Windows Server Firewall
Windows Firewall is a stateful host firewall that drops all unsolicited incoming traffic. This behavior of Windows Firewall provides some protection from malicious users and programs that use unsolicited incoming traffic to attack computers.
For more information, see https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.
When you enable Windows Firewall on the servers, open all ports that the CCE solution components require.
Cisco provides a utility to automatically allow all traffic from Unified CCE applications on Windows Server. The utility can
open ports for common third-party applications, that the contact center enterprise solution uses. The script reads the list
of ports in the file %SYSTEMDRIVE%\CiscoUtils\FirewallConfig\CiscoICMfwConfig_exc.xml
and uses the directive to modify the firewall settings.
The utility allows all traffic from the applications, it adds the relevant applications to the list of excepted programs and services. When the excepted application runs, Windows Firewall monitors the ports on which the program listens and automatically adds those ports to the list of excepted traffic.
The script allows traffic from the third-party applications, by adding the application port number to the list of excepted traffic. Edit the CiscoICMfwConfig_exc.xml
file to enable these ports.
Ports and Services that are enabled by default:
-
80/TCP and 443/TCP - HTTP and HTTPS (when the system installs IIS or TomCat [for Web Setup])
-
Microsoft Remote Desktop
-
File and Print Sharing Exception - see https://docs.microsoft.com/en-us/windows-server/storage/file-server/best-practices-analyzer/smb-open-file-sharing-ports.
Firewall inbound rules that are disabled by default:
-
Core Networking for IPv6
-
Core Networking - IPHTTPS for TCP
-
Core Networking - Teredo for UDP
-
Network Discovery for Private Profile
-
Windows Remote Management - HTTP for domain, private, and public profiles
Service disabled by default:
-
File Server Remote Management
Optional ports that you can open:
-
5900/TCP - VNC
-
5800/TCP - Java Viewer
-
21800/TCP - Tridia VNC Pro (encrypted remote control)
-
5631/TCP and 5632/UDP - pcAnywhere
Note |
You can edit the XML file to add port-based exceptions outside of this list. |
For a complete list of port usage, see Port Utilization Guide for Cisco Unified Contact Center Solutions, at https://www.cisco.com/c/en/us/support/customer-collaboration/unified-contact-center-enterprise/products-installation-and-configuration-guides-list.html.