Results 1 to 7 of 7

Thread: What is the Ports I want to Forwarding To Quadro

  1. #1

    Default What is the Ports I Need to Forwarding To Quadro

    Hi

    I Have Quadro 16X behind router ( Buffalo WZR-HP-G300NH Nfiniti Wireless-N High Power Router & Access Point )

    I Want To Know What is the Ports I Need To Forward To The Quadro To Working Fine

    Thanks Very Much
    Last edited by almarri; 02-25-2010 at 01:17 PM.

  2. #2

    Default

    What services did you want to allow access to on the Quadro from an external IP ?

  3. #3

    Default

    Thanks KSComs

    I Want ALL services

    I want to Forward All Ports The Quadro Needed

  4. #4

    Default

    o0

    Ok.. so you want to do what with the quadro, sip .. thats easy 5060 udp, rtp udp 6000 - 6099 .. what else.... is the Quadro at default ?
    Last edited by KSComs; 02-26-2010 at 06:18 AM.

  5. #5
    Quadro Architect
    Join Date
    Jun 2006
    Location
    Around myself
    Posts
    2,075

    Default

    Probably also the HTTP port (tcp 80) or HTTPS (tcp 443), if you want to access to the Quadro GUI. Thats enough for the basic operation. If you want to use 3pcc, then also open the tcp 4849.

    Quote Originally Posted by almarri View Post
    I want to Forward All Ports The Quadro Needed
    Actually Quadro needs only the SIP and RTP ports. For the rest you should define what you need. Except SIP, RTP, HTTP, HTTPS, 3PCC, there is actually just two additional port you may need to use in very rare cases: that is tcp 645 for remote logs monitoring, and udp 161/162 for SNMP. Also maybe some ports for VPN if you need that (like udp 1701 for l2tp, tcp 1723 for pptp).

    Best regards,
    David

  6. #6

    Question Isn't level of security important.

    Hi Dave:

    if Almarrin has the Quadro firewall set up with medium security, then he needs only to create a filter to access Quadro management (and VPN, telnet, .. if needed). The medium security level includes by default a SIP filter that allows access from ANY. Am I correct?
    I can see that one needs to set up all these filters if he selects high security. Correct?
    In fact his router has probably a firewall. That firewall needs to be set up properly. Correct?
    Even if the firewall in the router is set up properly. I would still enable the Quadro firewall with medium security and a filter for management access. Port scanning has to be prevented at all costs.
    Dave, you wrote a nice white paper on securing the Quadro for incoming calls, called "Preventing unauthorized calls on the Quadro". This was especially applicable when another IP PBX eg. asterik tries to link to the Quadro to make outgoing calls. Basically the default options in the Quadro for AA and Call Routing take care of these problems.

    However I was interested in securing outgoing calls. If a hacker uses a 3rd party softphone and tries to register it to a Quadro, how easy will it be for him to succeed to make outgoing calls? If the hacker manages to get the ipline user name and password, he will be able to register the softphone with a quadro if the ipline is active. However he will not be able to make outgoing calls since an extension was not set up for that ipline. I tested this out with a registration but no extension. I could not make a call. Actually I think that it kept registering. I hope that I am correct with my analysis and test findings. My Quadro firewall has low security.
    Have you discussed somewhere the security of outgoing calls? If so, please post the links.
    Thanks very much for your help
    Toon

  7. #7
    Quadro Architect
    Join Date
    Jun 2006
    Location
    Around myself
    Posts
    2,075

    Default

    Hi Toon

    I'll try to answer some of the questions above:

    Quote Originally Posted by Internet View Post
    if Almarrin has the Quadro firewall set up with medium security, then he needs only to create a filter to access Quadro management (and VPN, telnet, .. if needed). The medium security level includes by default a SIP filter that allows access from ANY. Am I correct?
    Yep, correct. But as far as I understand, almarri has put the Quadro behind another router, and his question concerned opening the ports on that router only. Thats why I listed all the ports, which may need to be configured on the external router, for it to forward to Quadro.

    Quote Originally Posted by Internet View Post
    I can see that one needs to set up all these filters if he selects high security. Correct?
    When it comes to the handling of incoming traffic (from WAN), the Medium and High security levels are actually the same. The only difference between those two modes relates to outgoing traffic (from LAN to WAN).

    Quote Originally Posted by Internet View Post
    In fact his router has probably a firewall. That firewall needs to be set up properly. Correct?
    Yep.

    Quote Originally Posted by Internet View Post
    Dave, you wrote a nice white paper on securing the Quadro for incoming calls, called "Preventing unauthorized calls on the Quadro".
    I am not the author of that paper... I am mostly promoting that doc It helps me to save a lot of time explaining all those things.. Also it could save a lot of time to the reader (by saving him from future problems and necessity to reimburse the customers for the many unauthorized calls to Cuba )

    Quote Originally Posted by Internet View Post
    This was especially applicable when another IP PBX eg. asterik tries to link to the Quadro to make outgoing calls. Basically the default options in the Quadro for AA and Call Routing take care of these problems.
    Yep, the default is safe, but as soon as user make some changes... you never know.

    Quote Originally Posted by Internet View Post
    However I was interested in securing outgoing calls. If a hacker uses a 3rd party softphone and tries to register it to a Quadro, how easy will it be for him to succeed to make outgoing calls? If the hacker manages to get the ipline user name and password, he will be able to register the softphone with a quadro if the ipline is active. However he will not be able to make outgoing calls since an extension was not set up for that ipline. I tested this out with a registration but no extension. I could not make a call. Actually I think that it kept registering. I hope that I am correct with my analysis and test findings. My Quadro firewall has low security.
    Have you discussed somewhere the security of outgoing calls? If so, please post the links.
    Thanks very much for your help
    Toon
    You should ensure hacker will never find the IP Line username/password. Yes, if there is no extension attached to the IP Line, there is no risk, but in the 99% of cases there is an extension attached. So if hacker registers on the IP Line, he becomes a regular extension user, and can do anything. There is nothing could be done to restrict him from making calls, except for changing the username/password.

    In 5.2 we are introducing several GUI tools which should help user to keep his Quadro secure. That includes "Security Audit" scan in the Diagnostics, automatic password strength checking and suggestions for a better password.
    Hope this could make people more careful, as obviously the more IP telephony becomes widespread, the more hackers will be around and more hacking attempts will be made. Now people mostly just try to use others' SIP devices to make free calls, but at some point in time capturing the converstions, making false calls from other person's name and a lot of other nasty things may become common...
    So the security issues are yet to become a focus of attention (as soon as VoIP will conquire the whole telephony market).

    Best regards,
    David

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. FXO Ports lock up
    By EnsurICT in forum Troubleshooting and Problems
    Replies: 3
    Last Post: 08-01-2009, 03:53 PM
  2. Forward Incoming SIP calls to ISDN ports
    By cietech in forum 'How Do I' Questions
    Replies: 2
    Last Post: 06-11-2009, 07:02 AM
  3. Replies: 1
    Last Post: 04-30-2009, 10:35 AM
  4. Quadro 2x and FXO Ports - Quick Q
    By bbrown in forum 'How Do I' Questions
    Replies: 5
    Last Post: 12-13-2008, 05:42 AM
  5. Internal FXS Ports & a Modem
    By ediggin in forum Hardware Interoperability
    Replies: 1
    Last Post: 05-30-2008, 05:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •