What H.323 TCP_UDP ports are needed or used by Polycom Video and Network Products?
TCP/IP ports needed: This is provided as a summary and more details are generally available in the documentation for the specific product.
• SIP Related Port Usage
• 5060 – UDP or TCP depending on the SIP server – Signalling
LCS & Alcatel OXE use TCP
• RTP data is the same as for H.323 so same media ports apply
• H.323 Related Port Usage
H.323 Ports:
• 80 – Static TCP – HTTP Interface (optional) Address Book Utility
• 389 – Static TCP – ILS Registration (LDAP)
• 1503 – Static TCP – T.120
• 1718 – Static UDP – Gatekeeper discovery (Must be bidirectional)
• 1719 – Static UDP – Gatekeeper RAS (Must be bidirectional)
• 1720 – Static TCP – H.323 call setup (Must be bidirectional)
• 1731 – Static TCP – Audio Call Control (Must be bidirectional)
• 1024-65535 Dynamic TCP H245
• 1024-65535 Dynamic UDP – RTP (Video data)
• 1024-65535 Dynamic UDP – RTP (Audio data)
• 1024-65535 Dynamic UDP RTCP (Control Information)
These ports above, can be set to “Fixed Ports” on Polycom systems, as opposed to dynamic.
Other ViewStations/VSX/HDX Ports:
• 21 (FTP) – Software Updates, GMS Provisioning, & Address Book Utility
• 23 (Telnet) – For Diagnostics & API Control (used by PCS) by MP/512/ect.
• 24 (Telnet) – For Diagnostics & API Control (used by PCS) by FX/EX/4000, VSX, and HDX
• 123 – UDP – Used for NTP (time server) on the VSX
• 3231 to 3236 – TCP Ports (default fixed ports VSX version 8.5)
• 3231 to 3254 – UDP Ports (default fixed ports VSX version 8.5)
• 16384 & 16386 – Multicast Streaming ports for audio & video
VSX/HDX Security Mode additional/alternate ports:
• 443 (TCP) – secure HTTP; HTTPS
• 992 or 993 (TLS) – secure Telnet
• 990 (FTPS-TLS) – secure FTP
People+Content IP Ports:
• 5001 – Static TCP
GMS Ports:
• 21 (FTP/TCP) – Software Updates & Provisioning
• 23 (Telnet/TCP) – Diagnostic Logging
• 25 (SMTP:TCP) – Remote e-mail alerts
• 80 (HTTP) – Pulling ViewStation/VS4000/VSX/HDX info
• 162 (SMTP:UDP) – Remote Alerts to an SNMP server
• 389 (LDAP:TCP) – LDAP and ILS
• 1002 (LDAP:ILS) – ILS
• 3601 (Proprietary/TCP) (Data Traffic) – GAB data
• 3603 (TCP)- Pulling ViaVideo / PVX info (since might be non-web server PC)
• 9090 (formally 8080) (HTTP:TCP) – Proprietary database communications, port is user-configurable
GMS listens for connections on ports 80 and 3601 (GAB) and in the future will listen on port 3604 (ViaVideo) and other potentials later.
PCS Ports:
Communication between PCS and devices:
• 23 (Telnet) – Management & Control – Tandberg Codecs.
• 24 (Telnet) – Management & Control – Polycom ViewStations, VSX, and HDX.
• 161(SNMP) – Managed device
• 2000 (TCP/IP) – Gatekeeper call authorization for outbound communications – Cisco MCM
• 2773 (TCP/IP) – Management & Control – Polycom iPower, VCON codecs
• 3603 (HTTP) – Management & Control – Polycom ViaVideo and PVX
• 4000-4004 (TCP/IP) – Management & Control – Lantronix
• 5001 (API via TCP/IP) – Management & Control – Polycom MGC
• 8000 (TCP/IP) – Gatekeeper call authorization for outbound communications – Cisco MCM, RADVision ECS
Communication between PCS and client:
• 80 (HTTP) – General Communication – Web browser.
• 2771 (TCP/IP) – Data communication – Remote SQL server, Outlook / Notes Mail server
• 2773 (TCP/IP) – remote – Polycom Conferencing Suite Server
• 2777 (TCP/IP) – Mail & Calendar communication – Outlook / Notes mail server
Communication between PCS servers:
• 700 (TCP/IP) – Redundant server communication – PCS
• 2771 (TCP/IP) – Distributed Server communication – PCS
Other ViaVideo / PVX Ports:
• 3230-3235 (TCP / UDP) Signaling and control for audio, call, video and data/FECC
• 3230-3237 (TCP / UDP) Signaling and control for audio, call, video and data/FECC, version 8.0 and beyond
• 3604 (GMS Server Discovery)(Used by ViaVideo & PVX)(Broadcast) used by PCS
MGC (Polycom Network Systems) Additional Ports:
• 5001/1025 Static TCP for MGC Manager.
• MGC Manager can also use TCP 443 for secure connections or TCP 80 unsecured access.
• 21 – Static TCP – FTP (retrieve MGC config. Files etc.)
