Cisco Unified MeetingPlace Release 6.1 -- About Firewalls
A firewall is a security device set up to protect a local area network (LAN) from unwanted Internet access. However, you can provide limited access by opening specific TCP ports to allow inbound access to public servers while leaving other portions of the network protected. For example, when a user on the Internet connects to a company home page, the user must pass through TCP port 80 of the company firewall to access the web server, as shown in Figure: Typical Firewall Setup.
Therefore, if you do nothing else, you can allow external access to Cisco Unified MeetingPlace web conferences by opening ports on your network.
Figure: Typical Firewall Setup
Cisco Unified MeetingPlace web server inside the private corporate network.
End user system outside the private corporate network.
Port Access Requirements with a Firewall
As long as port 80 is open inbound on your firewall for both of the hostnames or IP addresses on your Web Conferencing server, external users who are using the meeting console are able to participate in a Cisco Unified MeetingPlace web conference. However, port 80 requires "tunneling" on the meeting console connection (the Web Conferencing hostname or IP address) and results in slower web conferencing. Therefore, for an optimal web conferencing experience, we strongly recommend that you open TCP port 80 inbound for the Home Page hostname or IP address and also open TCP port 1627 inbound for the Web Conferencing hostname or IP address.
If your deployment is using SSL, make sure port 443 is open inbound on your firewall for both of the hostnames or IP addresses on your Web Conferencing server.
If external attendees are also located behind a firewall, they must open the same ports outbound on their end.
Ports Needed for Sending Attachments
The TCP-5005 port is used to send attachments between the internal and external Cisco Unified MeetingPlace Web Conferencing servers and the Cisco Unified MeetingPlace Audio Server. If this port is not open, attachments can go over port TCP-5003, although this degrades performance.