Windows Server 2008 R2 include Windows
Firewall. Windows Firewall is a stateful host firewall that drops all
unsolicited incoming traffic; that is to say, traffic that is not sent in
response to a request of the computer (solicited traffic), or traffic that has
not been specified as allowed (excepted traffic). This behavior of Windows
Firewall provides a level of protection from malicious users and programs that
use unsolicited incoming traffic to attack computers.
More information can be found in the Microsoft
Firewall Operations Guide.
If you are using IPsec, consult the following Microsoft TechNet article
IPSec and Multicast Settings.
Windows Firewall is disabled by default on systems that have been
upgraded to SP1. Systems that have a new installation of Windows
Server 2008 R2 have Windows Firewall
enabled by default.
You may enable Windows Firewall on your
Unified ICM/Unified CCE Servers; however,
you must ensure that all required ports are open so that the
Unified ICM/Unified CCE components
installed on the server can function properly.
Cisco provides a utility to automatically allow all traffic from
Unified ICM/Unified CCE applications on a
and Windows Server 2008 R2.
Additionally, the utility can open ports for common third-party applications
used in the
Unified ICM/Unified CCE environment. The
script reads the list of ports in the file
and uses the directive contained therein to modify the firewall settings. See
below for more information on the CiscoICMfwConfig_exc.xml file.
The utility allows all traffic from
applications by adding the relevant applications to the list of excepted
programs and services. When the excepted application runs, Windows Firewall
monitors the ports on which the program listens and automatically adds those
ports to the list of excepted traffic.
The script can allow traffic from the third-party applications by adding
port number to the list of excepted traffic. However, you must
CiscoICMfwConfig_exc.xml file to enable these ports.
Ports/Services enabled by default:
Optional ports you can open:
5900/TCP - VNC
5800/TCP - Java Viewer
21800/TCP - Tridia VNC Pro (encrypted remote control)
5631/TCP and 5632/UDP - pcAnywhere
The XML file may be configured to add port based exceptions outside
of this list.