Pexip Infinity port usage and firewall guidance
The diagrams and tables below show the ports used when the Management Node and Conferencing Node connect to other devices.
Firewall, routing and NAT guidance
Note that in all Pexip Infinity deployment scenarios:
- All Pexip nodes must be fully routable to each other (full mesh) in both directions. This means that the Management Node must be able to reach every Conferencing Node, and each Conferencing Node must be able to reach every other Conferencing Node.
- Any internal firewalls must be configured to allow UDP port 500 and traffic using IP protocol 50 (ESP) in both directions between all Pexip nodes.
- There cannot be a NAT between any Pexip nodes.
Management Node
Inbound
Outbound
Conferencing Nodes
Inbound
Protocol | Source‑Port | Dest‑Port | Description | Device |
---|---|---|---|---|
TCP | <any> | 22 | SSH * | SSH client |
TCP | <any> | 80 | HTTP | Web browser / API interface / Lync / Skype for Business system (for conference avatar) |
TCP | <any> | 443 | HTTPS | Web browser/ API interface / Infinity Connect Mobile client |
TCP | <any> | 1720 | H.323 (H.225 signaling) | Endpoint / call control system |
TCP | <any> | 5060 | SIP | Endpoint / call control system |
UDP ‡ | <any> | 5060 | SIP | Endpoint / call control system |
TCP | <any> | 5061 | SIP/TLS | Endpoint / call control system |
TCP | <any> | 33000–39999 ** | H.323 (Q.931/H.245 signaling) | Endpoint / call control system |
TCP/UDP | <any> | 40000–49999 ** | RTP / RTCP / RDP / DTLS / RTMP / STUN / TURN | Endpoint / call control system / Lync / Skype for Business system / Infinity Connect †† |
UDP | <any> | 161 | SNMP ‡ | SNMP server |
UDP | 500 | 500 | ISAKMP (IPsec) | Management Node / Conferencing Node |
UDP | <any> | 1719 | H.323 (RAS signaling) | Endpoint / call control system |
ESP | n/a | n/a | IPsec / IP Protocol 50 | Management Node / Conferencing Node |
Outbound
Protocol | Source‑Port | Dest‑Port | Description | Device |
---|---|---|---|---|
TCP/UDP | 55000–65535 | 53 | DNS | DNS server |
TCP | 55000–65535 | 443 | HTTPS ‡ | Incident reporting server (acr.pexip.com) |
TCP | 33000–39999 ** | 1720 | H.323 (H.225 signaling) | Endpoint / call control system |
TCP/UDP | 33000–39999 ** | 5060 | SIP | Endpoint / call control system |
TCP | 33000–39999 ** | 5061 | SIP/TLS | Endpoint / call control system |
TCP | 33000–39999 ** | <any> | H.323 (Q.931/H.245 signaling) | Endpoint / call control system |
TCP/UDP | 40000–49999 ** | <any> | RTP / RTCP / RDP / DTLS / RTMP / STUN / TURN | Endpoint / call control system / Lync / Skype for Business system / Infinity Connect †† |
TCP | 40000–49999 ** | 1935 | RTMP | RTMP streaming server |
TCP (TLS) | 55000–65535 | 443 / 8057 ‡‡ | PSOM (PowerPoint presentation from Lync) | Lync Web Conferencing service |
TCP (TLS) | 55000–65535 | 443 | HTTPS (PowerPoint presentation from Lync) | Lync Front End server or Edge server |
UDP | 123, 55000–65535 | 123 | NTP | NTP server |
UDP | <any> | 161 † | SNMP ‡ | SNMP NMS |
UDP | 500 | 500 | ISAKMP (IPsec) | Management Node / Conferencing Node |
UDP † | 55000–65535 | 514 † | Syslog ‡ | Syslog server |
UDP | 33000–39999 ** | 1719 | H.323 (RAS signaling) | Endpoint / Call control system |
UDP | 40000–49999 ** | 3478 † | STUN / TURN | STUN / TURN server |
ESP | n/a | n/a | IPsec / IP Protocol 50 | Management Node / Conferencing Node |
* Only required if you want to allow administrative access via this port. † Configurable by the administrator. ** Configurable via the Media port range start/end and Signaling port range start/end options (see About global settings). †† Infinity Connect web, mobile and desktop (installable) clients ‡ Only applies if the relevant feature is configured. ‡‡ Typically 443 for Web Conferencing Edge and 8057 for a Lync Front End server / FEP. Note also that:
|