What Firewall Ports do you need open between UCA Softphone and a 5000

[akuhn]

Cross Posted with the Applications Forum

PBX - 5400
MAS/UCA Server
NO MBG
NO Teleworker

UCA Client External.

Those who have followed my posts know I scored a major victory by getting the UCA Softphone to work outside of my office yesterday.  That's the good part.

The part I want to refine is closing unnecessary ports on my external facing firewall between the Internet and the two publicly facing IP addresses on my 5400 and expansion chassis. 

In order for the softphone to work, I have to open ALL ports to my PBX and expansion chassis. 

On Page 13 of the Engineering Guide for the UCA with no MBG, it states that the following ports need to be open:

3998-3999    TCP

5060        UDP

6004-6261    UDP
6604-7039    UDP
5004-5070    UDP

6800-6802    UDP

50098-50508    UDP

5566    TCP

5567    UDP

5570    TCP

4000    TCP

4000    TCP

44000    TCP

69    TCP

20001    TCP

I've opened these ports up and more, but the softphone doesn't work unless I open up all the ports.  So I have to assume this list is incomplete or not providing necessary details.

Anyone have a list of ports for a softphone and a 5000 Series?

[marcolive]

Hi,

I've never had to do that with a UCA softphone. Do you have any king of call control and just no audio, or nothing at all?

Try to open ports 6800-6802 TCP.  These ports are for Minet (call control).  I think the best way to troubleshoot that kind of problem is to do a Wireshark capture and analyze requests from UCA client to the 5000. 

Keep us in touch!

[akuhn]

I will add your TCP suggestions to the mix.  As to your first question, you get a Red X and no ability to call.  If I open up all ports, then the X goes away and calling proceeds. 

[NTEDave]

In my notes I have an open port range of 6004 to 7039 UDP, you have a 'hole' of closed ports in the range from 6261 to 6604 UDP.

Worth a shot??

[akuhn]

I lost my remote access to my home computer (via Windows Home Server) because I think I left the connection up too long and it timed out.  So I will test these out as soon as possible.  I'd rather have 500 ports open than 55K ports open.

[akuhn]

BINGO!

I threw both 6800-6802 TCP and 6004 to 7039 UDP into my "Mitel PBX Ports" service group object in my Sonicwall.  My softphone still works.

I also took out the Webserver ports (http and https) because I didn't think they were necessary.

If you doing this, you should be aware that you might still see the Red X on the drop down menu of your UCA Client when you switch from the deskphone to the softphone.  Don't let that stop you from actually selecting the softphone.  Only when you've selected the softphone and seen whether you have the X or not is the final test. 

Thanks for the suggestion.