Filter
Top Products
Chapter 14. Firewall and Client Configuration
Additional configuration for the firewall and the SIP clients is required to make the Telecommuting Module work
properly. The amount and nature of the configuration depends on which Telecommuting Module Type was
selected.
The DMZ type
Using the DMZ type, the network configuration should look like this:
The Firewall
The firewall to which the Telecommuting Module is connected should have the following configuration:
SIP over UDP
• Let through UDP traffic between the Internet (all high ports) and the Telecommuting Module (port 5060). You
must allow traffic in both directions.
• Let through UDP traffic between the internal networks (all high ports) and the Telecommuting Module (port
5060). You must allow traffic in both directions.
• Let through UDP traffic between the Internet (all high ports) and the Telecommuting Module (the port interval
for media streams which was set on the Basic page). You must allow traffic in both directions.
• Let through UDP traffic between the internal networks (all high ports) and the Telecommuting Module (the port
interval for media streams which was set on the Basic page). You must allow traffic in both directions.
• Let through UDP traffic between the Telecommuting Module (all high ports) and the Internet (port 53). You must
allow traffic in both directions. This enables the Telecommuting Module to make DNS queries to DNS servers on
the Internet. If the DNS server is located on the same network as the Telecommuting Module, you don’t have to
do this step.
• NAT between the Telecommuting Module and the Internet must not be used.
• NAT between the Telecommuting Module and the internal networks must not be used.
SIP over TCP/TLS
• Let through TCP traffic between the Internet (all high ports) and the Telecommuting Module (ports 1024-32767).
You must allow traffic in both directions.
• Let through TCP traffic between the internal networks (all high ports) and the Telecommuting Module (ports
1024-32767). You must allow traffic in both directions.
• Let through UDP traffic between the Internet (all high ports) and the Telecommuting Module (the port interval
for media streams which was set on the Basic page). You must allow traffic in both directions.
• Let through UDP traffic between the internal networks (all high ports) and the Telecommuting Module (the port
interval for media streams which was set on the Basic page). You must allow traffic in both directions.
• Let through UDP traffic between the Telecommuting Module (all high ports) and the Internet (port 53). You must
allow traffic in both directions. This enables the Telecommuting Module to make DNS queries to DNS servers on
the Internet. If the DNS server is located on the same network as the Telecommuting Module, you don’t have to
do this step.
121