Firewall Configuration For Webrtc Gateway; Additional Application Requirements; Micollab Client V6.0 - Mitel MiVoice Manual

7.3 Firewall Configuration for WebRTC Gateway

From the Internet to the MBG server:
• allow protocol TCP, destination port 5063 for SIP over TLS
allow protocol UDP, destination ports 32000 to 32500 (and return traffic) for RTP media
•
From the MBG server to the LAN (or just ICPs):
•
allow protocol TCP, destination port 389 for connection to LDAP database
(MiVoice Business or MiVoice 5000 manager)
•
allow protocol TCP, destination port 443 for connection to picture server
(MiVoice Business, MiVoice 5000 manage, or dedicated picture server)
•
allow protocol UDP, source port 5064 for unencrypted SIP trunk connection to
MiVoice Business or MiVoice 5000 (anonymous calls)
•
allow protocol TCP, source port 5065 for encrypted SIP trunk connection to MiVoice 5000 (anonymous
calls)
•
allow protocol TCP, source port 5066 for encrypted SIP user connections to MiVoice 5000 (subscriber
calls)
From the MBG server to the LAN:
•
allow protocol UDP, source ports 33000 to 33500 (and return traffic) for RTP media

8 Additional Application Requirements

MBG allows the use of several supported applications from remote sites, just as it allows use of IP phones.
When MBG is deployed in the DMZ of a third-party firewall, that firewall must be configured to allow connections
from these applications.
This section, plus the common rules in
supported application. Refer to

8.1 MiCollab Client v6.0+

Warning: MBG 7.0 required a port-forwarding rule for port 36008 that directed traffic to the MiCollab
Client server. After upgrading to MBG 7.1 or higher, this rule must be removed from the MSL Port
Forwarding panel.
The following additional rules are required, excluding the MiCollab Client softphones:
From the Internet to the MBG server:
• allow protocol TCP, destination ports 5269 (for XMPP between MiCollab servers), 36008
From the MBG server to the LAN:
allow protocol TCP, destination ports 443, 5269 (for XMPP between MiCollab servers), 36008
•
Note: When the MiCollab Client server is behind MBG, remote MiCollab Clients require access via Web
Proxy for MiCollab Client 5.1 and above. See
MiCollab Clients also include MiNet and SIP softphones. For additional firewall rules covering the MiCollab Client
softphones see Firewall Configuration for Remote MiNet Devices
Firewalls (DMZ
Appendix A: Firewall Configuration Reference
Web Proxy
deployment), gives a minimum configuration for each
for additional firewall rules.
and Configuring MBG for Remote SIP
for the full set of firewall rules.
Devices.
33