Port Usage Summary - Mitel Inter-Tel 5000 Installation And Maintenance Manual

Appendix B: Network IP Topology

Port Usage Summary

Port Usage Summary

Stateful Packet Inspection (SPI) is required when an Inter-Tel 5000 platform is placed in a non-
NATed DMZ in an Inter-Tel Private Networking scenario and is communicating over the Internet.
A port is a form of addressing that is subordinate to IP addressing. As such, port numbers serve
to distinguish one protocol or application from another at the same IP address. For example, the
primary protocol that browsers such as Internet Explorer use to access Web pages is HTTP,
and HTTP uses port TCP 80. A single device with a single IP address can support many
protocols simultaneously by using different port numbers.
Separate sets of ports exist for Transfer Control Protocol (TCP) and User Datagram Protocol
(UDP). For port-assignment details, see "UDP Port Assignments" on
Firewalls are devices used to promote network integrity and security by filtering data packets
based on IP addresses and port numbers. For example, suppose a firewall is configured to
allow communication with a Web server, which uses HTTP and TCP port 80. This configuration
would prevent the server from being accessed as a mail server, which uses SMTP and TCP
port 25.
For security reasons, all ports should be disabled except those that are specifically required.
The default state for many routers is to disallow everything, but this practice varies from one
manufacturer to another.
NOTE This appendix assumes that everything is disallowed unless specifically allowed.
A firewall is designed to prevent access from an untrusted network such as the Internet while
allowing communication initiated from within a trusted network. This capability is referred to as
Stateful Packet Inspection (SPI) when the firewall is configured to keep track of the state of
each session.
When enabled, SPI makes the firewall remember that an outbound TCP connection was
initiated from behind the firewall and allows packets associated with this connection back
through the firewall.
IMPORTANT
Page B-20
If:
You use Inter-Tel Private Networking over the Internet.
and
You have placed the Inter-Tel 5000 platform in a non-NATed DMZ to provide
port-filtering protection from Internet threats.
Then:
In addition to opening the ports specified in
SPI between the Internet and the DMZ.
page
Table B-1, you must also enable
®
Inter-Tel 5000 Installation Manual – Issue 2.4, May 2008
4-55.