Configure Port Forwarding for Remote Access

Introduction

Typically, UCx server is deployed behind a router that implements NAT/PAT between the UCx server and the Internet.  In order to provide external access to servers on the local network, the router allows you to configure port forwarding (based on the manufacturer of your router, different names can be used for this feature - for example Virtual Server Setup).

Routers also allow one specific server to be completely exposed to the public network by using the DMZ (demilitarized zone) feature. We strongly discourage you from using this feature with your UCx Server.

Port Forwarding to Allow Remote Management

In order to enable access to the Web-based Configuration Utility of your UCx system from the public network, you should configure your router to forward the following ports to the IP address of your UCx Server (by default 192.168.1.200):

Rule Name
Port Number
Port Type
Secure Web Server (HTTPS) 443 TCP

With this rule enabled, you can access the UCx Web-based Configuration Utility using the address https://<public IP address of your router>.

Alternatively, a "special" port number could be used for external access to the HTTPS port on UCx. For example, the router could be configured to send all traffic received on port 8000 to the internal IP address of UCx and port 443. Users would then access the system using the address: https://<public IP address of your router>:8000.

 Please note that you have to use https, not just http.

When configuring your router, the goal should be to open as few ports as possible.  Hence we recommend you to use only the Secure Web Server rule above.  Nevertheless, if you really want to access the UCx Web-based Configuration Utility also using the address http://<public IP address of your router>, you could also create the following port forwarding rule:

Rule Name
Port Number
Port Type
Web Server (HTTP) 80 TCP

Before you enable public access to your UCx Web-based Configuration Utility, ensure that the password for the admin account has been changed to a strong password.

DO NOT LEAVE THE DEFAULT PASSWORD ENABLED AND DO NOT USE A SIMPLE PASSWORD!

Port Forwarding for SIP Trunks

In order for the UCx system to properly establish voice path for SIP trunks calls in all possible scenarios, it is necessary to enable port forwarding of RTP ports to the UCx server.  The RTP port range (by default 10000 to 13999) must be forwarded to the IP address of your UCx Server (by default 192.168.1.200):

Rule Name Port Number/Port Range Port Type
RTP (media) 10000 - 13999 UDP

For registration based SIP trunks, there is no need to enable port forwarding of the SIP port (5060 by default).  This rule is needed only if there are remote SIP phones connecting to the UCx system. (See section Port Forwarding for Remote SIP phones).

Port Forwarding for Remote Nortel Phones

In order to allow Nortel IP phones (with UNISTIM firmware) to access your UCx Server from the public network, you should configure your router to forward the following ports to the IP address of your UCx Server (by default 192.168.1.200):

If your UCx Server is behind NAT, you must enter the public IP address of the UCx Server in the Public IP field on the Nortel Settings page.

Rule Name
Port Number/Port Range
Port Type
UNISTIM (signaling) 7000 (default *) UDP
RTP (media) 10000 - 13999 UDP

* If you use a non-default port number for UNISTIM signaling (configured in Nortel Settings page), use the actual port number for the first rule in the table above.

Port Forwarding for Remote SIP Phones

In order to allow remote SIP phones to access your UCx Server from the public network, you should configure your router to forward the following ports to the IP address of your UCx Server (by default 192.168.1.200):

If your UCx Server is behind NAT, you must enter the public IP address of the UCx Server in the External IP field on the SIP Settings page.

The extension for the remote SIP phone must also have NAT mode set to Yes. (See Adding a SIP Extension)

Rule Name
Port Number/Port Range
Port Type
SIP (signaling) 5060 (default *) UDP
RTP (media) 10000 - 13999 UDP

* If you use a non-default port number for SIP signaling (configured in SIP Settings page), use the actual port number for the first rule in the table above.

Do NOT add a port forwarding rule for the SIP port unless it is needed.  If you need to expose the SIP port, use a non-default SIP port value (e.g., 5062 or 5090 instead of the default 5060).

Self Assessment Quiz

  1. Do you know which ports to forward for remote Nortel UNIStim devices?
  2. Do you know which ports to forward for remote SIP devices?
  3. To allow remote management of your UCx system, can you use the default administrator password?
Page Tags: 
How-To