Firewall Settings for NAT Deployment
The table below describes the mandatory firewall rules to configure in the Enterprise firewall for connecting devices behind a NAT as described in Managing Device Connections.
|
Configuration Option |
Ports to Configure |
Purpose |
Port side / Flow Direction |
||||||
|---|---|---|---|---|---|---|---|---|---|
| SBC Devices | |||||||||
|
Cloud Architecture Mode (Device > OVOC Server) |
|
See Cloud Architecture Mode (WebSocket Tunnel) Firewall Settings. |
OVOC server side / Bi-directional |
||||||
|
OVOC Server NAT Mode (OVOC > Devices) |
SNMP UDP port 1161 |
Keep-alive - SNMP trap listening port (used predominantly for devices located behind a NAT). Used also by Fixed License Pool and Floating License Service. Initiator: AudioCodes device |
OVOC server side / Receive only |
||||||
|
SNMP UDP port 162 |
SNMP trap listening port on the OVOC.
|
OVOC server side / Receive only |
|||||||
|
TCP 5000 |
XML based communication for control, media data reports and SIP call flow messages.
|
OVOC server side / Bi-directional |
|||||||
|
TCP 5001 (Voice Quality Management over TLS) |
XML based TLS secured communication for control, media data reports and SIP call flow messages.
|
OVOC server side / Bi-directional |
|||||||
|
NTP 123 |
NTP server port (OVOC server's Public IP address is configured as the NTP server). See Establishing OVOC-Devices Connections. |
.Both sides / Bi-directional |
|||||||
| Devices Managed by the Device Manager | |||||||||
|
Endpoints ↔ OVOC Device Manager |
TCP (HTTPS) 443 |
HTTPS connection between the endpoints and the OVOC Device Manager.
|
OVOC Device Manager side / Bi-Directional |
||||||
|
HTTPS connection that is used by endpoints for downloading firmware and configuration files from the OVOC Device Manager.
|
|||||||||
|
OVOC Device Manager ↔ ShareFile |
TCP (HTTPS) 443 |
HTTPS connection used by OVOC Device Manager for downloading firmware and configuration files from ShareFile.
For information on ShareFile IP Ranges, see ShareFile Firewall Configuration. |
OVOC Device Manager Side / Bi-Directional |
||||||
| Endpoints ↔ WAF (Imperva Incapsula) and Azure Blob |
TCP (HTTPS) 443 |
HTTPS connection between the endpoints and the WAF.
|
Endpoints WAF side / Bi-Directional. |
||||||
|
TCP (HTTPS) 443 |
HTTPS connection used by endpoints for downloading firmware and configuration files from the Azure Blob.
|
Azure Blob side / Bi-Directional. |
|||||||
|
OVOC Device Manager à Azure Blob |
TCP (HTTPS) 443 |
HTTPS connection used by OVOC to update firmware and configuration files to the Azure Blob.
|
OVOC Device Manager Side / Send-only |
||||||
|
OVOC Device Manager ↔ ShareFile |
TCP (HTTPS) 443 |
HTTPS connection used by OVOC Device Manager for downloading firmware and configuration files from ShareFile.
For information on ShareFile IP Ranges, see ShareFile Firewall Configuration. |
OVOC Device Manager Side / Bi-Directional |
||||||