-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
- HP Community
- HP Support Community Knowledge Base
- Poly Video Conferencing Knowledge Base
- Poly Video Conferencing Knowledge Base
- [FAQ] Ports in a firewall that need to be open in order to ...
Firewall Port usage:
You might require the below detailed information when configuring network equipment for video conferencing.
NOTE: Please bear security in mind before opening all the above ports for a unit on an external IP / Internet !
As an example to establish a basic H.323 call between 2 End Points the following ports are required:
- TCP 1720 for the initial call setup
- TCP 49152 => 65535 for additional signalling
- UDP 16384 => 32764 for the media between the two endpoints
The above is just a basic guideline and additional ports are described below and ports may vary if Desktop or Mobile clients are being used.
NOTE: Always check the Release notes or Admin Guides for ports being utilized!
For basic SIP troubleshooting please check => here <=
The following tables show IP port usage.
NOTE: The below example port list is from a GroupSeries and some of the ports listed below may not be applicable to any older codec's or desktop / mobile clients!
Inbound ports to a Polycom Video product
Configuration | ||||||
Inbound Port | Type | Protocol | Function | On By Default? (Low Security Profile) | Enable/Disable? | Configurable Port Number |
22 | Static | TCP | Polycom Touch Control over SSH | Yes | Admin Settings > General Settings > Pairing > Polycom Touch Control > Enable Polycom Touch Control | No |
23 | Static | TCP | Telnet Diagnostics | No | Admin Settings > Security > Global Security > Access > Enable Telnet Access | No |
24 | Static | TCP | Polycom API | No | Admin Settings > Security > Global Security > Access > Enable Telnet Access | No |
80 | Static | TCP | RealPresence Group Web UI over HTTP | Yes | Admin Settings > Security > Global Security > Access > Enable Web Access - disables HTTP and HTTPS port Admin Settings > Security > Global Security > Access > Restrict to HTTPS - disables HTTP port | Admin Settings > Security > Global Security > Access > Web Access Port (http) |
161 | Static | UDP | SNMP | No | Admin Settings > Security > Global Security > Access > Enable SNMP Access Admin Settings > Servers > SNMP > Enable SNMP | Admin Settings > Servers > SNMP > Listening Port |
443 | Static | TLS | RealPresence Group Web UI over HTTPS | Yes | Admin Settings > Security > Global Security > Access > Enable Web Access | No |
1719 | Static | UDP | H.225.0 RAS | No | Admin Settings > Network > IP Network > H.323 > Use Gatekeeper | No |
1720 | Static | TCP | H.225.0 Call Signaling | Yes | Admin Settings > Network > IP Network > H.323 > Enable IP H.323 | No |
5001 | Static | TCP | People+Content™ IP | Yes | Admin Settings > Audio / Video > Video Input > General Camera Settings > Enable People+Content IP | No |
5060 | Static | TCP / UDP | SIP (Protocol depends on Transport Protocol setting) | Yes | Admin Settings > Network > IP Network > SIP > Enable SIP Admin Settings > Network > IP Network > SIP > Transport Protocol | No |
5061 | Static | TLS | Secure SIP | Yes | Admin Settings > Network > IP Network > SIP > Enable SIP Admin Settings > Network > IP Network > SIP > Transport Protocol | No |
49152-65535 | Dynamic | TCP | H.245 | Yes | Admin Settings > Network > IP Network > H.323 > Enable IP H.323 | Admin Settings > Network > IP Network > Firewall > Fixed Ports > TCP Ports (1024-65535) |
16384-32764 (Default) | Dynamic | UDP | RTP/RTCP Video and Audio | Yes | Admin Settings > Network > IP Network > H.323 > Enable IP H.323 Admin Settings > Network > IP Network > SIP > Enable SIP | Admin Settings > Network > IP Network > Firewall > Fixed Ports > UDP Ports (1024-65535) |
Outbound ports to a Polycom Video product
Configuration | ||||||
Outbound Port | Type | Protocol | Function | On By Default? (Low Security Profile) | Enable/Disable? | Configurable Port Number |
80 | Static | TCP | Polycom Product Registration | Yes | Uncheck "Register" checkbox during OOB setup | No |
123 | Static | UDP | NTP | Yes | Admin Settings > General Settings > Date and Time > System Time > Time Server | No |
162 | Static | UDP | SNMP Trap | Yes | Admin Settings > Servers > SNMP > Enable SNMP Admin Settings > Servers > SNMP > Destination Address <1,2,3> | Yes - Admin Settings > Servers > SNMP > Destination Address <1,2,3> > Port |
