This document is locked

I am a network administrator for my company. What port ranges are you provisioning for Cisco Jabber Video for TelePresence, and what ports should I open on my firewall to enable my employees to use Jabber Video from my company's network?

Document

Mar 9, 2012 10:24 AM
Mar 9th, 2012

The Jabber Video application can operate in one of three modes:

  • Connecting to an internal VCS infrastructure back end
  • Connecting to the Cisco WebEx Telepresence subscription cloud service
  • Connecting to the Jabber Video cloud to enable calls to WebEx Telepresence users

The provisioned port ranges depend on the specific mode under which the Jabber Video application is being used and, in some cases, on specific customer requirements.

For the Jabber Video cloud service, we are provisioning the following ports and port ranges for the application:

Type

Protocol

Range Start

Destination Port/Range End

DNS

UDP

N/A

53

TURN

UDP

N/A

3478 or 5349/TLS

SIP Signaling

TCP

N/A

5060 or 80

SIP Secure Signaling

TCP

N/A

5061 or 443

RTP - Video

UDP

16384

32767

Provisioning Software Upgrade

TCP

N/A

80/443

The RTP port range listed here is specific to the computer that Jabber Video is installed on. We are provisioning a wide range of media ports, as unlike an enterprise deployment of Jabber Video, we won’t know in advance which applications are in use (and which ports/ranges other applications may have reserved).

Which ports to open on the firewall ultimately depends on your company’s firewall configuration and requirements. If you are a Cisco customer, we recommend working with your account team to determine the configuration that would best meet your needs. Generally, as most corporate firewalls use NAT, the critical metric is the number of outbound ports to open, not which specific port numbers/ranges. The general guideline is to estimate how many Jabber Video “guest access” users would be placing calls across the firewall simultaneously. Take that number and multiply by 11 in order to get an approximate number of ports needed to allow media to flow.

More restrictive firewall policies may prohibit administrators from opening many ports. In that event, it is possible to establish calls using only ports 5060/5061 (or 80/443), but this prevents media from being established in a point-to-point connection. As Cisco will attempt to relay the media through your NAT or firewall, this may affect your call quality. If you want to achieve 720p HD quality, then you should open the ports per the guidelines shown here.

Average Rating: 5 (2 ratings)

Comments

darrenmckinnon Tue, 03/13/2012 - 16:55

I also would like to know this, but coming from a completely different angle.  I want to block users from installing this our company computers.  We have an enterprise client available that we provision, so how to I keep users who have installed it in my network from making calls?

MICHAEL WHALEY Fri, 07/13/2012 - 08:02

Are the IP address blocks/ranges also available for the cloud based Cisco Jabber Video for TelePresence servers? We've opened up several, but everytime a new IP gets added to mix we are having to go back and make firewall adjustments.

MICHAEL WHALEY Tue, 07/17/2012 - 14:38

How does the company Media Network Services (medianetworkservices.com) play into the Cisco Jabber Video for TelePresence configuration? I see connection attemps to their IPs on UDP 3478 just after sign-in. It looks like they specialize in media optimazation for video traffic. Does anyone know their IP ranges needed for Cisco Jabber Video for TelePresence?

Hoan Mai Wed, 07/18/2012 - 09:25

We use medianetworkservices for media relay if the environment can't pass the firewall traversal.

medianetworkservices addresses varies depends on the location that you're at. For me it's

109.205.13.x.

Rick Mai

angelntw1004 Mon, 10/08/2012 - 17:17
Hello?
Inside the EX-90 imaging equipment and configuration via the jabber.com
Nat to open on the internal firewall tcp / ip port external Ipad
that must be set when connecting to jabber programs
Firewall, EX-90, Ipad What is it?
It open NAT applies to any TCP / IP is
Connections are not

Actions

Login or Register to take actions

This Document

Posted March 9, 2012 at 10:24 AM
Stats:
Comments:7 Avg. Rating:5
Views:24736 Contributors:5
Shares:0

Related Content