Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 5065 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Viewing which ports are being used for VoIP?

DMC

The company that supplies the VoIP phones told me to open ports for RTP. It was a total of 16,000 ports. That is a lot.

How can I view in real time which ports are being used for VoIP?

I would like to narrow the amount of opened ports.

I would have the users not use the Internet, but only make a few phone calls. This would minimize the traffic.

Any suggestions what would be the best method?

Thank you



This thread was automatically locked due to age.
Parents
  • +1

    DMC,

    you can use firewall logs from log viewer or use drop-packet-capture "host x.x.x.x" from console in order to get which ports are used by host x.x.x.x

    Regards

  • 0 in reply to lferrara

    Thank you for the answer.

    It will work, but that is not the solution I was looking for.

    In Watchguard they have an Icon called TRAFFIC. This will show you live status which ports are being used constantly between a host and the destination. So if I want a user to use their VoIP phone I can see without running a report what ports are being used for this phone call.

    Unfortunately this feature is not available in the Sophos XG series. I was told to use a third party software in order to see live traffic.

    There is also in Monitor & Analyze, Current Activities, Live Connections, then in the drop down box select Source IP address. But you need to refresh the page to see if new ports open up.

    In conclusion there is no Live Reports of ports being used. Only there logging and creating a report does one have a record of all ports being used for that device.

    Thank you

  • 0 in reply to DMC

    DMC, thanks for sharing it.

    Firewall logs under log viewer can help in that. You can add extra columns but a flow monitor is missing (UTM9 has it).

    Into v17 we will have log improvements, so I expect to see even a flow monitor.

    Regards

  • 0 in reply to lferrara

    If they say they're using 16.000 ports.....they do use them.
    rtp ports are allocated per call dynamically, so it's no use hunting down actually used port numbers.

    If pbx is in the cloud:  just allow outgoing udp rtp traffic from  the phones outbound.   Inbound return traffic is allowed automatically, and doesn't require a inbound rule allowing 16.000 ports

  • 0 in reply to sixteen again

    Thank you for the input. I and someone more knowledgeable than myself didn't think it through as well. He mentioned to me that so many ports open is not good security. However as you said since it is only an outbound rule, then it should not be a problem. As for the company their tech support is on the weak side. So it was impossible to get information from them the exact range.

     

    Thank you

    DMC

Reply
  • 0 in reply to sixteen again

    Thank you for the input. I and someone more knowledgeable than myself didn't think it through as well. He mentioned to me that so many ports open is not good security. However as you said since it is only an outbound rule, then it should not be a problem. As for the company their tech support is on the weak side. So it was impossible to get information from them the exact range.

     

    Thank you

    DMC

Children
No Data