AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
Deploying Avaya Experience Platform™ (On-Prem + Connect)
Firewall port matrix for media
Last Updated : May 10, 2024 |
Purpose |
Details |
|---|---|
Audio media between the on-premise Avaya Aura® endpoints and Avaya Media Processing Core™ for calls between agent extension and other extension. |
Agent extension calling between the Avaya Experience Platform™ (On-Prem + Connect) agent and the on-premise agent. The call is anchored on Avaya Media Processing Core™. Since the call is not recorded, the local Avaya Aura® Media Server is not involved. |
Audio media between the internal network interface of the on-premise Avaya Session Border Controller and Avaya Media Processing Core™ such as for agent to PSTN calls or agent to remote soft client calls. |
Avaya Aura® has the SIP trunk of the PSTN carrier going through Avaya Session Border Controller. The non-ACD inbound call of the PSTN goes through Session Border Controller to reach agent Avaya Workspaces as a Unified Communications (UC) call. This call is not anchored on Avaya Aura® Media Server because it is not recorded. The media travels between Session Border Controller and Avaya Media Processing Core™. The media is anchored on both Session Border Controller and Avaya Media Processing Core™. |
The following table lists the firewall ports for media between on-premise and cloud deployments:
IP transport |
Origination ports |
Origination IP |
Destination ports |
Protocol |
Destination IP CIDR or FQDN |
|---|---|---|---|---|---|
Purpose: Audio media between the Avaya Workspaces browser of the agent and Avaya Media Processing Core™. Data Type: Audio Direction: From the on-premise PC browser to Avaya Media Processing Core™. |
|||||
UDP |
Ephemeral |
Enterprise internal network PC IP address ranges. |
3000-4999 |
SRTP/SRTCP |
Note:
|
TCP |
Ephemeral |
Enterprise internal network PC IP address ranges. |
80 |
TURN |
Note:
|
TCP/TLS |
Ephemeral |
Enterprise internal network PC IP address ranges. |
443 |
TURN |
Note:
|
UDP |
Ephemeral |
Enterprise internal network PC IP address ranges. |
3478 |
TURN |
Note:
|
Purpose: Audio media between the on-premise Avaya Aura® endpoints and Avaya Media Processing Core™. Data Type: Audio Direction: From the on-premise Avaya Aura® phones or the Avaya Aura® soft clients to Avaya Media Processing Core™. |
|||||
UDP |
Ephemeral |
Enterprise internal network Avaya Aura® phones or Avaya Aura® soft clients IP address ranges. |
3000-4999 |
SRTP |
155.184.0.0/20 155.184.16.0/22 |
Purpose: Audio media between the internal network interface of the on-premise Avaya Session Border Controller and Avaya Media Processing Core™ such as agent to PSTN calls or agent to remote soft client calls. Data Type: Audio Direction: From the internal network interface of on-premise PSTN SIP trunk Avaya Session Border Controller and remote access of the internal network interface of Avaya Session Border Controller to Avaya Media Processing Core™. |
|||||
UDP |
Avaya Session Border Controller UDP port ranges. |
PSTN SIP trunk Avaya Session Border Controllers internal network interface and remote access Avaya Session Border Controllers internal network interface IP address ranges. |
3000-4999 |
SRTP |
155.184.0.0/20 155.184.16.0/22 |
Purpose: Audio media between the on-premise Avaya Aura® Media Server and Avaya Media Processing Core™. Audio media between the on-premise Communication Manager (CM) GXXX media gateways and Avaya Media Processing Core™. Data Type: Audio Direction: From the on-premise Avaya Aura® Media Server or GXXX media gateways to Avaya Media Processing Core™. |
|||||
UDP |
AAMS and GXXX media gateway UDP port ranges. |
AAMS server and GXXX media gateway IP address ranges. |
3000-4999 |
SRTP |
155.184.0.0/20 155.184.16.0/22 |
Media transport guidelines
To ensure that User Datagram Protocol (UDP) media traverses your network firewall securely, configure an address-restricted dynamic cone Network Address Translation (NAT) or a port-restricted dynamic cone NAT for the specified UDP port range. Avoid using a symmetric NAT because it can result in sub-optimal tunneling of audio or video and connection failures.
Media is sensitive to latency. Hence, connect to the internet through the shortest path possible to reduce round trip times and improve the quality of service. You can use split tunneling VPNs and enable signaling traffic to route directly without proxy interference.
You can use the media Classless Inter-Domain Routing (CIDRs) above for UDP to program software-defined network infrastructure for recognizing media traffic and routing to the internet. You can perform this configuration for large enterprises with multiple sites and a centralized network data center architecture. These addresses are dedicated to media globally and not for other purposes.