Function Port range Type Ingoing Outgoing
         
VCS Expressway to internet (WAN)        
RTP / RTCP media 1024 - 65535 UDP + TCP   x
Listening port for Gatekeeper RAS 1719 UDP   x
SIP 5060 TCP + UDP   x
SIP (TLS) 5061 TCP + TLS   x
Q.931 / H.225 / H.245 15000 - 19999 TCP   x
RTP / RTCP media 36000 - 59999 UDP   x
Temporary port 25000 - 29999 TCP   x
NTP 123 UDP   x
DNS 53 UDP   x
STUN Media (Default) 24000 - 29999 UDP   x
         
         
Internet (WAN) to VCS Expressway in DMZ        
Listening port for Gatekeeper RAS 1719 UDP x  
Listening port for H.225 1720 TCP x  
RTP media port 2776 UDP x  
Listening port for H.225 og H.245 2776 TCP x  
Listening port for H.245 2777 TCP x  
TCP media control port 2777 UDP x  
Q.931 / H.225 / H.245 15000 - 19999 TCP x  
RTP / RTCP media (Cisco endpoints) - not recommended 36000 - 59999 UDP x  
RTP / RTCP media (Other than Cisco) - recommended 1024 - 65535 UDP + TCP x  
SIP 5060 TCP + UDP x  
SIP (TLS) 5061 TCP + TLS x  
STUN Discovery 3478 - 3483 UDP x  
STUN Relay 4678 UDP x  
STUN Media (Default) 24000 - 29999 UDP x  
         
         
VCS Expressway in DMZ to VCS Control        
Traversel zoneport for H.323 6xxx UDP x x
Traversel zoneport for SIP 7xxx TCP + TLS x x
Traversel zoneport for H.323 6xxx UDP   x
Traversel zoneport for SIP 7xxx TCP + TLS   x
         
         
Remember H.323 ALG/Application support should be off on the firewall !!