Firewall, Wlan ip telephony manager 2245 – Nortel Networks MOG6xx User Manual

33

Overview

Firewall

In many installations there will be a firewall installed between the wired and wireless parts of the
network. It is beyond the scope of this document to specify how a firewall is managed, but the
following guidelines can be used when configuring firewalls:
•

The TFTP Server, DHCP Server, and Syslog Server can be anywhere in the network (that is,
they are not restricted to being in the same subnet as the handsets and WLAN IP Telephony
Manager 2245). From an administrative point of view, it may be more convenient to place
these components in the wired portion of the network. If a firewall is between the WLAN
Handsets 2210/2211, and the WLAN IP Telephony Manager 2245 and the servers, the firewall
will need to be configured to allow the TFTP (User Datagram Protocol [UDP] port 69 -
bidirectional) and Syslog traffic (UDP port 514 - unidirectional) and a DHCP relay agent.

•

When the WLAN Handsets 2210/2211 are hosted by a BCM, the following port numbers are
used:
— UNIStim signaling uses UDP port 7000
— Media to and from the handset uses UDP ports 51000–51200.

•

If other Nortel call servers are used in the network (for example, BCM, MCS5100, CS2100),
the system administrator will need to determine which UDP ports are used for Realtime
Transport Protocol (RTP) and RTCP and make the appropriate provisions in the firewall.

•

If third party gateways are configured in the system, the system administrator will need to
determine which UDP ports are used for RTP and RTCP and make the appropriate provisions
in the firewall.

•

All media and signaling goes through the WLAN IP Telephony Managers 2245 (that is, it will
all originate from one, or a few, Media Access Control [MAC] addresses). If the firewall is
capable of filtering based on MAC address, the administrator can create a simple access
control filter based on a small number of MAC addresses.

WLAN IP Telephony Manager 2245

The WLAN IP Telephony Manager 2245, also referred to as SVP II Server, is a device that
manages IP telephony network traffic on the WLAN IP Telephony system. It is required in order
to use the 11Mbit/s maximum transmission speed available in the WLAN Handsets 2210/2211.
The WLAN IP Telephony Manager 2245 acts as a proxy for the WLAN handsets. It provides a
number of services including a Quality of Service (QoS) mechanism, AP bandwidth management,
and efficient Radio Frequency (RF) link use.

Note:

The media ports are configurable. The values shown above are the default values.

Note:

For IP Telephony firewall information, refer to the Optional VoIP trunk

configurations chapter in the 20XX IP Telephony Configuration Guide (N0008591). Also
refer to the Configuring IP Firewall Filters chapter of the Programming Operations
Guide (N0008589).