Introduction
Typically, UCX server is deployed behind a router that implements NAT/PAT between the UCX server and the Internet. In order to provide external access to servers on the local network, the router allows you to configure port forwarding (based on the manufacturer of your router, different names can be used for this feature – for example Virtual Server Setup).
This document focuses on the steps necessary to enable support for UCX telephony functionality, including accessing the Web Based Administration pages for remote management from the internet across the customer router. Other UCX functionality may require configuration of the customer router to ensure proper communication can be established. The documentation describing that functionality includes the specific router configuration required, such as UCX Remote Access, Software Update, and External CDR.
Routers also allow one specific server to be completely exposed to the public network by using the DMZ (demilitarized zone) feature. We strongly discourage you from using this feature with your UCX Server.
Port Forwarding to Allow Remote Management
In order to enable access to the UCX Administration of your UCX system from the public network, you should configure your router to forward the following ports to the IP address of your UCX Server (by default 192.168.1.200):
Rule Name | Port Number | Port Type |
|---|---|---|
| Secure Web Server (HTTPS) | 443 | TCP |
With this rule enabled, you can access UCX Administration using the address https://<public IP address of your router>.
Alternatively, a “special” port number could be used for external access to the HTTPS port on UCX. For example, the router could be configured to send all traffic received on port 8000 to the internal IP address of UCX and port 443. Users would then access the system using the address: https://<public IP address of your router>:8000.
When configuring your router, the goal should be to open as few ports as possible. Hence we recommend you to use only the Secure Web Server rule above. Nevertheless, if you really want to access the UCX Administration pages also using the address http://<public IP address of your router>, you could also create the following port forwarding rule:
Rule Name | Port Number | Port Type |
|---|---|---|
| Web Server (HTTP) | 80 | TCP |
DO NOT LEAVE THE DEFAULT PASSWORD ENABLED AND DO NOT USE A SIMPLE PASSWORD!
In order for the UCX system to properly establish voice path for SIP trunks calls in all possible scenarios, it is necessary to enable port forwarding of RTP ports to the UCX server. The RTP port range (by default 10000 to 13999) must be forwarded to the IP address of your UCX Server (by default 192.168.1.200):
| Rule Name | Port Number/Port Range | Port Type |
|---|---|---|
| RTP (media) | 10000 – 13999 | UDP |
| SIP Signaling (see Note 1) | 5060 (see Note 2) | UDP/TCP |
For registration based SIP trunks, there is no need to enable port forwarding of the SIP port (5060 by default). This rule is needed only for SIP Trunks not using Registration-based connections or if there are remote SIP phones connecting to the UCX system. (See section Port Forwarding for Remote SIP phones).
If you use a non-default port number for SIP signaling (configured in SIP Settings page), use the actual port number for the first rule in the table above. For AWS systems, check the value pre-populated in the SIP Settings page under Bind Port.
In order to allow XSTIM based phones to access your UCX Server from the public network, you should configure your router to forward the following ports to the IP address of your UCX Server (by default 192.168.1.200):
If your UCX Server is behind NAT, you must enter the public IP address of the UCX Server in the Public IP field on the XSTIM Settings page.
Rule Name | Port Number/Port Range | Port Type |
|---|---|---|
| XSTIM (signaling) | 7000 (default *) | UDP |
| RTP (media) | 10000 – 13999 | UDP |
* If you use a non-default port number for XSTIM signaling (configured in XSTIM Settings page), use the actual port number for the first rule in the table above.
If you have XSTIM devices that are not located on your local subnet, you should also set the Jitter Buffer option in XSTIM Settings to Enabled.
Port Forwarding for Remote InfinityOne Clients
In order to allow InfinityOne softphones (Desktop, Browser or Mobile) to access your InfinityOne Server from the public network, you should configure your router to forward the following ports to the IP address of your InfinityOne Server (by default 192.168.1.200):
If your InfinityOne Server is behind NAT, you must enter the public IP address of the UCX Server in the Public IP field on the XSTIM Settings page.
Rule Name | Port Number/Port Range | Port Type |
|---|---|---|
| InfintyOneSitePort (signaling) | 21326 (default *) | TCP |
| RTP (media) | 10000 – 13999 | UDP |
* If you use a non-default port number for the Site URL Port Number (configured in InfinityOne Installation Wizard or the InfinityOne Administration/General/Network settings), use the actual port number for the first rule in the table above.
Port Forwarding for Remote UCX MGCP Phones
In order to allow MGCP phones (typically Panasonic IP phones) to access your UCX Server from the public network, you should configure your router to forward the following ports to the IP address of your UCX Server (by default 192.168.1.200).
Rule Name | Port Number/Port Range | Port Type |
|---|---|---|
| MGCP Server (signaling) | 2727 | UDP |
| PTAP Server | 9300 | UDP |
| RTP (media) | 10000 – 13999 | UDP |
Port Forwarding for Remote SIP Phones
In order to allow remote SIP phones to access your UCX Server from the public network, you should configure your router to forward the following ports to the IP address of your UCX Server (by default 192.168.1.200):
Rule Name | Port Number/Port Range | Port Type |
|---|---|---|
| SIP (signaling) | 5060 (default *) | UDP/TCP |
| RTP (media) | 10000 – 13999 | UDP |
* If you use a non-default port number for SIP signaling (configured in SIP Settings page), use the actual port number for the first rule in the table above. For AWS systems, check the value pre-populated in the SIP Settings page under Bind Port.
If your UCX Server is behind NAT, you must enter the public IP address of the UCX Server in the External IP field on the SIP Settings page.
The extension for the remote SIP phone must also have NAT mode set to Yes. (See Adding a SIP Extension)
Do NOT add a port forwarding rule for the SIP port unless it is needed. If you need to expose the SIP port, use a non-default SIP port value (e.g., 5062 or 5090 instead of the default 5060).
