This article is for administrators only. Network configuration can vary and is use-case related.
|
|||||
item | port | source | destination | protocol | description |
Incoming - from the Internet to IceWarp server(s) | |||||
Web | 80 | * or trusted site | IceWarp server | TCP | Lets Encrypt cert authority needs port 80, it is also needed for http->https redirect for WebClient user access |
Web | 443 | * or trusted site | IceWarp server | TCP | WebClient / WebAdmin user access |
Zabbix agent | 10050 | * or monitoring Zabbix server | IceWarp server | TCP | Monitoring: Zabbix agent access |
IceWarp admin console / control http | 32000 | * or trusted site | IceWarp server | TCP | WebClient / WebAdmin user access alternative port to port 80 ( not mandatory ) |
IceWarp admin console / control https | 32001 | * or trusted site | IceWarp server | TCP | WebClient / WebAdmin user access alternative port to port 443 ( not mandatory ) |
SMTP | 25 | * | IceWarp server | TCP | SMTP server ( STARTTLS or no TLS ) |
SMTP (SSL/TLS) | 465 | * | IceWarp server | TCP | SMTP client ( direct TLS ) |
SMTP (STARTTLS) | 587 | * | IceWarp server | TCP | SMTP client ( STARTTLS ) |
IMAP (SSL/TLS) | 993 | * | IceWarp server | TCP | IMAP client ( direct TLS ) |
POP3 (SSL/TLS) | 995 | * | IceWarp server | TCP | POP3 client ( direct TLS ) |
POP3 (unencrypted not recommended) | 110 | * | IceWarp server | TCP | POP3 client ( STARTTLS ) |
IMAP (unencrypted not recommended) | 143 | * | IceWarp server | TCP | IMAP client ( STARTTLS ) |
XMPP (unencrypted) | 5222 | web client or IM app | IceWarp server | TCP | Instant Messaging client ( STARTTLS ) |
XMPP (encrypted) | 5223 | web client or IM app | IceWarp server | TCP | Instant Messaging client ( direct TLS ) |
XMPP (server-to-server connection) | 5269 | another server | IceWarp server | TCP | Instant Messaging inter-server communication ( the other direction might be considered ) |
socks proxy | 1080 | web client or IM app | IceWarp server | TCP | HTTP proxy, also needed for IM file transfer |
groupware | 5229 | Client’s Outlook sync, IWDC, EM client | IceWarp server | TCP | special service port for API, rules, autoresponder, etc. |
SIP | 5060 | client’s endpoint or SIP device | IceWarp server | TCP | SIP signalisation ( STARTTLS ) |
SIP (SSL) | 5061 | client’s endpoint or SIP device | IceWarp server | TCP | SIP signalisation ( direct TLS ) |
SIP | 5060 | client’s endpoint or SIP device | IceWarp server | UDP | SIP signalisation UDP |
SIP/VOIP | 10000 – 10255 | client’s endpoint or SIP device | IceWarp server | UDP | SIP RTP Port Range Customizable from within SIP Service, voice transfer |
Minger (SSL) | 4070 | another mail server | IceWarp server | TCP | optional – distributed domain authentication method |
Minger | 4069 | another mail server | IceWarp server | UDP | optional – distributed domain authentication method |
Dashboard microservice | 80 | login.icewarp.com | IceWarp web client (user PC) | TCP | Version 14.0.0.0 and higher. Optional, if port 443 is not allowed or blocked by additional technologies, such as UTM or deep SSL inspection |
Dashboard microservice | 443 | login.icewarp.com | IceWarp web client (user PC) | TCP | Version 14.0.0.0 and higher. |
Dashboard microservice | 443 | webui.icewarp.com | IceWarp web client (user PC) | TCP | Version 14.0.0.0 and higher. |
Dashboard microservice | 443 | api.icewarp.com
|
IceWarp web client (user PC) | TCP | Version 14.0.0.0 and higher. |
Outgoing - from IceWarp server(s) to the Internet | |||||
SMTP | 25 | IceWarp server | * or trusted SMTP relay | TCP | |
webdocs | 443 | IceWarp server | * or geographical dependency | TCP | please see groupware → web client → webdocuments |
videoconferences | 443 | IceWarp server | * or geographical dependency | TCP | initial configuration starts on jwt.conference.icewarp.com |
certificates and their automated provisioning | 443 | IceWarp server | * ( LetsEncrypt ) | TCP | Depends on the choice of CA (Let’s encrypt for example) |
antispam Live! | 80 | IceWarp server | resolver%.icew.ctmail.com ( where % could be any number in an interval of 1-5 ) | TCP | ctasd process |
antispam Live! (IP reputation) |
80 | IceWarp server | iprep%.icew.ctmail.com( where % could be any number in an interval of 1-5 ) | ||
