Configure Port Forwarding for Remote Access

  • Printer-friendly version
  • EPUB version

Introduction

Typically, UCX server is deployed behind a router that implements NAT/PAT between the UCX server and the Internet.  In order to provide external access to servers on the local network, the router allows you to configure port forwarding (based on the manufacturer of your router, different names can be used for this feature - for example Virtual Server Setup).

This document focuses on the steps necessary to enable support for UCX telephony functionality, including accessing the Web Based Configuration Utility for remote management from the internet across the customer router.  Other UCX functionality may require configuration of the customer router to ensure proper communication can be established. The documentation describing that functionality includes the specific router configuration required, such as UCX Remote AccessSoftware Update, and External CDR.

Routers also allow one specific server to be completely exposed to the public network by using the DMZ (demilitarized zone) feature. We strongly discourage you from using this feature with your UCX Server.

Port Forwarding to Allow Remote Management

In order to enable access to the Web-based Configuration Utility of your UCX system from the public network, you should configure your router to forward the following ports to the IP address of your UCX Server (by default 192.168.1.200):

Rule Name
Port Number
Port Type
Secure Web Server (HTTPS) 443 TCP

With this rule enabled, you can access the UCX Web-based Configuration Utility using the address https://<public IP address of your router>.

Alternatively, a "special" port number could be used for external access to the HTTPS port on UCX. For example, the router could be configured to send all traffic received on port 8000 to the internal IP address of UCX and port 443. Users would then access the system using the address: https://<public IP address of your router>:8000.

 Please note that you have to use https, not just http.

When configuring your router, the goal should be to open as few ports as possible.  Hence we recommend you to use only the Secure Web Server rule above.  Nevertheless, if you really want to access the UCX Web-based Configuration Utility also using the address http://<public IP address of your router>, you could also create the following port forwarding rule:

Rule Name
Port Number
Port Type
Web Server (HTTP) 80 TCP

Before you enable public access to your UCX Web-based Configuration Utility, ensure that the password for the admin account has been changed to a strong password.

DO NOT LEAVE THE DEFAULT PASSWORD ENABLED AND DO NOT USE A SIMPLE PASSWORD!

Port Forwarding for SIP Trunks

In order for the UCX system to properly establish voice path for SIP trunks calls in all possible scenarios, it is necessary to enable port forwarding of RTP ports to the UCX server.  The RTP port range (by default 10000 to 13999) must be forwarded to the IP address of your UCX Server (by default 192.168.1.200):

Rule Name Port Number/Port Range Port Type
RTP (media) 10000 - 13999 UDP
SIP Signaling (see Note 1) 5060 (see Note 2) UDP/TCP

Note 1: For registration based SIP trunks, there is no need to enable port forwarding of the SIP port (5060 by default).  This rule is needed only for SIP Trunks not using Registration-based connections or if there are remote SIP phones connecting to the UCX system. (See section Port Forwarding for Remote SIP phones).
Note 2: If you use a non-default port number for SIP signaling (configured in SIP Settings page), use the actual port number for the first rule in the table above. For AWS systems, check the value pre-populated in the SIP Settings page under Bind Port.

Port Forwarding for Remote XSTIM Phones 

In order to allow XSTIM based phones (E-MetroTel Infinity,Nortel/Avaya IP) to access your UCX Server from the public network, you should configure your router to forward the following ports to the IP address of your UCX Server (by default 192.168.1.200):

If your UCX Server is behind NAT, you must enter the public IP address of the UCX Server in the Public IP field on the Nortel Settings page.

Rule Name
Port Number/Port Range
Port Type
XStim (signaling) 7000 (default *) UDP
RTP (media) 10000 - 13999 UDP

* If you use a non-default port number for XStim signaling (configured in the XSTIM settings in XSTIM Settings page), use the actual port number for the first rule in the table above.
 

If you have XSTIM devices that are not located on your local subnet, you should also set the Jitter Buffer option in the XSTIM Settings to Enabled

Port Forwarding for Remote InfinityOne Clients

In order to allow InfinityOne softphones (Desktop, Browser or Mobile) to access your InfinityOne Server from the public network, you should configure your router to forward the following ports to the IP address of your InfinityOne Server (by default 192.168.1.200):

If your InfinityOne Server is behind NAT, you must enter the public IP address of the UCX Server in the Public IP field on the Nortel Settings page.

Rule Name
Port Number/Port Range
Port Type
InfintyOneSitePort (signaling) 21326 (default *) TCP
RTP (media) 10000 - 13999 UDP

* If you use a non-default port number for the Site URL Port Number (configured in InfinityOne Installation Wizard or the InfinityOne Administration/General/Network settings), use the actual port number for the first rule in the table above.

Port Forwarding for Remote UCX MGCP Phones 

In order to allow MGCP phones (typically Panasonic IP phones) to access your UCX Server from the public network, you should configure your router to forward the following ports to the IP address of your UCX Server (by default 192.168.1.200):

Rule Name
Port Number/Port Range
Port Type
MGCP Server (signaling) 2727 UDP
PTAP Server 9300 UDP
RTP (media) 10000 - 13999 UDP

Port Forwarding for Remote SIP Phones

In order to allow remote SIP phones to access your UCX Server from the public network, you should configure your router to forward the following ports to the IP address of your UCX Server (by default 192.168.1.200):

If your UCX Server is behind NAT, you must enter the public IP address of the UCX Server in the External IP field on the SIP Settings page.

The extension for the remote SIP phone must also have NAT mode set to Yes. (See Adding a SIP Extension)

Rule Name
Port Number/Port Range
Port Type
SIP (signaling) 5060 (default *) UDP/TCP
RTP (media) 10000 - 13999 UDP

* If you use a non-default port number for SIP signaling (configured in SIP Settings page), use the actual port number for the first rule in the table above. For AWS systems, check the value pre-populated in the SIP Settings page under Bind Port.

Do NOT add a port forwarding rule for the SIP port unless it is needed.  If you need to expose the SIP port, use a non-default SIP port value (e.g., 5062 or 5090 instead of the default 5060).

Self Assessment Quiz

  1. Do you know which ports to forward for remote E-MetroTel XStim devices?
  2. Do you know which ports to forward for remote SIP devices?
  3. Which ports require forwarding when InfinityOne clients are being deployed?
  4. To allow remote management of your UCX system, can you use the default administrator password?
  5. Do you know which ports to forward for remote E-MetroTel support Panasonic MGCP-based phones configured as XStim devices?
Page Tags: 
How-To