This document is locked

I am a network administrator for my company. What port ranges are you provisioning for Cisco Jabber Video for TelePresence, and what ports should I open on my firewall to enable my employees to use Jabber Video from my company's network?


Tue, 11/06/2012 - 10:46
Mar 9th, 2012
User Badges:

The Jabber Video application can operate in one of three modes:

  • Connecting to an internal VCS infrastructure back end
  • Connecting to the Cisco WebEx Telepresence subscription cloud service
  • Connecting to the Jabber Video cloud to enable calls to WebEx Telepresence users

The provisioned port ranges depend on the specific mode under which the Jabber Video application is being used and, in some cases, on specific customer requirements.

For the Jabber Video cloud service, we are provisioning the following ports and port ranges for the application:



Range Start

Destination Port/Range End








3478 or 5349/TLS

SIP Signaling



5060 or 80

SIP Secure Signaling



5061 or 443

RTP - Video




Provisioning Software Upgrade




The RTP port range listed here is specific to the computer that Jabber Video is installed on. We are provisioning a wide range of media ports, as unlike an enterprise deployment of Jabber Video, we won’t know in advance which applications are in use (and which ports/ranges other applications may have reserved).

Which ports to open on the firewall ultimately depends on your company’s firewall configuration and requirements. If you are a Cisco customer, we recommend working with your account team to determine the configuration that would best meet your needs. Generally, as most corporate firewalls use NAT, the critical metric is the number of outbound ports to open, not which specific port numbers/ranges. The general guideline is to estimate how many Jabber Video “guest access” users would be placing calls across the firewall simultaneously. Take that number and multiply by 11 in order to get an approximate number of ports needed to allow media to flow.

More restrictive firewall policies may prohibit administrators from opening many ports. In that event, it is possible to establish calls using only ports 5060/5061 (or 80/443), but this prevents media from being established in a point-to-point connection. As Cisco will attempt to relay the media through your NAT or firewall, this may affect your call quality. If you want to achieve 720p HD quality, then you should open the ports per the guidelines shown here.

Overall Rating: 5 (2 ratings)
Darren McKinnon Tue, 03/13/2012 - 16:55
User Badges:

I also would like to know this, but coming from a completely different angle.  I want to block users from installing this our company computers.  We have an enterprise client available that we provision, so how to I keep users who have installed it in my network from making calls?

Michael Whaley Fri, 07/13/2012 - 08:02
User Badges:

Are the IP address blocks/ranges also available for the cloud based Cisco Jabber Video for TelePresence servers? We've opened up several, but everytime a new IP gets added to mix we are having to go back and make firewall adjustments.

Michael Whaley Tue, 07/17/2012 - 14:38
User Badges:

How does the company Media Network Services ( play into the Cisco Jabber Video for TelePresence configuration? I see connection attemps to their IPs on UDP 3478 just after sign-in. It looks like they specialize in media optimazation for video traffic. Does anyone know their IP ranges needed for Cisco Jabber Video for TelePresence?

Hoan Mai Wed, 07/18/2012 - 09:25
User Badges:
  • Cisco Employee,

We use medianetworkservices for media relay if the environment can't pass the firewall traversal.

medianetworkservices addresses varies depends on the location that you're at. For me it's


Rick Mai

angelntw1004 Mon, 10/08/2012 - 17:17
User Badges:
Inside the EX-90 imaging equipment and configuration via the
Nat to open on the internal firewall tcp / ip port external Ipad
that must be set when connecting to jabber programs
Firewall, EX-90, Ipad What is it?
It open NAT applies to any TCP / IP is
Connections are not


This Document

Related Content