Firewall configuration for calling from H.323 endpoints to the StarLeaf Cloud
Managing Firewall and bandwidthLast updated September 27, 2018
This article describes firewall configuration for calling to the StarLeaf Cloud from H.323 endpoints that are not registered with the StarLeaf Cloud. If your endpoint is registered to the StarLeaf Cloud, refer to Firewall configuration for H.323 endpoints registered to the StarLeaf Cloud.
To call a StarLeaf Cloud endpoint from your H.323 endpoint, the H. 323 endpoint needs to be able to call outside of your network. There are several ways this can happen:
- The endpoint is registered to a network device such as a Cisco VCS
- The endpoint is registered to a H.323-aware firewall that has an ALG/application-layer gateway for H.323
- The endpoint is on a public IP address
Calling from an unregistered H.323 endpoint on a private IP address is not supported.
The ports you need to open on your firewall are shown in this table:
|Source host||Source port||Destination host||Destination port||Description|
|Internal H.323 endpoint||Ephemeral||<example>.call.sl||UDP 1719||H.225 RAS (Registration, Admission, and Status)|
|TCP 1720||H.225 call signaling|
|TCP 1721||H.225 call signaling|
|UDP 1722||H.225 RAS (Registration, Admission, and Status)|
|TCP 10000-10199||H.245 call signaling|
|UDP 16384-24576||RTP media|