Firewall Requirements for Installation
Tables Use the ESS Default Port Numbers
The ports referred to in these tables for HTTP (8080), HTTPS (8443) and SFTP (8022) are the EchoSystem Server (ESS) default port numbers. These firewall rules change to ports set when configuring the system.
On Windows, the ESS can be configured to run on the following native ports: HTTP (80), HTTPS (443), and SFTP (22). On Linux, the ESS cannot be configured to run on protected ports below 1024.
Do not change the following ESS default ports: HTTP (8080), HTTPS (8443), and SFTP (8022).
EchoSystem Server
Outbound Traffic Proxy Not Supported
The ESS does not support being placed behind an outbound traffic proxy. We are aware that many IT departments require the use of an outbound traffic proxy and that the ESS requires an exception. An outbound traffic proxy (even a transparent proxy) imposes numerous communications issues. It is not supported.
Native Ports and ESS Default Ports
A native port for a service is the assumed port. That is, when no port number is specified, web browsers and any connecting client assume that a particular service is running on its native port.
For three services (HTTP, HTTPS, and SFTP) the ESS default ports are different from the native ports, as shown in the table below.
Port Description | Native Port | ESS Port |
|---|---|---|
SFTP (Secure File Transfer Protocol) | 22 | 8022 |
HTTP (Hypertext Transfer Protocol) | 80 | 8080 |
HTTPS (Secure Hypertext Transfer Protocol) | 443 | 8443 |
For example, the URL for the admin interface running on the EchoSystem default port would be:
https://yourdns.edu:8443If running on the native port, the URL would be:
https://yourdns.eduTwo Options if You are Running Windows
Change the default ESS ports back to their native ports. See Change ESS Default Ports to Native Ports and follow the port configurations in ESS Firewall Ports for Windows-Only Configuration with Native Ports.
Leave them at the ESS defaults. Follow the port configurations in ESS Default Firewall Ports for Windows and Linux.
Change ESS Default Ports to Native Ports
Follow these steps.
Navigate to System > System Settings.
Click Edit.
Change the port for HTTPS back to its native port by removing :8443 from the Application Base URL for Application Settings.
Change the port for HTTP back to its native port by removing :8080 from the Echo Base URL for Application Settings.
Change the port for SFTP back to its native port by changing the FTP Port for Intake Settings to 22.
Change the port for HTTP back to its native port by removing :8080 from the Internal Base URL for Active Echo Settings.
Click Save.
Restart the EchoSystem Service.
ESS Default Firewall Ports for Windows and Linux
This configuration assumes that you are using the built-in support for the ESS to provide a webserver, SFTP server, and Wowza Media Server (Wowza). If these services are being provided by dedicated or external services, the applicable firewall rules need to be applied to those systems instead.
The following table lists the default ESS firewall port configurations for each supported protocol.
Port Description | Port | Port Direction | Protocol | Comment | Open on local/server firewall? | Open between the institution and rest of world? |
|---|---|---|---|---|---|---|
FTP (File Transfer Protocol) | 21 | outbound | TCP | If using the Easy captioning plugin | Yes | Yes |
SFTP (Secure File Transfer Protocol) | 22 | outbound | TCP | To upload log files to Echo360 support | Yes | Yes |
SMTP (Simple Mail Transfer Protocol) | 25 | outbound | TCP | To send email alerts and notifications via your mail server | Yes | – |
DNS (Domain Name Service) | 53 | outbound | UDP | – | Yes | – |
HTTP (Hypertext Transfer Protocol) | 80 | outbound | TCP | If using Echo360 search indexing Publisher | Yes | Yes |
NTP (Network Time Protocol) | 123 | outbound | UDP | – | Yes | – |
HTTPS (Secure Hypertext Transfer Protocol) | 443 | outbound | TCP | Needed to register for and use the Collaboration and Statistics Service | Yes | Yes |
RTMP (Real Time Messaging Protocol) | 1935 | inbound | TCP | – | Yes | Yes |
HTTP (Apple HTTP Streaming Protocol) | 1935 | inbound | TCP | – | Yes | Yes |
SFTP (Secure File Transfer Protocol) | 8022 | inbound | TCP | – | Yes | – |
HTTP (Hypertext Transfer Protocol) | 8080 | inbound | TCP | – | Yes | Yes |
HTTPS (Secure Hypertext Transfer Protocol) | 8443 | inbound | TCP | – | Yes | Yes |
HTTPS (Secure Hypertext Transfer Protocol) | 8446 | outbound | TCP | Required for Server Licensing | Yes | Yes |
ESS Firewall Ports for Windows-Only Configuration with Native Ports
This configuration assumes that you are using the built-in support for the ESS to provide a webserver, SFTP server, and Wowza Media Server. If these services are being provided by dedicated or external services, the applicable firewall rules need to be applied to those systems instead.
