Allow And Optimize The Audio And Video Conferencing Platforms

Versions 3.0 & 5.0 & 6.0

Applies to Platform: UTM 3.0, 4i Edge 3.0, UTM 5.0, 4i Edge 5.0, UTM 6.0, 4i Edge 6.0
Last Update: 23 November 2020

This article presents how to optimize audio and video conferencing using firewall rules on the Endian appliance that allow access to them on different TCP and UDP ports.

Scenario: For security reasons, there are situations when certain seemingly functional connections to known video and audio-conferencing platforms (e.g. Microsoft Teams, Zoom, Google Meet, WhatsApp, etc.) does not work without opening certain ports in the firewall, used by the services. In these cases it is necessary to optimize them by adding firewall rules in the GREEN Outgoing traffic area that allow connections with them on different TCP and UDP ports.

Tutorial structure

I would also add that the two solutions for Microsoft Teams and for WhatsApp, both use the same approach (outgoing firewall rules). Depending on the service you need to optimize, you can read the following:

Microsoft Teams

WhatsApp

Optimize the connection for Microsoft Teams

The following ports must be allowed to connect to Microsoft Teams:

Destination TCP ports: 80 and 443
Destination UDP ports: 3478, 3479, 3480, 3481
Destination networks: 13.107.64.0/18, 52.112.0.0/14 and 52.120.0.0/14

1. To add firewall rules for the ports required for Microsoft Teams access Firewall > Outgoing traffic > Add a new firewall rule
   
   
   
   
2. The configuration mode for the firewall rule must contain the following elements, after which it will be clicked Create rule then Apply:
   
   Source: GREEN interface
   Destination networks: 13.107.64.0/18, 52.112.0.0/14 and 52.120.0.0/14
   Service/Port: User definied
   Protocol: UDP
   Destination port (one per line): 3478, 3479, 3480, 3481
   Action: ALLOW
   Remark: Microsoft Teams
   Position: First
   
   
3. The result is:
   
   

Now you can try the connection with the Microsoft Teams video and audio conferencing platform.

Optimize the connection for WhatsApp

The following ports must be allowed to connect to WhatsApp:

Destination TCP ports: 80 and 443
Destination TCP + UDP ports: 4244, 5222, 5223, 5228, 5242, 59234, 50318, 3478, 45395, 34784, 45395, 50318, 59234
Destination network: RED zone

1. To add firewall rules for the ports required for WhatsApp access Firewall > Outgoing traffic > Add a new firewall rule
   
   
   
   
2. The configuration mode for the firewall rule must contain the following elements, after which it will be clicked Create rule then Apply:
   
   Source: GREEN interface
   Destination networks: RED zone
   Service/Port: User definied
   Protocol: TCP + UDP
   Destination port (one per line): 4244, 5222, 5223, 5228, 5242, 59234, 50318, 3478, 45395, 34784, 45395, 50318, 59234
   Action: ALLOW
   Remark: WhatsApp
   Position: First
   
   
   
   
3. The result is:
   
   

Now you can try the connection with the WhatsApp platform.