we are deploying 2 openfire servers one in internal corporate networks and one in dmz. Purpose is to allow mobile people from internet to make IM and voice available.
So far we have working IM and file send methods of communication. Server in intranet is connecting to dmz server via 5269,7777 ( server2server and file send) ports. From the internet there are 5222 and 5223 allowed (plain and ssl traffic I hope)
As peer to peer is not possible by security policies. What kind of ports are needed to allow mediaproxy service to serve client on both sides?
I saw a requirement of 10000-15000 UDP ports to be allowed on firewall to both sides. (is this really necessary?) isn’t it potential risk?
Thanks for any answer.