Port reference information is now maintained in a separate document.

See the Cisco Expressway IP Port Usage Configuration Guide, for your version, on the Cisco Expressway Series Configuration Guides page.

Ensure that any SIP or H.323 "fixup" ALG or awareness functionality is disabled on the NAT firewall – if enabled this will adversely interfere with the Expressway functionality.

As Expressway-C to Expressway-E communications are always initiated from the Expressway-C to the Expressway-E (Expressway-E sending messages by responding to Expressway-C’s messages) no ports need to be opened from DMZ to Internal for call handling.

However, if the Expressway-E needs to communicate with local services, such as a Syslog server, some firewall configuration may be required.

Traffic destined for logging or management server addresses (using specific destination ports) must be routed to the internal network.

Ensure that any SIP or H.323 "fixup" ALG or awareness functionality is disabled on the NAT firewall – if enabled this will adversely interfere with the Expressway functionality.

If you want to restrict communications from the DMZ to the wider Internet, see the connection maps and port reference tables in the Cisco Expressway IP Port Usage Guide to make sure you allow legitimate traffic.