Windows Server Firewall
Windows Firewall is a stateful host firewall that drops all unsolicited incoming traffic. This behavior of Windows Firewall provides some protection from malicious users and programs that use unsolicited incoming traffic to attack computers.
For more information, see the Microsoft Windows Firewall Operations Guide at https://technet.microsoft.com/en-us/library/cc739696(WS.10).aspx.
If you are using IPsec, consult the Microsoft TechNet article, Managing IPsec and Multicast Settings at https://technet.microsoft.com/en-us/library/cc779589(WS.10).aspx.
When you enable Windows Firewall on the servers, open all ports that the CCE solution components require.
Cisco provides a utility to automatically allow all traffic from Unified CCE applications on Windows Server. The utility can
open ports for common third-party applications, that the contact center enterprise solution uses. The script reads the list
of ports in the file %SYSTEMDRIVE%\CiscoUtils\FirewallConfig\CiscoICMfwConfig_exc.xml
and uses the directive to modify the firewall settings.
The utility allows all traffic from the applications, it adds the relevant applications to the list of excepted programs and services. When the excepted application runs, Windows Firewall monitors the ports on which the program listens and automatically adds those ports to the list of excepted traffic.
The script allows traffic from the third-party applications, by adding the application port number to the list of excepted traffic. Edit the CiscoICMfwConfig_exc.xml
file to enable these ports.
Ports and Services that are enabled by default:
-
80/TCP and 443/TCP - HTTP and HTTPS (when the system installs IIS or TomCat [for Web Setup])
-
Microsoft Remote Desktop
-
File and Print Sharing Exception - see the Microsoft article, Enable or disable the File and Printer Sharing exception at https://technet.microsoft.com/en-us/library/cc728347(WS.10).aspx.
Optional ports that you can open:
-
5900/TCP - VNC
-
5800/TCP - Java Viewer
-
21800/TCP - Tridia VNC Pro (encrypted remote control)
-
5631/TCP and 5632/UDP - pcAnywhere
Note |
You can edit the XML file to add port-based exceptions outside of this list. |
For a complete list of port usage, see Port Utilization Guide for Cisco Unified Contact Center Solutions, at https://www.cisco.com/c/en/us/support/customer-collaboration/unified-contact-center-enterprise/products-installation-and-configuration-guides-list.html.