Configuring the services
Services already created:
The following are standard services that have already been created by default:
HTTP TCP 80
SNMP TCP 161-162/UDP 161-162
LDAP TCP 389
HTTPS TCP 443
SYSLOG UDP 514
Existing Services to be edited:
There are a few services that have already been created for you, but they need to be expanded to accommodate the list of protocols listed for this scenario.
The default h323 contains:
- TCP 1503 l UDP 1719 l TCP 1720
We need to add:
- TCP1719
The default SIP contains:
- UDP 5060
We need to add:
- TCP 5060
H323 service
1. Go to Policy & Objects > Objects > Services.
2. Scroll down to the section: VoIP, Messaging & Other Applications.
3. Select H323.
4. Select Edit.
5. In the Protocol section add the additional protocol:
Protocol Type TCP
Destination port
/Low
1719
6. Select OK to save.
SIP service
1. Go to Policy & Objects > Objects > Services.
2. Scroll down to the section: VoIP, Messaging & Other Applications.
3. Select SIP.
4. Select Edit.
5. In the Protocol section add the additional protocol:
Protocol Type TCP
Destination port /Low 5060
6. Select OK to save.
Custom Services that need to be created
There are a number of possible services that may need to be added from scratch rather than editing existing ones. While it is possible to create a single custom service that contains all of the open ports needed, it make more sense to make this modular in case only a small subset of the service needs to be added to another policy.
Polycom API
1. Go to Policy & Objects > Objects > Services.
2. Select Create New.
3. Fill in the fields of the new service with the following information:
| Name | Polycom API | |
| Service Type | Firewall | |
| Category | VoIP, Messaging & Other | |
| Protocol Type | TCP/UDP/SCTP | |
| Protocol | TCP/UDP/SCTP | |
| Protocol | TCP | |
| Destination Port – Low: | 24 | |
| Destination Port – High: | <leave blank> | |
|
4. |
Select OK. |
Polycom Endpoints
1. Go to Policy & Objects > Objects > Services.
2. Select Create New.
3. Fill in the fields of the new service with the following information:
Name Polycom Endpoints
Service Type Firewall
Category VoIP, Messaging & Other
Protocol Type TCP/UDP/SCTP
Protocol TCP
Destination – Low: 3230
Destination – High: 3253
4. Select OK.
Other Services to add in the same way:
| Name of Service | Category | Protocol & Port # |
|
LDAP secure com- munications |
Authentication |
TCP 636 |
|
Win 2000 ILS Registration |
Network Services |
TCP 1002 |
|
Gatekeeper discovery |
VoIP, Messaging & Other Applications |
TCP 1718 |
|
Audio Call Control |
VoIP, Messaging & Other Applications |
TCP 1731 |
|
Polycom proprietary Global directory data |
VoIP, Messaging & Other Applications |
TCP 3601 |
|
Polycom People+Content |
VoIP, Messaging & Other Applications |
TCP 5001 |
|
HTTP Server Push |
Web Access |
Creating the Service Group
1. Go to Firewall Objects > Service > Groups.
2. Select Create New.
3. Build the Service group by filing in the fields with the following information
Group Name A-V_Conference
Type Firewall
Members
(click in the drop down menu to add the following services)
- HTTP
- SNMP
- LDAP
- HTTPS
- SYSLOG
- Polycom API
- Polycom Endpoints
- LDAP secure communications
- Win 2000 ILS Registration
- Gatekeeper discovery
- Audio Call Control
- Polycom proprietary Global directory data
- Polycom People+Content
- HTTP Server Push