Mitel Forums - The Unofficial Source
Mitel Forums => MiVoice Office 250/Mitel 5000 => Topic started by: birdman on November 24, 2015, 02:48:00 PM
-
I have read numerous postings about setting up remote 53xx phones and configured my firewall with the ports mentioned. Unfortunately, I am still unsuccessful in connecting.
As a test I opened all ports to our 5000 system and the remote phone connected without any issues.
When I applied the ports the remote computer gets stuck at the TFTP Main page before continuing on to Contacting Server.
I have revisited the port numbers several times and all seems correct.
Any ideas?
-
Can you tell us what ports you need have forwarded?
My notes for MiNet phones on a basic 5000 with no expansions:
67&68/UDP
69&20001/UDP
6800-6802/TCP
3998&3999/TCP
50098-50508/UDP
6004-6261/UDP
-
Hi,
Yes to all the ports mentioned plus,
TCP 5570
UDP 6604-7039
I have tried to verify via the firewall log (Fortigate 100) what ports are being used but could not find anything being blocked.
Cheers.
-
Hi,
Yes to all the ports mentioned plus,
TCP 5570
UDP 6604-7039
I have tried to verify via the firewall log (Fortigate 100) what ports are being used but could not find anything being blocked.
Cheers.
5570 is only for Inter-tel inter-system networking and will not function through a firewall (they cannot be NAT'd).
6604-7039 are only for Intertel IP phones, but having them setup is not a problem.
It sounds like the firewall is the problem, sorry but I don't know much about Fortigate routers.
-
Acejavelin, thanks for looking.
I figure it is firewall related also as the phone connected just fine with all ports open.
Cheers.
-
My firewall guy came back with the following explanation:
The problem here is that TFTP will initiate the transfer on port 69 but will renegotiate a new data transfer port randomly with the client. This is why it works when all the ports are opened.
Is there a setting somewhere on your server where you could set a predefined port range for TFTP data transfers? If you can define a port range you could then open this range in the Fortigate.
Does this ring true and is it possible to specify a range with the 5000 system?
-
My understanding was the phone would attempt to do TFTP on 20001, and if it failed try 69, or perhaps it was the other way around... I didn't think both ports had to be open, but once the TFTP initiates a random port is used for the UDP transfer. This is how TFTP (IETF RFC 1350) works
Most firewall/routers understand TFTP and if that protocol is allowed they can inspect the packets and forward the correct ports dynamically, some routers like the Cisco Pix require minor configuration.
Maybe this will help: http://www.winagents.com/en/solutions/tftp-over-firewall.php
The port assignments for TFTP cannot be changed in the system.
How many phones are we talking about remotely, a viable solution maybe Mitel Border Gateway.
-
All this for one phone. Of course, if one phone can be made to function, then several others may follow.
I opened up all the UDP ports and the TFTP connection was resolved.
Must be other issues as the contacting server screen gets stuck now.
-
Make sure you have the system NAT address defined properly in processor IP connections, and in the set you have NAT set. If you do not have the public IP defined correctly in the 5000 it could also be why TFTP doesn't work quite right... This is not in System->IP Settings, but in System->Devices and Feature Codes->IP Connections->P6000 (typically, the p6000 part might vary slightly) then set NAT IP Address to your public IP address.
-
Problem solved.
Turns out the firewall settings had implemented both for incoming and outgoing connections. When outgoing was removed the phone was able to connect fine.
Thanks for your help.