• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
Guidelines
The Poly Video Conferencing Knowledge Base is live! We look forward to helping you with common issues and troubleshooting advice!
karlaz
Views : 353
No ratings

Firewall Port usage:

 

You might require the below detailed information when configuring network equipment for video conferencing.

 

NOTE: Please bear security in mind before opening all the above ports for a unit on an external IP / Internet !

 

As an example to establish a basic H.323 call between 2 End Points the following ports are required:

 

  • TCP 1720 for the initial call setup
  • TCP 49152 => 65535 for additional signalling
  • UDP 16384 => 32764 for the media between the two endpoints

The above is just a basic guideline and additional ports are described below and ports may vary if Desktop or Mobile clients are being used.

 

NOTE: Always check the Release notes or Admin Guides for ports being utilized!

 

For basic SIP troubleshooting please check => here <=

 

The following tables show IP port usage.

 

NOTE: The below example port list is from a GroupSeries and some of the ports listed below may not be applicable to any older codec's or desktop / mobile clients!

 

Inbound ports to a Polycom Video product

 

    Configuration 
Inbound
Port
TypeProtocolFunctionOn By
Default?
(Low
Security
Profile)
Enable/Disable?Configurable
Port Number
22StaticTCPPolycom Touch
Control over
SSH
YesAdmin Settings > General Settings >
Pairing > Polycom Touch Control >
Enable Polycom Touch Control
No
23StaticTCPTelnet
Diagnostics
NoAdmin Settings > Security > Global
Security > Access > Enable Telnet
Access
No
24StaticTCPPolycom APINoAdmin Settings > Security > Global
Security > Access > Enable Telnet
Access
No
80StaticTCPRealPresence
Group Web UI
over HTTP
YesAdmin Settings > Security > Global
Security > Access > Enable Web
Access
- disables HTTP and HTTPS port
Admin Settings > Security > Global
Security > Access > Restrict to
HTTPS
- disables HTTP port
Admin Settings >
Security > Global
Security >
Access > Web
Access Port
(http)
161StaticUDPSNMPNoAdmin Settings > Security > Global
Security > Access > Enable SNMP
Access
Admin Settings > Servers > SNMP >
Enable SNMP
Admin Settings >
Servers > SNMP
> Listening Port
443StaticTLSRealPresence
Group Web UI
over HTTPS
YesAdmin Settings > Security > Global
Security > Access > Enable Web
Access
No
1719StaticUDPH.225.0 RASNoAdmin Settings > Network > IP
Network > H.323 > Use Gatekeeper
No
1720StaticTCPH.225.0 Call SignalingYesAdmin Settings > Network > IP
Network > H.323 > Enable IP H.323
No
5001StaticTCPPeople+Content™ IPYesAdmin Settings > Audio / Video >
Video Input > General Camera
Settings > Enable People+Content IP
No
5060StaticTCP / UDPSIP (Protocol
depends on
Transport
Protocol
setting)
YesAdmin Settings > Network > IP
Network > SIP > Enable SIP
Admin Settings > Network > IP
Network > SIP > Transport Protocol
No
5061StaticTLSSecure SIPYesAdmin Settings > Network > IP
Network > SIP > Enable SIP
Admin Settings > Network > IP
Network > SIP > Transport Protocol
No
49152-65535DynamicTCPH.245YesAdmin Settings > Network > IP
Network > H.323 > Enable IP H.323
Admin Settings >
Network > IP
Network >
Firewall > Fixed
Ports > TCP
Ports
(1024-65535)
16384-32764 (Default)DynamicUDPRTP/RTCP Video and AudioYesAdmin Settings > Network > IP
Network > H.323 > Enable IP H.323
Admin Settings > Network > IP
Network > SIP > Enable SIP
Admin Settings >
Network > IP
Network >
Firewall > Fixed
Ports > UDP
Ports
(1024-65535)

 

Outbound ports to a Polycom Video product

 

