Firewall ports for the reverse proxy and TURN server

Traffic between the reverse proxy and TURN server and clients in the Internet

The following ports have to be allowed through any firewalls which carry traffic between the reverse proxy and TURN server in the DMZ and Infinity Connect clients in the public Internet:

Source address Source port Destination address Dest. port Protocol Notes
<any> (Infinity Connect client) <any> Reverse proxy 80 / 443 TCP HTTP/HTTPS
<any> (Infinity Connect client) <any> TURN server 3478 UDP UDP TURN/STUN
<any> (Infinity Connect client) <any> TURN server 49152–65535 UDP TURN relay media
<any> (Infinity Connect client) <any> TURN server 443 TCP TURN relay media
TURN server 49152-65535 <any> <any> UDP RTP media
Reverse proxy / TURN server <any> DNS server 53 TCP/UDP DNS
Reverse proxy / TURN server <any> NTP server 123 TCP NTP
† Only applies if TURN over TCP/443 is enabled.

Traffic between the local network and the DMZ / Internet

The following ports have to be allowed through any firewalls which carry traffic between Conferencing Nodes and management stations in the local network and the reverse proxy and TURN server in the DMZ/internet:

Source address Source port Destination address Dest. port Protocol Notes
Reverse proxy <any> Conferencing Nodes 443 TCP HTTPS
Conferencing Nodes 40000–49999 ** TURN server 3478 UDP UDP TURN/STUN
Conferencing Nodes 40000–49999 ** STUN server (if configured) 3478 / 19302 UDP UDP TURN/STUN. Note that stun.l.google.com uses port 19302.
Management PC <any> Reverse proxy / TURN server 22 TCP SSH
SNMP server <any> Reverse proxy / TURN server 161 UDP SNMP
Reverse proxy / TURN server <any> SNMP server 161 UDP SNMP
           

** Configurable via the Media port range start/end, and Signaling port range start/end options (see About global settings) .

‡ Only applies if SNMP is enabled.