Firewall configuration for calling from H.323 endpoints to StarLeaf
Managing Firewall and bandwidth
Last updated March 6, 2020This article describes firewall configuration for calling to the StarLeaf platform from H.323 endpoints that are not registered with StarLeaf. If your endpoint is registered to StarLeaf, refer to Firewall configuration for H.323 endpoints registered to StarLeaf.
Firewall traversal
To call a StarLeaf endpoint from your H.323 endpoint, the H. 323 endpoint needs to be able to call outside of your network. There are several ways this can happen:
- The endpoint is registered to a network device such as a Cisco VCS
- The endpoint is registered to a H.323-aware firewall that has an ALG/application-layer gateway for H.323
- The endpoint is on a public IP address
Calling from an unregistered H.323 endpoint on a private IP address is not supported.
The ports you need to open on your firewall are shown in this table:
| Source host | Source port | Destination host | Destination port | Description |
|---|---|---|---|---|
| Internal H.323 endpoint | Ephemeral | <example>.call.sl | UDP 1719 | H.225 RAS (Registration, Admission, and Status) |
| TCP 1720 | H.225 call signaling | |||
| TCP 1721 | H.225 call signaling | |||
| UDP 1722 | H.225 RAS (Registration, Admission, and Status) | |||
| TCP 10000-10199 | H.245 call signaling | |||
| UDP 16384-24576 | RTP media |