IBM DISA e-collaboration Personal Computer User Manual


 
Workstation Preparation & New User Getting Started Guide
Page 23 of 51
6. Network Requirements
The access statements (rules) for firewalls, and all packet forwarding or filtering devices,
need to be in place in order to use the E-CollabCenter service are listed below.
The NIPRNET Destination IP addresses are: 216.12.152.1 through 216.12.152.127
2
For SIPRNet Destination IP addresses, please contact the DISA Help Desk
Source Address: The addresses for all the workstations on your network
Source Ports: High ports (ports above 1024, tcp and udp)
Direction: Static Ports initiated by Source only (NOT Bi-Directional), Dynamic Ports (Bi-Directional)
Destination IPs: The IP Addresses for the all the e-collab servers
Static Destination Ports:
Port 80 TCP – HTTP web trafic
Port 443 TCP – HTTPS encrypted web traffic
Port 554 TCP - needed to play back recorded meetings
Port 1533 TCP – needed for samtime connect (thick client) for instant message traffic
Port 8081 TCP - needed for web conferences (a.k.a. meetings)
Port 8008 TCP – fallback port if port 1533 is blocked & traffic is tunnelled in http though.
Port 8084 TCP – fallback for audio and video in meetings if Dynamic UDP ports are blocked
Port 8080 TCP – used launch a web conference from browser Instant Messaging session
Dynamic (Ephemeral) Destination Ports:
Ports 49,252 through 65,535* UDP (Bi-directional firewall rules are needed for UDP, this means that
connections must be allowed that are initiated by the source (workstations) to the destination (IBM
servers) and also connections initiated from the destination (IBM servers) to the source (workstations)
The Dynamic ports are used for interactive audio and video using the Real-Time application
streaming protocol standard (RTP RFC1889) over UDP and are selected randomly. If the
selected UDP ports are blocked, the service will fall back to TCP over Port 8084. This may result
in higher delay and lower quality with dropped audio syllables on occasion under certain network
conditions. These ports are listed in the locations found below:
o NIPR https://www.jtfgno.mil/operations/messages/2006/index.htm
o SIPR http//www.jtfgno.smil.mil/site/documents/CTO2007/CTO_07-
011_NCES_Collab_Ports.rtf
In addition to the ports above the Sametime 7.5.1 FIPS Connect client (also known as the thick client)
has the capability to make desktop to desktop audio and video calls. This capability requires 4 ports
(20,830 through 20,833) to be opened to the Sametime servers. These 4 ports have not been
approved by the government; please do NOT open these 4 ports to the Sametime servers. We are
only listing them below so administrators are aware of this. Since these ports are not opened to the
Sametime servers, the audio and video call features are disabled in the thick client, so the end user will
not see the icons on the thick client that would otherwise allow audio and video calls.
Port 20830
3
UDP – RTP - used for Audio by Sametime thick client
Port 20831
2
UDP – RTCP - used for Audio by Sametime thick client
Port 20832
2
UDP – RTP - used for Video by Sametime thick client
Port 20833
2
UDP – RTCP - used for Video by Sametime thick client
2
The old NIPRNET IP address range was 216.12.138.1 through 216.12.138.127 and was changed in April 2007
3
These 4 ports are not mentioned in the https://www.jtfgno.mil/operations/messages/2006/index.htm web site as they
are new to Sametime 7.5.1 FIPS Connect client (a.k.a. thick client). The ports have not been approved by the JTF-
GNO and should not be opened. They are listed merely as a reference.