antivirus update | 443 | IceWarp server | * ( https://sophos.icewarp.com ) | TCP | HTTP proxy configurable |
antispam update | 443 | IceWarp server | www.icewarp.com, dl.icewarp.com | TCP | HTTP proxy configurable |
License check | 80 | IceWarp server | licenseprocessor.icewarp.com | TCP | periodic license revalidation, several HTTP redirects, HTTP proxy configurable |
License check | 443 | IceWarp server | licenseprocessor.icewarp.com | TCP | periodic license revalidation, several HTTP redirects, HTTP proxy configurable |
Smartlink tracking | 9001 | IceWarp server | icw.li (IP based on geoIP) | TCP |
URL shortening service, tracking of shared files service |
Inter-server communication ( between all IceWarp servers forming one load-balancing group ) |
|||||
SMTP |
25 | IceWarp servers | IceWarp servers | UDP | SMTP service distributed cache invalidation ( needed for clustered setups only ) |
POP3/IMAP |
110 | IceWarp servers | IceWarp servers | UDP | POP3/IMAP service distributed cache invalidation ( needed for clustered setups only ) |
Web |
80 | IceWarp servers | IceWarp servers | UDP | Web service distributed cache invalidation ( needed for clustered setups only ) |
IM |
5222 | IceWarp servers | IceWarp servers | UDP | Instant Messaging service distributed cache invalidation ( needed for clustered setups only ) |
Groupware
|
5229 | IceWarp servers | IceWarp servers | UDP | Groupware service distributed cache invalidation ( needed for clustered setups only ) |
Groupware API |
32002 | IceWarp servers | IceWarp servers | UDP | Groupware API service distributed cache invalidation ( needed for clustered setups only ) |
|
|||||
Outgoing - from clients |
|||||
Videoconference webclient | 10000 | Client’s PC | jwt.conference.iw.com for initial communication and video bridges afterwards | UDP | Videoconference bridges IP addresses list is changing during the period of time can be provided on demand |
Dashboard microservice | 80 | IceWarp web client (user PC) | login.icewarp.com (geographical dependent and vendor relevant) | TCP | Version 14.0.0.0 and higher. Optional, if port 443 is not allowed or blocked by additional technologies, such as UTM or deep SSL inspection |
Dashboard microservice | 443 | IceWarp web client (user PC) | login.icewarp.com (geographical dependent and vendor relevant) | TCP | Version 14.0.0.0 and higher. |
Dashboard microservice | 80 | IceWarp web client (user PC) | login.icewarp.com (geographical dependent and vendor relevant) | TCP |
Version 14.0.0.0 and higher. Optional, if port 443 is not allowed or blocked by additional technologies, such as UTM or deep SSL inspection |
SSH | 22 | trusted site or VPN tunnel | IceWarp server | TCP | management access, optional |
Dashboard microservice | 443 | IceWarp web client (user PC) | api.icewarp.com | TCP |
Version 14.0.0.0 and higher. |
Dashboard microservice | 443 | IceWarp web client (user PC) | webui.icewarp.com | TCP |
Version 14.0.0.0 and higher. |
SMTP (SSL/TLS) | 465 | user PC | IceWarp server | TCP | SMTP client ( direct TLS ) |
SMTP (STARTTLS) | 587 | user PC | IceWarp server | TCP | SMTP client ( STARTTLS ) |
IMAP (SSL/TLS) | 993 | user PC | IceWarp server | TCP | IMAP client ( direct TLS ) |
POP3 (SSL/TLS) | 995 | user PC | IceWarp server | TCP | POP3 client ( direct TLS ) |
POP3 (unencrypted not recommended) | 110 | user PC | IceWarp server | TCP | POP3 client ( STARTTLS ) |
IMAP (unencrypted not recommended) | 143 | user PC | IceWarp server | TCP | IMAP client ( STARTTLS ) |
XMPP (unencrypted) | 5222 | user PC | IceWarp server | TCP | Instant Messaging client ( STARTTLS ) |
XMPP (encrypted) | 5223 | user PC | IceWarp server | TCP | Instant Messaging client ( direct TLS ) |
SIP | 5060 | user PC | IceWarp server | TCP | SIP signalisation ( STARTTLS ) |
SIP (SSL) | 5061 | user PC | IceWarp server | TCP | SIP signalisation ( direct TLS ) |
SIP | 5060 | user PC | IceWarp server | UDP | SIP signalisation UDP |
Web | 80 | user PC | IceWarp server | TCP | Lets Encrypt cert authority needs port 80, it is also needed for http->https redirect for WebClient user access |
Web | 443 | user PC | IceWarp server | TCP | WebClient / WebAdmin user access |
Comments
0 comments
Please sign in to leave a comment.