• 5003 TCP for diagnostics access.
• TCP 17 For Diagnostic Remote Desktop access to MGC’s running XPEK OS.
PathNavigator Ports:
From PathNavigator to endpoint
• Varies by endpoint – UDP – RAS (Registration, Admission and Status)
• 1720 – TCP (Q.931) – Setting up calls when PathNavigator is in routed mode
From endpoint to PathNavigator
• 1719 – UDP – RAS
• 1720 – TCP (Q.931) – Setting up calls when PathNavigator is in routed mode
From Monitoring Workstation
• 80 – TCP – for HTTP communication with PathNavigator UI
SE200 Ports:
Open ports on the SE200
• 80 / 85 (HTTP / TCP) – The Apache Web server through which the web application displays and where the Polycom endpoints post status messages
• 123 – An NTP listener
• 135 – The Microsoft RPC port
• 137 – The NetBIOS name service listener
• 139 – The NetBIOS SMB listener
• 161 – The SNMP listener
• 781, 782, 783, 784, 785 – Used by the Administrative Diagnostic Tool
• 1042 – A .NET listener used for the SQL server
• 1063 – A .NET listener
• 1167 – A .NET listener
• 1433 The internal NSDE server listens on this port which enables views into the database from outside the SE200
• 1720 The gatekeeper listener for RAS messages
• 2771, 2773 – Used by the scheduling plug-ins
• 3601 The Global Management System listener that endpoints register with
• 5005 – The .NET listener for the MGC Authentication Service and API adapter
• 8009 – the .NET listener for Tomcat-related services
• 8080 – The Apache Tomcat Java server which displays the Java Sever Pages for the user interface. It is proxied through the Apache server running on port 80
• 8085 – The .NET listener for remote access
Ports used by the SE200
• 20,21 – Used to FTP data to endpoints
• 23 – Used to access the Telnet interfaces on endpoints
• 24 – Used to access a secondary Telnet interface on endpoints
• 25 – Used to send e-mail messages to SMTP servers
• 53 – Used to access domain name servers (DNS)
• 80 – Used to access the web application on endpoints and MGCs (version 7.x and higher)
• 389 – Access by the SE200 when contacting Active Directory
• 1205 – Used to access MGCs for management and monitoring
• 1719 – Used by the gatekeeper for H.323 datagrams
• 1720 – Used by the gatekeeper for H.323 RAS messages
• 3268 – Used to access the Active Directory Global catalog
• 5001 – Used to access MGCs for management and monitoring
Polycom, Inc. by: Steven Zabriski 11
WebOffice Ports:
• 80 / 85 (HTTP / TCP) – WO client communications with WO sever
• 443 / 85 (HTTP / TCP) – WO client communications with WO sever
• 5005 (proprietary) – WO Server uses this service to translate commands to MGC (usually internal port)
• 5001 / 1205 (proprietary) – WO server and MGC communication
V 2 IU (firewall must allow these ports to and from the V 2 IU):
In all cases
• 21 (FTP / TCP) – optional
• 80 (HTTP / TCP) – optional for management
• 443 (HTTPS / TCP) – optional for management
• 16386:17286 (RTP / UDP) – 4300T-E3
• 16386:25386 (RTP / UDP) – 5300-E10 and E25
• 16386:34386 (RTP / UDP) – 6400-E and S85
• 161 (SNMP / UDP) – optional for management
• 22 (SSH / TCP) – optional for management
• 23 (Telnet / TCP ) – optional for management
• 69 (TFTP / UDP) – optional
• 123 (SNTP / TCP) – 123 optional
MGCP phones
• 2427, 2429, 2432, 272 (MGCP / UDP) – optional
SIP Phones
• 5060 (SIP / UDP) – plus and additional ports specified on the VoIP ALG page – optional
• 5050 (SIP / UDP) – when survivability enabled optional
H.323 Endpoints
• 1720 (Q.931 (H.225) / TCP)
• 1719 (RAS / UDP)
• 14085:15084 (H.245 / TCP)
Please see the Polycom knowledge base for the White Paper defining this information for the V 2 IU ports.
RSS 2000 Recording and Streaming device:
In all cases
• 81 (TCP) – Manger
• 80 (HTTP / TCP) – Web
• 30011 (UDP) – Trace
• Endpoint H.323
• 1719 – Static UDP – Gatekeeper RAS (Must be bidirectional)
• 1720 – Static UDP – RAS (Must be bidirectional)
• 1720 – Static TCP – Q931 socket
• 1730 -1739 – Static TCP – H.245 Socket
• 2000 – 2099 – UDP – Audio/Video/Data
• Media
• 1800 -1801 – Static TCP – Live Broadcast
• 2800 – 2859 – Static TCP – On Demand Archive
RTP Type (VSX, HDX and MGC applicable):
See 6/RFC3551. RFC3551 it defines static payload type values for some RTP data (such as G.722, G.711, H.261, H.263, etc), but not for the newer codecs such as G.722.1, H.263 +, H.263 ++ and H.264. For the newer codecs, dynamic payload type values in the range 96 – 127 are used.