The following table lists the default ESS firewall port configurations for the native ports on a Windows-Only environment.
Port Description | Port | Port Direction | Protocol | Comment | Open on local/server firewall? | Open between the institution and rest of world? |
|---|---|---|---|---|---|---|
FTP (File Transfer Protocol) | 21 | outbound | TCP | If using the Easy captioning plugin | Yes | Yes |
SFTP (Secure File Transfer Protocol) | 22 | outbound | TCP | To upload log files to Echo360 support | Yes | Yes |
SMTP (Simple Mail Transfer Protocol) | 25 | outbound | TCP | To send email alerts and notifications via your mail server | Yes | – |
DNS (Domain Name Service) | 53 | outbound | UDP | – | Yes | – |
HTTP (Hypertext Transfer Protocol) | 80 | both | TCP | If using Echo360 search indexing Publisher | Yes | Yes |
NTP (Network Time Protocol) | 123 | outbound | UDP | – | Yes | – |
HTTPS (Secure Hypertext Transfer Protocol) | 443 | both | TCP | – | Yes | Yes |
RTMP (Real Time Messaging Protocol) | 1935 | inbound | TCP | – | Yes | Yes |
HTTP (Apple HTTP Streaming Protocol) | 1935 | inbound | TCP | – | Yes | Yes |
SFTP (Secure File Transfer Protocol) | 8022 | inbound | TCP | – | Yes | -- |
HTTPS (Secure Hypertext Transfer Protocol) | 8446 | outbound | TCP | Required for Server Licensing | Yes | Yes |
EchoSystem Media Processor
The following table lists the default port configurations for the EchoSystem Media Processor.
Port Description | Port | Port Direction | Protocol |
|---|---|---|---|
DNS (Domain Name Service) | 53 | outbound | UDP |
HTTPS (Secure Hypertext Transfer Protocol) | 8443 | outbound | TCP |
NTP (Network Time Protocol) | 123 | outbound | UDP |
SFTP (Secure File Transfer Protocol) | 8022 | outbound | TCP |
EchoSystem Capture Appliances
The following table lists the default port configurations for the EchoSystem capture appliances. Some of these can be changed on the System Settings page. See Change ESS Default Ports to Native Ports.
Port Description | Default Port | Port Direction | Protocol | Comment |
|---|---|---|---|---|
DHCP (Dynamic Host Configuration Protocol) | 67, 68 | both | UDP | – |
DNS (Domain Name Service) | 53 | outbound | UDP | – |
HTTP (Hypertext Transfer Protocol) | 8080 | inbound | TCP | Can be changed on the System Settings page. See Change ESS Default Ports to Native Ports. |
HTTPS (Secure Hypertext Transfer Protocol) | 8443 | both | TCP | Can be changed on the System Settings page. See Change ESS Default Ports to Native Ports. |
NTP (Network Time Protocol) | 123 | outbound | UDP | – |
SFTP (Secure File Transfer Protocol) | 8022 | outbound | TCP | Can be changed on the System Settings page. See Change ESS Default Ports to Native Ports. |
Wowza Media Server
Port Configurations
The following table lists the port configurations for the Wowza Media Server.
Port Description | Port | Port Direction | Protocol | Comments |
|---|---|---|---|---|
HTTP (Hypertext Transfer Protocol) | 80 | outbound | TCP | Used to validate the Wowza license. The Wowza 3 server sends a registration request when:
|