Additional configuration steps in your IT infrastructure will be necessary for the use of mobile devices or ProCall for Mac® on the road through the Internet without a Virtual Private Network (VPN). These configuration steps cannot be taken from the Administration tool. To do this, it may be necessary, for example, to make changes to the configuration of your firewall, so that connections from the Internet will be forwarded to UCServer Web Services.
To protect your sensitive data against access by third parties, we recommend that you install UCServer Web Services on a separate unit inside of a DMZ with a two-layer firewall concept in principle. You will also find more detailed information at http://en.wikipedia.org/wiki/DMZ_(computing).
The following ports should be configured as part of a DMZ in principle, in order to make estos UCServer Web Services accessible from external networks (WAN), while protecting your Local Area Network (LAN) in contrast against external access.
|External or Smart Phone||UCServer Web Services||443||HTTPs||Inbound|
|UCServer Web Services||estos UCServer||7222||ASN1||Inbound|
|UCServer Web Services||estos MetaDirectory (optional)||714||LDAPS||Inbound|
As an additional security measure, we further recommend only allowing the IP address of the computer that is running UCServer Web Services through the firewall for the internal network.
Once you have made the DMZ settings and the respective firewall settings, UCServer Web Services should be accessible from outside of the network.
|The entries made are related to the default port settings and may deviate as needed, when you have configured them manually.|
|The ports from UCServer Web Services to estos UCServer and estos MetaDirectory to be configured will be used for internal communication and should not be accessible from outside of the network (Internet or WLAN).|
|You will only have to release Port 714 for LDAPS when using estos MetaDirectory.|