Firewall and NAT Settings
Port reference information is now maintained in a separate document.
See the Cisco Expressway IP Port Usage Configuration Guide, for your version, on the Cisco Expressway Series Configuration Guides page.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Port reference information is now maintained in a separate document.
See the Cisco Expressway IP Port Usage Configuration Guide, for your version, on the Cisco Expressway Series Configuration Guides page.
Ensure that any SIP or H.323 "fixup" ALG or awareness functionality is disabled on the NAT firewall ā if enabled this will adversely interfere with the Expressway functionality.
As Expressway-C to Expressway-E communications are always initiated from the Expressway-C to the Expressway-E (Expressway-E sending messages by responding to Expressway-Cās messages) no ports need to be opened from DMZ to Internal for call handling.
However, if the Expressway-E needs to communicate with local services, such as a Syslog server, some firewall configuration may be required.
Traffic destined for logging or management server addresses (using specific destination ports) must be routed to the internal network.
Ensure that any SIP or H.323 "fixup" ALG or awareness functionality is disabled on the NAT firewall ā if enabled this will adversely interfere with the Expressway functionality.
If you want to restrict communications from the DMZ to the wider Internet, see the connection maps and port reference tables in the Cisco Expressway IP Port Usage Guide to make sure you allow legitimate traffic.