Indeed, as Rainbow is growing, we must add new IPs, URLs and protocols when adding new servers, location, or features.
In any case of addition, we will update this document 7 days before activating new servers and services to let you time to configure your edge security equipment.
Note: Main changes to the Rainbow System Requirements Edition 26 are highlighted in green in the document and a summary is provided below:
Besides these flows with the Rainbow ecosystem, the WebRTC Gateway communicates with the PBX ecosystem on the LAN. The flows are described hereafter in case firewalling is applied between WebRTC Gw and the LAN side.
| Protocols | Source | Destination |
|
SIP (when NO encryption is configured between PBX and WRG) |
WebRTC Gw UDP/5060 |
PBX (physical IP address) UDP/5060 |
|
SIP (when NO encryption is configured between PBX and WRG) |
PBX (physical IP Address) UDP/5060 |
WebRTC Gw |
|
SIP-TLS (when encryption is configured between PBX and WRG) |
PBX (physical IP Address) TCP/5061 (the port may be configurable on PBX side) |
WebRTC Gw TCP/5061 |
|
(S)RTP Media (SRTP if encryption is enabled on PBX ecosyst) |
WebRTC Gw UDP 30000-40000 |
PBX Gateway and SIP Trunk SBC UDP port range (*) |
|
(S)RTP Media (SRTP if encryption is enabled on PBX ecosyst) |
PBX Gateway and SIP Trunk SBC UDP port range (*) |
WebRTC Gw UDP 30000-40000 |
|
(S)RTP Media (SRTP if encryption is enabled on PBX ecosyst) |
WebRTC Gw UDP 30000-40000 |
IP Phones UDP port range (*) |
|
(S)RTP Media (SRTP if encryption is enabled on PBX ecosyst) |
IP Phones UDP port range (*) |
WebRTC Gw UDP 30000-40000 |
| WebRTC Media |
WebRTC Gw UDP 20000-29999 |
LAN side Rainbow clients UDP OS dynamic port range (*) |
| WebRTC Media |
LAN side Rainbow clients UDP OS dynamic port range (*) |
WebRTC Gw UDP 20000-29999 |
| DNS (**) |
WebRTC Gw UDP/1024-65535 |
DNS server UDP/53 |
| NTP |
WebRTC Gw UDP/123 |
NTP server UDP/123 |
|
SSH If enabled |
SSH client |
WebRTC Gw TCP/22 |
Summary of ports/protocols requirements:
Rainbow Collaboration
The table below gives minimum requirements for deployment of Rainbow as a collaboration solution, without telephony services.
|
Protocol |
Port |
Main use |
Source |
Destination (a) |
|
TCP |
443 |
Signaling, APIs Messaging, filesharing |
All Rainbow clients and applications |
*.openrainbow.com openrainbow.com openrainbow.io |
|
UDP (b) |
3478 |
Audio/video/desktop sharing media |
All Rainbow clients |
*.openrainbow.com |
|
TCP (c) |
5228-5229-5230 |
Android push notif |
Pure wifi Android devices |
Google FCM servers |
|
TCP |
443 |
Apple push not |
Pure wifi iOS devices |
Apple APNS servers |
(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5
(b) the solution can fall back on TCP/443 if the infrastructure does not allow UDP (UDP remains highly recommended for best quality of service for multi-media flows)
(c) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained for FCM connections over ports 5228-5230
Rainbow Hybrid Telephony
The table below gives minimum requirements for deployment of Rainbow on top of an existing customer PBX, providing telephony services and optionally advanced collaboration services.
|
Protocol |
Port |
Main use |
Source |
Destination (a) |
|
TCP |
443 |
Signaling, APIs Messaging, filesharing |
All Rainbow clients and applications WebRTC Gateway PBX |
*.openrainbow.com openrainbow.com openrainbow.io |
|
UDP (b)(c) |
3478 |
Softphony with remote users Audio/video/desktop sharing media for collaboration |
All Rainbow clients WebRTC Gateway |
*.openrainbow.com |
|
TCP (d) |
5228-5229-5230 |
Android push notification |
Rainbow on pure wifi Android devices |
Google FCM servers |
|
TCP |
443 |
Apple push notification |
Rainbow on pure wifi ios devices |
Apple APNS servers |
(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5
(b) the solution can fall back on TCP/443 if the infrastructure does not allow UDP (UDP remains highly recommended for best quality of service for multi-media flows)
(c) the NAT gateway implemented between the WebRTC Gateway and Rainbow must avoid too fast reuse of WAN ports. This can be achieved by implementing a 10mn timeout on NAted connection. See note of section 4.6.1 for details.
(d) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained by firewalls for FCM connections over ports 5228-5230. See section 4.2
Rainbow Hub
The table below gives minimum requirements for deployment of the Rainbow Hub solution. The latter provides cloud telephony services and optionally advanced collaboration services.
|
Protocol |
Destination Port |
Main use |
Source |
Destination (a) |
|
TCP |
443 |
Signaling, APIs Messaging, filesharing |
Rainbow applications
|
*.openrainbow.com openrainbow.com openrainbow.io |
|
UDP |
3478 |
Softphony Audio/video/desktop sharing media |
Rainbow applications
|
*.openrainbow.com |
|
TCP (b) |
5228,5229,5230 |
Android push notif. |
Rainbow on pure wifi Android devices |
Google FCM servers |
|
TCP |
443 |
Apple push notif. |
Rainbow on pure wifi ios devices |
Apple APNS servers |
|
TCP |
5061 |
SIP |
SIP devices |
*.openrainbow.com |
|
TCP |
443 |
Config and APIs |
SIP devices |
*.openrainbow.com |
|
UDP |
30000-44999 |
SRTP media |
SIP devices Rainbow applications (softphony) |
*.openrainbow.com |
|
UDP |
53 |
DNS |
SIP devices |
DNS server |
|
UDP |
123 |
NTP |
SIP devices |
pool.ntp.org |
(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5
(b) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained for FCM connections over ports 5228-5230
Comentarios
1 comentario
Thank you for the new edition of this document. Please consider adding a chapter for WiFi requirements. This will be useful for users with Rainbow on a mobile phone or even on a laptop and for remote workers.
Inicie sesión para dejar un comentario.