Only 2 types of ports are required on the external firewall into the DMZ depending on the application requirements.
- Signaling Protocol: HTTP/HTTPS (80/443) – The firewall routes all traffic received on port 443 (secure) or 80 (un-encrypted) to the HTTP reverse proxy in the DMZ.
Note: The Web Gateway does not perform HSTS on web socket requests. If necessary you can apply HSTS with the Reverse Proxy.
- Media Protocol: sRTP/DTLS over UDP (16000 - 16004/default) – The firewall needs 5 ports (by default) open to handle all sRTP (and DTLS) traffic from the WebRTC clients. The RTP and RTCP traffic are both handled on the same port. The firewall will forward any traffic received on the port to the media broker instance specific for that interface. Note: Each Media Broker in the DMZ requires its own unique interface/port assigned on the firewall.