The Jabber Video application can operate in one of three modes:
- Connecting to an internal VCS infrastructure back end
- Connecting to the Cisco WebEx Telepresence subscription cloud service
- Connecting to the Jabber Video cloud to enable calls to WebEx Telepresence users
The provisioned port ranges depend on the specific mode under which the Jabber Video application is being used and, in some cases, on specific customer requirements.
For the Jabber Video cloud service, we are provisioning the following ports and port ranges for the application:
Destination Port/Range End
3478 or 5349/TLS
5060 or 80
SIP Secure Signaling
5061 or 443
RTP - Video
Provisioning Software Upgrade
The RTP port range listed here is specific to the computer that Jabber Video is installed on. We are provisioning a wide range of media ports, as unlike an enterprise deployment of Jabber Video, we won’t know in advance which applications are in use (and which ports/ranges other applications may have reserved).
Which ports to open on the firewall ultimately depends on your company’s firewall configuration and requirements. If you are a Cisco customer, we recommend working with your account team to determine the configuration that would best meet your needs. Generally, as most corporate firewalls use NAT, the critical metric is the number of outbound ports to open, not which specific port numbers/ranges. The general guideline is to estimate how many Jabber Video “guest access” users would be placing calls across the firewall simultaneously. Take that number and multiply by 11 in order to get an approximate number of ports needed to allow media to flow.
More restrictive firewall policies may prohibit administrators from opening many ports. In that event, it is possible to establish calls using only ports 5060/5061 (or 80/443), but this prevents media from being established in a point-to-point connection. As Cisco will attempt to relay the media through your NAT or firewall, this may affect your call quality. If you want to achieve 720p HD quality, then you should open the ports per the guidelines shown here.