389 | Static | TLS | LDAP | Yes | Admin Settings > Servers > Directory Servers > Server Type | Yes - Admin Settings > Servers > Directory Servers > Server Type = LDAP - Admin Settings > Servers > Directory Servers > Server Port |
389 | Static | TLS | LDAP to ADS (External Authentication) | No | Admin Settings > Security > Global Security > Authentication > Enable Active Directory External Authentication | No |
443 | Static | TLS | CMA/RealPrese nce Resource Management (Provisioning, Monitoring, Softupdate) | No | Admin Settings > Servers > Provisioning Service > Enable Provisioning | No |
443 | Static | TLS | Microsoft Exchange Server (Calendaring) | No | Admin Settings > Servers > Calendaring Service > Enable Calendaring Service | No |
443 | Static | TLS | Microsoft Lync Address Book | No | Admin Settings > Servers > Directory Servers > Server Type | No |
514 | Static | UDP | Syslog | No | Diagnostics > System > System Log Settings > Enable Remote Logging | Yes |
1718 | Static | UDP | H.225.0 Gatekeeper Discovery | No | Admin Settings > Network > IP Network > H.323 > Use Gatekeeper = Auto | No |
1719 | Static | UDP | H.225.0 RAS | No | Admin Settings > Network > IP Network > H.323 > Use Gatekeeper | Yes - outgoing port can be specified in the Primary Gatekeeper IP Address field |
1720 | Static | TCP | H.225.0 Call Signaling | Yes | Admin Settings > Network > IP Network > H.323 > Enable IP H.323 | No |
3601 | Static | TCP | GDS | No | Admin Settings > Servers > Directory Servers > Server Type | No |
5060 | Static | TCP / UDP | SIP | Yes | Admin Settings > Network > IP Network > SIP > Enable SIP AND Admin Setting > Network > IP Network > SIP > Transport Protocol = Auto, TCP, or UDP | Yes - outgoing port can be specified in the dial string (user@domain:p ort) Note that the transport protocol used depends on Admin Settings > Network > IP Network > SIP > Transport Protocol |
5061 | Static | TLS | Secure SIP | Yes | Admin Settings > Network > IP Network > SIP > Enable SIP AND Admin Setting > Network > IP Network > SIP > Transport Protocol = Auto or TLS | Yes - outgoing port can be specified in the dial string (user@domain:p ort) |
5222 | Static | TCP | CMA/RealPrese nce Resource Manager: XMPP | No | Provisioned by RealPresence Resource Manager | No |
49152- 65535 | Dynamic | TCP | H.245 | Yes | Admin Settings > Network > IP Network > Enable IP H.323 | Admin Settings > Network > IP Network > Firewall > Fixed Ports > TCP Ports (1024-65535) |
16384- 32764 (Default) | Dynamic | UDP | RTP/RTCP Video and Audio | Yes | Admin Settings > Network > IP Network > Enable IP H.323 Admin Settings > Network > IP Network > Enable SIP | Admin Settings > Network > IP Network > Firewall > Fixed Ports > UDP Ports (1024-65535) |
NOTE: Please bear security in mind before opening all the above ports for a unit on an external IP / Internet !
A few simple examples in regards firewall blocked ports.
- Far End Port 1720 blocked for Call Setup
In the above example the End Point tries to setup a call to another endpoint located at 10.252.149.103 but cannot establish the H.323 TCP connection on port 1720 to setup the call.
- Far End no answer on Call Setup
In the above example the End Point is setting up a call to another endpoint located at 10.252.149.103 and is establishing the H.323 TCP connection on port 1720 to setup the call. It then uses H.225 via TCP to setup the call and alert the far end without the far end answering the call.
- Far End answer call
In the above example the End Point is setting up a call to another endpoint located at 10.252.149.103 and is establishing the H.323 TCP connection on port 1720 to setup the call. It then uses H.225 via TCP to setup the call and alert the far end.
Further into the above trace the Endpoints then exchange their capabilities
The above as an example is a call between two Real Presence Desktop Clients. The RTP ports used for this application as an example use Ports 3230 for the Caller and 3232 for the Called.
NOTE: Please always check the Admin Guide or Release Notes for specific ports per device used!
The above as an example is a call between a GroupSeries and a Real Presence Desktop Clients. The RTP ports used for this application as an example use Ports 16386 for the Caller and 3230 for the Called.
In a H.323 call H.245 is used as a control channel protocol in order to establish the call.
The above is the initial capability exchange.
The request: openLogicalChannel and response: openLogicalChannelAck messages are being used once the call is answered to negotiate the control and media ports that are being used for the call.
and