33
Firewall
In many installations there will be a firewall installed between the wired and wireless parts of the network. It is beyond the scope of this document to specify how a firewall is managed, but the following guidelines can be used when configuring firewalls:
•The TFTP Server, DHCP Server, and Syslog Server can be anywhere in the network (that is, they are not restricted to being in the same subnet as the handsets and WLAN IP Telephony Manager 2245). From an administrative point of view, it may be more convenient to place these components in the wired portion of the network. If a firewall is between the WLAN Handsets 2210/2211, and the WLAN IP Telephony Manager 2245 and the servers, the firewall will need to be configured to allow the TFTP (User Datagram Protocol [UDP] port 69 - bidirectional) and Syslog traffic (UDP port 514 - unidirectional) and a DHCP relay agent.
•When the WLAN Handsets 2210/2211 are hosted by a BCM, the following port numbers are used:
—UNIStim signaling uses UDP port 7000
—Media to and from the handset uses UDP ports
Note: The media ports are configurable. The values shown above are the default values.
•If other Nortel call servers are used in the network (for example, BCM, MCS5100, CS2100), the system administrator will need to determine which UDP ports are used for Realtime Transport Protocol (RTP) and RTCP and make the appropriate provisions in the firewall.
•If third party gateways are configured in the system, the system administrator will need to determine which UDP ports are used for RTP and RTCP and make the appropriate provisions in the firewall.
•All media and signaling goes through the WLAN IP Telephony Managers 2245 (that is, it will all originate from one, or a few, Media Access Control [MAC] addresses). If the firewall is capable of filtering based on MAC address, the administrator can create a simple access control filter based on a small number of MAC addresses.
Note: For IP Telephony firewall information, refer to the Optional VoIP trunk configurations chapter in the 20XX IP Telephony Configuration Guide (N0008591). Also refer to the Configuring IP Firewall Filters chapter of the Programming Operations Guide (N0008589).
WLAN IP Telephony Manager 2245
The WLAN IP Telephony Manager 2245, also referred to as SVP II Server, is a device that manages IP telephony network traffic on the WLAN IP Telephony system. It is required in order to use the 11Mbit/s maximum transmission speed available in the WLAN Handsets 2210/2211. The WLAN IP Telephony Manager 2245 acts as a proxy for the WLAN handsets. It provides a number of services including a Quality of Service (QoS) mechanism, AP bandwidth management, and efficient Radio Frequency (RF) link use.
Overview