- Reverse proxy and TURN server
- Introduction
- Design principles and guidelines
- Example deployment
- Deploying via OVA template
- Restoring to a default state
- Replacing the default SSL certificate
- Infinity Connect and Lync/Skype clients
- Configuring Infinity with a TURN server
- Configuring Infinity with a STUN server
- Firewall ports
- Alternative configurations
- Advanced configuration
Download RP/TURN guide as PDF
Firewall ports for the reverse proxy and TURN server
Traffic between the reverse proxy and TURN server and clients in the Internet
The following ports have to be allowed through any firewalls which carry traffic between the reverse proxy and TURN server in the DMZ and the Infinity Connect Mobile client and Infinity Connect clients in the public Internet:
| Purpose | Direction | Source IP | Protocol | Port | Destination IP |
|---|---|---|---|---|---|
| HTTP/HTTPS | Inbound | <any> | TCP | 80 / 443 | Reverse proxy |
| UDP TURN/STUN | Inbound | <any> | UDP | 3478 | TURN server |
| TURN relay media | Inbound | <any> | UDP | 49152–65535 | TURN server |
| RTP media | Outbound | TURN server | UDP | <any> | <any> |
| DNS | Outbound | Reverse proxy and TURN server | TCP/UDP | 53 | DNS server |
| NTP | Outbound | Reverse proxy and TURN server | TCP | 123 | NTP server |
Traffic between the local network and the DMZ / Internet
The following ports have to be allowed through any firewalls which carry traffic between Conferencing Nodes and management stations in the local network and the reverse proxy and TURN server in the DMZ/internet:
| Purpose | Direction | Source IP | Protocol | Port | Destination IP |
|---|---|---|---|---|---|
| HTTPS | Inbound | Reverse proxy | TCP | 443 | Conferencing Nodes |
| UDP TURN/STUN | Outbound | Conferencing Nodes | UDP | 3478 | TURN server |
| UDP TURN/STUN | Outbound | Conferencing Nodes | UDP | 3478 / 19302 | STUN server (if configured). Note that stun.l.google.com uses port 19302. |
| SSH | Outbound | Management PC | TCP | 22 | Reverse proxy and TURN server |