     Configuration 
Outbound
Port
TypeProtocolFunctionOn By
Default?
(Low
Security
Profile)
Enable/Disable?Configurable
Port Number
80StaticTCPPolycom Product RegistrationYesUncheck "Register" checkbox during
OOB setup
No
123StaticUDPNTPYesAdmin Settings > General Settings >
Date and Time > System Time >
Time Server
No
162StaticUDPSNMP TrapYesAdmin Settings > Servers > SNMP >
Enable SNMP
Admin Settings > Servers > SNMP >
Destination Address <1,2,3>
Yes - Admin
Settings >
Servers > SNMP
> Destination
Address <1,2,3>
> Port
389StaticTLSLDAPYesAdmin Settings > Servers > Directory
Servers > Server Type
Yes
- Admin Settings
> Servers >
Directory
Servers >
Server Type =
LDAP
- Admin Settings
> Servers >
Directory
Servers >
Server Port
389StaticTLSLDAP to ADS
(External
Authentication)
NoAdmin Settings > Security > Global
Security > Authentication > Enable
Active Directory External
Authentication
No
443StaticTLSCMA/RealPrese
nce Resource
Management
(Provisioning,
Monitoring,
Softupdate)
NoAdmin Settings > Servers >
Provisioning Service > Enable
Provisioning
No
443StaticTLSMicrosoft
Exchange
Server
(Calendaring)
NoAdmin Settings > Servers >
Calendaring Service > Enable
Calendaring Service
No
443StaticTLSMicrosoft Lync
Address Book
NoAdmin Settings > Servers > Directory
Servers > Server Type
No
514StaticUDPSyslogNoDiagnostics > System > System Log
Settings > Enable Remote Logging
Yes
1718StaticUDPH.225.0
Gatekeeper
Discovery
NoAdmin Settings > Network > IP
Network > H.323 > Use Gatekeeper
= Auto
No
1719StaticUDPH.225.0 RASNoAdmin Settings > Network > IP
Network > H.323 > Use Gatekeeper
Yes - outgoing
port can be
specified in the
Primary
Gatekeeper IP
Address field
1720StaticTCPH.225.0 Call
Signaling
YesAdmin Settings > Network > IP
Network > H.323 > Enable IP H.323
No
3601StaticTCPGDSNoAdmin Settings > Servers > Directory
Servers > Server Type
No
5060StaticTCP / UDPSIPYesAdmin Settings > Network > IP
Network > SIP > Enable SIP
AND
Admin Setting > Network > IP
Network > SIP > Transport Protocol
= Auto, TCP, or UDP
Yes - outgoing
port can be
specified in the
dial string
(user@domain:p
ort)
Note that the
transport
protocol used
depends on
Admin Settings
> Network > IP
Network > SIP >
Transport
Protocol
5061StaticTLSSecure SIPYesAdmin Settings > Network > IP
Network > SIP > Enable SIP
AND
Admin Setting > Network > IP
Network > SIP > Transport Protocol
= Auto or TLS
Yes - outgoing
port can be
specified in the
dial string
(user@domain:p
ort)
5222StaticTCPCMA/RealPrese
nce Resource
Manager: XMPP
NoProvisioned by RealPresence
Resource Manager
No
49152-
65535
DynamicTCPH.245YesAdmin Settings > Network > IP
Network > Enable IP H.323
Admin Settings
> Network > IP
Network >
Firewall > Fixed
Ports > TCP
Ports
(1024-65535)
16384-
32764
(Default)
DynamicUDPRTP/RTCP
Video and Audio
YesAdmin Settings > Network > IP
Network > Enable IP H.323
Admin Settings > Network > IP
Network > Enable SIP
Admin Settings
> Network > IP
Network >
Firewall > Fixed
Ports > UDP
Ports
(1024-65535)

 

NOTE: Please bear security in mind before opening all the above ports for a unit on an external IP / Internet !

 

A few simple examples in regards firewall blocked ports.

 

  • Far End Port 1720 blocked for Call Setup

 

karlaz_19-1724706103529.png

 

In the above example the End Point tries to setup a call to another endpoint located at 10.252.149.103 but cannot establish the H.323 TCP connection on port 1720 to setup the call.

 

  • Far End no answer on Call Setup
karlaz_20-1724706103531.png

 

In the above example the End Point is setting up a call to another endpoint located at 10.252.149.103 and is establishing the H.323 TCP connection on port 1720 to setup the call. It then uses H.225 via TCP to setup the call and alert the far end without the far end answering the call.

 

  • Far End answer call
karlaz_21-1724706103533.png

 

 

 

In the above example the End Point is setting up a call to another endpoint located at 10.252.149.103 and is establishing the H.323 TCP connection on port 1720 to setup the call. It then uses H.225 via TCP to setup the call and alert the far end.

 

Further into the above trace the Endpoints then exchange their capabilities

 

karlaz_22-1724706103535.png

 

 

 

The above as an example is a call between two Real Presence Desktop Clients. The RTP ports used for this application as an example use Ports 3230 for the Caller and 3232 for the Called.

 

NOTE: Please always check the Admin Guide or Release Notes for specific ports per device used!

 

karlaz_23-1724706103538.png

 

 

The above as an example is a call between a GroupSeries and a Real Presence Desktop Clients. The RTP ports used for this application as an example use Ports 16386 for the Caller and 3230 for the Called.

 

In a H.323 call H.245 is used as a control channel protocol in order to establish the call.

 

karlaz_24-1724706103540.png

 

 

The above is the initial capability exchange.

 

The request: openLogicalChannel and response: openLogicalChannelAck messages are being used once the call is answered to negotiate the control and media ports that are being used for the call.

 

karlaz_25-1724706103542.png

 

 

and

 

karlaz_26-1724706103544.png

 

 
Contributors
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.