Firewall ports for the reverse proxy and TURN server

Traffic between the reverse proxy and TURN server and clients in the Internet

The following ports have to be allowed through any firewalls which carry traffic between the reverse proxy and TURN server in the DMZ and Infinity Connect clients in the public Internet:

Purpose Direction Source IP Protocol Port Destination IP
HTTP/HTTPS Inbound <any> TCP 80 / 443 Reverse proxy
UDP TURN/STUN Inbound <any> UDP 3478 TURN server
TURN relay media Inbound <any> UDP 49152–65535 TURN server
TURN relay media † Inbound <any> TCP 443 TURN server
RTP media Outbound TURN server UDP <any> <any>
DNS Outbound Reverse proxy and TURN server TCP/UDP 53 DNS server
NTP Outbound Reverse proxy and TURN server TCP 123 NTP server
† Only applies if TURN over TCP/443 is enabled

Traffic between the local network and the DMZ / Internet

The following ports have to be allowed through any firewalls which carry traffic between Conferencing Nodes and management stations in the local network and the reverse proxy and TURN server in the DMZ/internet:

Purpose Direction Source IP Protocol Port Destination IP
HTTPS Inbound Reverse proxy TCP 443 Conferencing Nodes
UDP TURN/STUN Outbound Conferencing Nodes UDP 3478 TURN server
UDP TURN/STUN Outbound Conferencing Nodes UDP 3478 / 19302 STUN server (if configured). Note that stun.l.google.com uses port 19302.
SSH Outbound Management PC TCP 22 Reverse proxy and TURN server
SNMP ‡ Outbound SNMP server UDP 161 Reverse proxy and TURN server
SNMP ‡ Inbound Reverse proxy and TURN server UDP 161 SNMP server
‡ Only applies if SNMP is enabled.