Firewall configuration
MiVoice Office 400 communication systems require a lot of different TCP/UDP ports. Firewalls used within the system must be configured accordingly.
A list with the used ports is published by Support and continually updated. The list can be accessed on the internet under FAQ section (registration required).
Each open port is a potential attack target. Therefore, open only the ports required for the operation.
Instructions on firewall configuration in AIN
Firewalls used within the AIN must be configured for AIN operation. This includes opening the relevant ports and the VPN configuration.
With VPN connections the following ports must be opened on a firewall:
If a VPN connection terminates at the firewall itself, no port needs to be opened.
If a VPN connection terminates behind the firewall, e.g. directly at the terminal, port 3389 needs to be opened at the firewall (VPN pass through).
If a VPN connection terminates in front of the firewall, e.g. at a different firewall, the ports used by the AIN components need to be opened.
If all the WAN links in the AIN are VPN connections throughout and if they do not terminate at the firewalls themselves, port3389 only needs to be opened in the firewalls of the WAN links.
If the WAN links are only partly or not at all designed as VPN connections or if firewalls are also used within the LAN, the ports used by the AIN components must be opened.
Instructions on firewall configuration in Mitel Mobile Client
It is not necessary to be able to reach the communication server or MMC Controller from the internet via SIP port 5060. SIP port 5060 is a potential attack target and should only be opened in exceptional cases.