Applies to Platform: UTM 3.0, 4i Edge 3.0, UTM 5.0, 4i Edge 5.0, UTM 6.0, 4i Edge 6.0
Last Update: 23 November 2020
This article presents how to optimize audio and video conferencing using firewall rules on the Endian appliance that allow access to them on different TCP and UDP ports.
Scenario: For security reasons, there are situations when certain seemingly functional connections to known video and audio-conferencing platforms (e.g. Microsoft Teams, Zoom, Google Meet, WhatsApp, etc.) does not work without opening certain ports in the firewall, used by the services. In these cases it is necessary to optimize them by adding firewall rules in the GREEN Outgoing traffic area that allow connections with them on different TCP and UDP ports.
Tutorial structure
I would also add that the two solutions for Microsoft Teams and for WhatsApp, both use the same approach (outgoing firewall rules). Depending on the service you need to optimize, you can read the following:
Optimize the connection for Microsoft Teams
The following ports must be allowed to connect to Microsoft Teams:
Destination TCP ports: 80 and 443
Destination UDP ports: 3478, 3479, 3480, 3481
Destination networks: 13.107.64.0/18, 52.112.0.0/14 and 52.120.0.0/14
Note
TCP ports 80 and 443 are already open by default for the GREEN zone for Outgoing traffic in the firewall.
- To add firewall rules for the ports required for Microsoft Teams access Firewall > Outgoing traffic > Add a new firewall rule
- The configuration mode for the firewall rule must contain the following elements, after which it will be clicked Create rule then Apply:
Source: GREEN interface
Destination networks: 13.107.64.0/18, 52.112.0.0/14 and 52.120.0.0/14
Service/Port: User definied
Protocol: UDP
Destination port (one per line): 3478, 3479, 3480, 3481
Action: ALLOW
Remark: Microsoft Teams
Position: First - The result is:
Now you can try the connection with the Microsoft Teams video and audio conferencing platform.
Optimize the connection for WhatsApp
The following ports must be allowed to connect to WhatsApp:
Destination TCP ports: 80 and 443
Destination TCP + UDP ports: 4244, 5222, 5223, 5228, 5242, 59234, 50318, 3478, 45395, 34784, 45395, 50318, 59234
Destination network: RED zone
Note
TCP ports 80 and 443 are already open by default for the GREEN zone for Outgoing traffic in the firewall.
- To add firewall rules for the ports required for WhatsApp access Firewall > Outgoing traffic > Add a new firewall rule
- The configuration mode for the firewall rule must contain the following elements, after which it will be clicked Create rule then Apply:
Source: GREEN interface
Destination networks: RED zone
Service/Port: User definied
Protocol: TCP + UDP
Destination port (one per line): 4244, 5222, 5223, 5228, 5242, 59234, 50318, 3478, 45395, 34784, 45395, 50318, 59234
Action: ALLOW
Remark: WhatsApp
Position: First - The result is:
Now you can try the connection with the WhatsApp platform.
Comments