMA/RealPrese
nce Resource
Management
(Provisioning,
Monitoring,
Softupdate)
No Admin Settings > Servers >
Provisioning Service > Enable
Provisioning
No
443 Static TLS Microsoft
Exchange
Server
(Calendaring)
No Admin Settings > Servers >
Calendaring Service > Enable
Calendaring Service
No
443 Static TLS Microsoft Lync
Address Book
No Admin Settings > Servers > Directory
Servers > Server Type
No
514 Static UDP Syslog No Diagnostics > System > System Log
Settings > Enable Remote Logging
Yes
1718 Static UDP H.225.0
Gatekeeper
Discovery
No Admin Settings > Network > IP
Network > H.323 > Use Gatekeeper
= Auto
No
1719 Static UDP H.225.0 RAS No Admin Settings > Network > IP
Network > H.323 > Use Gatekeeper
Yes - outgoing
port can be
specified in the
Primary
Gatekeeper IP
Address field
1720 Static TCP H.225.0 Call
Signaling
Yes Admin Settings > Network > IP
Network > H.323 > Enable IP H.323
No
3601 Static TCP GDS No Admin Settings > Servers > Directory
Servers > Server Type
No
5060 Static TCP / UDP SIP Yes Admin Settings > Network > IP
Network > SIP > Enable SIP
AND
Admin Setting > Network > IP
Network > SIP > Transport Protocol
= Auto, TCP, or UDP
Yes - outgoing
port can be
specified in the
dial string
(user@domain:p
ort)
Note that the
transport
protocol used
depends on
Admin Settings
> Network > IP
Network > SIP >
Transport
Protocol
5061 Static TLS Secure SIP Yes Admin Settings > Network > IP
Network > SIP > Enable SIP
AND
Admin Setting > Network > IP
Network > SIP > Transport Protocol
= Auto or TLS
Yes - outgoing
port can be
specified in the
dial string
(user@domain:p
ort)
5222 Static TCP CMA/RealPrese
nce Resource
Manager: XMPP
No Provisioned by RealPresence
Resource Manager
No
49152-
65535
Dynamic TCP H.245 Yes Admin Settings > Network > IP
Network > Enable IP H.323
Admin Settings
> Network > IP
Network >
Firewall > Fixed
Ports > TCP
Ports
(1024-65535)
16384-
32764
(Default)
Dynamic UDP RTP/RTCP
Video and Audio
Yes Admin Settings > Network > IP
Network > Enable IP H.323
Admin Settings > Network > IP
Network > Enable SIP
Admin Settings
> Network > IP
Network >
Firewall > Fixed
Ports > UDP
Ports
(1024-65535)

 

NOTE: Please bear security in mind before opening all the above ports for a unit on an external IP / Internet !

 

A few simple examples in regards firewall blocked ports.

 

  • Far End Port 1720 blocked for Call Setup

 

Call_Far_End_No_Answer.PNG

In the above example the End Point tries to setup a call to another endpoint located at 10.252.149.103 but cannot establish the H.323 TCP connection on port 1720 to setup the call.

 

  • Far End no answer on Call Setup

Call_Far_End_No_Answer_01.PNG

In the above example the End Point is setting up a call to another endpoint located at 10.252.149.103 and is establishing the H.323 TCP connection on port 1720 to setup the call. It then uses H.225 via TCP to setup the call and alert the far end without the far end answering the call.

 

  • Far End answer call

Call_Far_End_No_Answer_02.PNG

 

 

In the above example the End Point is setting up a call to another endpoint located at 10.252.149.103 and is establishing the H.323 TCP connection on port 1720 to setup the call. It then uses H.225 via TCP to setup the call and alert the far end.

 

Further into the above trace the Endpoints then exchange their capabilities

 

Call_Far_End_No_Answer_03.PNG

 

 

The above as an example is a call between two Real Presence Desktop Clients. The RTP ports used for this application as an example use Ports 3230 for the Caller and 3232 for the Called.

 

NOTE: Please always check the Admin Guide or Release Notes for specific ports per device used!

 

Call_Far_End_No_Answer_04.PNG

 

The above as an example is a call between a GroupSeries and a Real Presence Desktop Clients. The RTP ports used for this application as an example use Ports 16386 for the Caller and 3230 for the Called.

 

In a H.323 call H.245 is used as a control channel protocol in order to establish the call.

 

CallSetup_01.PNG

 

The above is the initial capability exchange.

 

The request: openLogicalChannel and response: openLogicalChannelAck messages are being used once the call is answered to negotiate the control and media ports that are being used for the call.

 

CallSetup_02.PNG

 

and

 

CallSetup_03.PNG

Please be aware:

The purpose of these forums is to allow community members collaborate and help each other.
Questions posted here do not follow Polycom’s SLA guidelines.
If you require assistance from Polycom technical support, please open a
web service request or call us .

The above is necessary in order to track issue internally within Polycom.

You are welcome to post more questions or configuration or logs for other community members to look at but if your issue requires a fix via Polycom you must go via the official support structure.

Please ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

This forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Polycom employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and may be answered on weekends, bank holidays or personal holidays.
Message 1 of 2
1 REPLY
Polycom Employee & Community Manager

Re: [FAQ] Ports in a firewall that need to be open in order to utilize video conferencing

Troubleshooting SIP Calls

 

Below chart shows a call being setup between a GroupSeries 500 and RealPresence Desktop

 

CommunitySIP_Troubleshooting-00.PNG

 

INVITE:

 

CommunitySIP_Troubleshooting-02.PNG

 

The actual INVITE in this example is using TCP and sends this on the standard port 5060.

 

CommunitySIP_Troubleshooting-03.PNG

 

The actual INVITE contains the SDP in which we negotiate the Audio and Video Codec being utilized and in addition what ports we are going to use.

 

RPD Logs (rpd.log):

CommunitySIP_Troubleshooting-04.PNG

 

Group Series (messages.x) Log files:

 

CommunitySIP_Troubleshooting-05.PNG

 

Diagnostics => System > System Log Settings > Enable SIP trace must be enabled

 

The GroupSeries suggest to use the G7221 codec and port 16446 for Audio and use LPR or "lost packet recovery" for Video on port 16448.

 

The RealPresence Desktop then replies with a 200 OK suggesting:

 

CommunitySIP_Troubleshooting-06.PNG

 

To utilize port 3230 to receive the Audio utilizing the G7221 codec and also

 

CommunitySIP_Troubleshooting-08.PNG

 

use port 3232 for Video.

 

The call is established and if all ports are open and no restrictions on a SBC or similar are utilized you have two way video and audio.

 

CommunitySIP_Troubleshooting-01.PNG

 

RTP data should flow both directions:

 

CommunitySIP_Troubleshooting-09.PNG

 

Errors:

 

content will follow

Please be aware:

The purpose of these forums is to allow community members collaborate and help each other.
Questions posted here do not follow Polycom’s SLA guidelines.
If you require assistance from Polycom technical support, please open a
web service request or call us .

The above is necessary in order to track issue internally within Polycom.

You are welcome to post more questions or configuration or logs for other community members to look at but if your issue requires a fix via Polycom you must go via the official support structure.

Please ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

This forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Polycom employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and may be answered on weekends, bank holidays or personal holidays.
Message 2 of 2