Symposium in DMZ - no Real-Time Display 1

[Andras888]

We placed the Symposium server in the DMZ. Now the Real-Time Display will not work from any PC that is on the network (CLAN). It worked fine before the server was placed in the DMZ. We tried both unicast and multicast.

The original problem was to allow MyCallPilot server to be used from the Internet, so users could get to it from their homes. The Network Security Officer was only willing to put MyCallPilot on the Internet if it was in the DMZ. Because MyCallPilot and Symposium both need to communicate with CallPilot server, all 3 servers needed to be placed in the DMZ.

I am looking for a way to either make MyCallPilot work from the DMZ without the other 2 servers being in the DMZ, or for Symposium to work from the DMZ if all 3 servers are in the DMZ. Is it possible to make this work? Please help.

 

[djwht]

open up the these ports on the FW

Port number Network interface Functionality
135 CLAN Microsoft Windows RPC Locator Service
138 CLAN Microsoft NetBios datagram Service
161 CLAN SNMP (required if SNMP NMS is connected)
162 CLAN SNMP traps (required if SNMP NMS is connected)
530 CLAN Microsoft Windows RPC Courier Service
1024 – 65535 CLAN The range of ports that can be used by the RPC dynamic ports
5631 CLAN pcAnywhere
5632 CLAN pcAnywhere
5000-5003 CLAN Symposium Call Center Server Database
10008 ELAN CallPilot Integration
3150 ELAN CallPilot Integration
3151 ELAN CallPilot Integration
3000 CLAN MLS (Meridian Link Services)
8888 ELAN AML
2500 ELAN ICM

Symposium Call Center Server also uses ports for communication between its
own components. These ports do not have implications for external network
components like firewalls. Symposium Call Center Server uses internal ports to
avoid conflict with any third-party software utilities that may also have port
requirements. The following table shows the ports that Symposium Call Center
Server uses internally.

10000-10082 Hardcoded Internal Listener Ports

For CCMA/SWC

Port 80 for Internet Explorer’s communication - Application Server

Port 3389 for Terminal Services’communication - Application Server

Port 25 (SMTP) for the HistoricalReporting component to send e-mail
notifications when reports are printed and saved - Application Server

Port 8200 for the Emergency Help component - Client PC

UDP ports 6020, for the application server to receive IP multicasting data from Symposium
6030, 6040, 6050, Call Center Server (needed for Real-Time Reporting and Agent Desktop
6060, 6070, 6080, Displays) - Application Server
6090, 6100, 6110,
6120, 6130


UDP ports 7020, for the application server to send IP multicasting data to
7030, 7040, 7050, client PCs (needed for Real-Time Reporting and Agent Desktop
7060, 7070, 7080, Displays) - Client PC
7090, 7100, 7110,
7120, 7130


UDP ports 7025. for the application server to send IP unicast data to client PCs. This is an
7035, 7045, 7055, optional method of sending the data required for Real-Time Reporting.
7065, 7075, 7085, If you do not use the multicast method, then you must configure the
7095, 7105, 7115, unicast option. You can also use a combination of the two methods.
7125, 7135 - Client PC

 

[Andras888]

djwht, Thank you for your prompt reply. I showed a printout of the ports you listed to our Network Security Officer, and he suggested we don't do this. We took all 3 servers out of the DMZ today. Now everything works again, but without Internet access to MyCallPilot. It is a question of risk vs. benefit.

Thanks again,

Andras