Administration

  • UCX Software - How-To-Guides
Configure Port Forwarding for Remote Access

Introduction

Typically, UCX server is deployed behind a router that implements NAT/PAT between the UCX server and the Internet.  In order to provide external access to servers on the local network, the router allows you to configure port forwarding (based on the manufacturer of your router, different names can be used for this feature – for example Virtual Server Setup).

This document focuses on the steps necessary to enable support for UCX telephony functionality, including accessing the Web Based Administration pages for remote management from the internet across the customer router.  Other UCX functionality may require configuration of the customer router to ensure proper communication can be established. The documentation describing that functionality includes the specific router configuration required, such as UCX Remote AccessSoftware Update, and External CDR.

IMPORTANT

Routers also allow one specific server to be completely exposed to the public network by using the DMZ (demilitarized zone) feature. We strongly discourage you from using this feature with your UCX Server.

Port Forwarding to Allow Remote Management

In order to enable access to the UCX Administration of your UCX system from the public network, you should configure your router to forward the following ports to the IP address of your UCX Server (by default 192.168.1.200):
Rule Name
Port Number
Port Type
Secure Web Server (HTTPS) 443 TCP
With this rule enabled, you can access UCX Administration using the address https://<public IP address of your router>. Alternatively, a “special” port number could be used for external access to the HTTPS port on UCX. For example, the router could be configured to send all traffic received on port 8000 to the internal IP address of UCX and port 443. Users would then access the system using the address: https://<public IP address of your router>:8000.
Please note that you have to use https, not just http.
When configuring your router, the goal should be to open as few ports as possible.  Hence we recommend you to use only the Secure Web Server rule above.  Nevertheless, if you really want to access the UCX Administration pages also using the address http://<public IP address of your router>, you could also create the following port forwarding rule:
Rule Name
Port Number
Port Type
Web Server (HTTP) 80 TCP
IMPORTANT

Before you enable public access to your UCX Administration, ensure that the password for the admin account has been changed to a strong password.

DO NOT LEAVE THE PASSWORD AS DEFAULT AND DO NOT USE A SIMPLE PASSWORD!

Port Forwarding for SMS-Enabled DID feature

Remote devices running Infinity 3065 will need to communicate with the UCX over HTTPS (port 443) for the SMS feature. Configure your router to forward the following port to the IP address of your UCX Server.

Rule NamePort NumberPort Type
SMS (HTTPS)443TCP

Port Forwarding for SIP Trunks

In order for the UCX system to properly establish voice path for SIP trunks calls in all possible scenarios, it is necessary to enable port forwarding of RTP ports to the UCX server.  The RTP port range (by default 10000 to 13999) must be forwarded to the IP address of your UCX Server (by default 192.168.1.200):

Rule NamePort Number/Port RangePort Type
RTP (media)10000 – 13999UDP
SIP Signaling (see Note 1)5060 (see Note 2)UDP/TCP
PJSIP Signaling5160 (see Note 2)UDP/TCP
PJSIP Signaling TLS 5161 (see Note 2)TLS
NOTE 1

This rule is needed for SIP Trunks using IP-based connections or if there are remote SIP phones connecting to the UCX system. (See section Port Forwarding for Remote SIP phones).

NOTE 2

If you use a non-default port number for SIP signaling (configured in SIP Settings or PJSIP Settings page), use the actual port number configured. For AWS systems, check the value pre-populated in the SIP Settings page under Bind Port.

Port Forwarding for Remote XSTIM Phones

In order to allow XSTIM based phones to access your UCX Server from the public network, you should configure your router to forward the following ports to the IP address of your UCX Server (by default 192.168.1.200):

If your UCX Server is behind NAT, you must enter the public IP address of the UCX Server in the Public IP field on the XSTIM Settings page.

Rule Name
Port Number/Port Range
Port Type
XSTIM (signaling)7000 (default *)UDP
RTP (media)10000 – 13999UDP

* If you use a non-default port number for XSTIM signaling (configured in XSTIM Settings page), use the actual port number for the first rule in the table above.

NOTE

If you have XSTIM devices that are not located on your local subnet, you should also set the Jitter Buffer option in XSTIM Settings to Enabled.

Port Forwarding for Remote Infinity Web Clients

In order to allow Infinity Web Client to access your InfinityOne Server from the public network, you should configure your router to forward the following ports to the IP address of your InfinityOne Server (by default 192.168.1.200): If your InfinityOne Server is behind NAT, you must enter the public IP address of the UCX Server in the Public IP field on the XSTIM Settings page.
Rule Name
Port Number/Port Range
Port Type
InfintyOneSitePort (signaling) 21326 (default *) TCP
RTP (media) 10000 – 13999 UDP
* If you use a non-default port number for the Site URL Port Number (configured in InfinityOne Installation Wizard or the InfinityOne Administration/General/Network settings), use the actual port number for the first rule in the table above.

Port Forwarding for Remote UCX MGCP Phones

In order to allow MGCP phones (typically Panasonic IP phones) to access your UCX Server from the public network, you should configure your router to forward the following ports to the IP address of your UCX Server (by default 192.168.1.200).
Rule Name Port Number/Port Range Port Type
MGCP Server (signaling) 2727 UDP
PTAP Server 9300 UDP
RTP (media) 10000 – 13999 UDP

Port Forwarding for Remote NEC IP Phones

In order to allow NEC IP phones to access your UCX Server from the public network, you should configure your router to forward the following ports to the IP address of your UCX Server (by default 192.168.1.200).
Rule Name Port Number/Port Range Port Type
NEC IP Phone 5080 (default) UDP
RTP (media) 10000 – 13999 UDP

Port Forwarding for Remote SIP Phones

In order to allow remote SIP phones to access your UCX Server from the public network, you should configure your router to forward the following ports to the IP address of your UCX Server (by default 192.168.1.200):
Rule Name
Port Number/Port Range
Port Type
SIP (signaling) 5060 (default *) UDP/TCP
RTP (media) 10000 – 13999 UDP
* If you use a non-default port number for SIP signaling (configured in SIP Settings page), use the actual port number for the first rule in the table above. For AWS systems, check the value pre-populated in the SIP Settings page under Bind Port.
NOTE 1

If your UCX Server is behind NAT, you must enter the public IP address of the UCX Server in the External IP field on the SIP Settings page.

NOTE 2

The extension for the remote SIP phone must also have NAT mode set to Yes. (See Adding a SIP Extension)

IMPORTANT

Do NOT add a port forwarding rule for the SIP port unless it is needed.  If you need to expose the SIP port, use a non-default SIP port value (e.g., 5062 or 5090 instead of the default 5060).

Print Friendly, PDF & Email

Contents