Ports Required For Panorama

[Gene Cryder]

Skypefor Business Server requires that specific ports on the external and internal firewalls are open. Additionally, if Internet Protocol security (IPsec) is deployed in your organization, IPsec must be disabled over the range of ports used for the delivery of audio, video, and panorama video.

While this might seem a bit daunting, the heavy lifting for planning this can be done using the Skype for Business Server 2015 Planning Tool. Once you've gone through the wizard's questions about what features you plan to use, for each site you define you can view the Firewall Report within the Edge Admin Report, and use the information listed there to create your firewall rules. You can also make adjustments to many of the names and IP addresses used, for details see Review the Firewall Report. Keep in mind you can export the Edge Admin Report to an Excel spreadsheet, and the Firewall Report will be one of the worksheets in the file.

When Skype for Business Server starts, it opens the required ports in the Windows Firewall. Windows Firewall should already be running in most normal applications, but if it is not being used Skype for Business Server will function without it.

Some remote call control scenarios require a TCP connection between the Front End Server or Director and the PBX. Although Skype for Business Server no longer uses TCP port 5060, during remote call control deployment you create a trusted server configuration, which associates the RCC Line Server FQDN with the TCP port that the Front End Server or Director will use to connect to the PBX system. For details, see the CsTrustedApplicationComputer cmdlet in the Skype for Business Server Management Shell documentation.

Your Front End pools and Director pools that use DNS load balancing also must have a hardware load balancer deployed. The following table shows the ports that need to be open on these hardware load balancers.

The ports that are used for external user access are required for any scenario in which the client must traverse the organization's firewall (for example, any external communications or meetings hosted by other organizations).

For enterprise networks where Internet Protocol security (IPsec) (see IETF RFC 4301-4309) has been deployed, IPsec must be disabled over the range of ports used for the delivery of audio, video, and panoramic video. The recommendation is motivated by the need to avoid any delay in the allocation of media ports due to IPsec negotiation.

And while I've sailed a similar itinerary on Holland and Princess, I find that the Carnival Panorama offers a similar experience for far cheaper and doesn't skimp on activities, dining, and exciting places to visit.

I have booked a variety of cabin sizes on the Carnival Panorama, but I find an entry-level inside stateroom offers enough space and amenities, and choosing one is the best way to trim my overall budget.

Unlike other cruise lines, there was no single supplement to sail solo in my stateroom. This not only saved me money but precious square footage as my single cabin came with just one bed, as opposed to the usual two. This meant I had more room to spread out and I never felt cramped.

Like other cruise ships I've experienced, my cabin bathroom was petite, but included a shower stall, a sink with mirrors above, a storage shelf beneath, and so many towels I was never wanting for more.

Carnival has so many onboard activities for all ages, but my all-time favorite thing to do on a sunny sea day is slip down the water slides. Panorama has two main slides, both of which I find to be thrilling. There is also a kiddie slide and a splash pad for little ones.

Beach Pool is centrally located and surrounded by lounge chairs and cabanas, including seating within the pool. I enjoy this pool early morning and late evening, when it's a bit quieter without the DJ and impromptu dance parties.

The sit-down cycle follows a suspended track above the upper deck where guests pedal their way along the track at their own pace. I have yet to see a big line form for this free attraction that is offered all day on port days and sea days alike.

I'm also a fan of the ropes course on the top deck, another free activity that technically offers great ocean views, but I'm usually more focused on the view of my feet and making sure I don't wobble.

The all-day buffet in Lido Marketplace rotates between roasted turkey to grilled fish and everything in between. The buffet operates morning through late night, so I tend to eat breakfast and dinner here daily.

As one of celebrity chef Guy Fieri's eateries, cruise guests know to go here for pulled pork, beef brisket, sausage, cold salads, and a variety of Fieri's signature sauces. My favorite is the brown sugar and bourbon sauce for sweet-meets-tangy perfection.

In the evening, this barbeque joint has an a la carte upcharge, ranging from $10 for finger foods to $30 for apps and an entree, but seasoned cruisers like myself know this specialty restaurant offers a free lunch spread on sea days. Anyone can take advantage of this and no reservations are required.

On the Panorama, I have made it a point to try some of their always-available offerings, like amber ales and IPAs. My personal favorite so far has been the limited-edition golden ale made in celebration of Carnival's 50 years at sea.

My favorite way to spend the evening is in the Liquid Lounge, where three times each week a different stage production includes popular music and a dance team. Dancers and singers perform hits from Stevie Wonder, Adele, Simon & Garfunkel, and other Top 40 selections.

Another favorite nightlife venue of mine is the Panorama Atrium with its rotating roster of musicians. This cocktail space might have a solo musician one hour, a blues guitarist the next, or my personal favorite, the rock violinists who combine pop and classical music.

On the back of the Promenade deck is Havana Bar, a sleek venue where karaoke competitions take place, but I like to visit when the Latin band performs. The dance floor quickly fills for a night of heart-racing beats.

Panorama has so many great activities night and day, which is why I keep coming back to this cruise ship. But sometimes I want a break from the buzz, and that's when I head to the Serenity deck. This is a quiet place just for adults to escape the crowds and party vibe.

Serenity Adult-Only Retreat has tons of lounge chairs, daybeds, cabanas, and secluded hot tubs all free for use night and day. I think it's a great spot to work on my tan or to chill out and watch the sunset.

This area is tucked away from the pool deck on its own little upper deck at the front of the ship, so I find it's always free of busy crowds and music, and it's easy to find a space to lounge.

I also like that the ports of Puerto Vallarta, Cabo San Lucas, and Mazatln don't require pricey excursion tickets since there's so much to do within walking distance. While it's possible to spend $30 and up to go snorkeling or take a tour, I haven't found the need for this.

The Cisco Meraki dashboard provides centralized management, optimization, and monitoring of Cisco Meraki devices. In order to manage a Cisco Meraki device through dashboard, it must be able to communicate with the Cisco Meraki cloud (dashboard) over a secure tunnel. This tunnel is created between Cisco Meraki devices and dashboard to pass management and reporting traffic in both directions.

Because the dashboard is located on the public internet, the tunnel is always initiated outbound from the managed device. Once a connection is established, the device maintains the connection by occasionally sending packets and receiving a response. When a firewall or gateway exists in the data path between the managed device and the dashboard, certain protocols and port numbers must be permitted outbound through the firewall for the secure tunnel to function.

This list changes dynamically depending on the devices and services added on the dashboard as well as the region the organization is located. The below example will not necessarily reflect your networks' unique requirements.

While devices will primarily connect to the dashboard using UDP port 7351 for their tunnel, they will attempt to use HTTP/HTTPS if unable to connect over port 7351. When devices are operating like this, a message will be displayed on the device's status page indicating that the "Connection to the Cisco Meraki cloud is using the backup cloud connection." If this is observed, please ensure that port 7351 is being allowed outbound through the firewall or security appliance traffic from the Cisco Meraki devices it will pass through.

If unable to configure the recommended firewall settings for the backup cloud connection due to security constraints, please note that Cisco Meraki devices will continue to operate normally, but some features of the dashboard may be slower to respond. This includes, but is not limited to:

Note: While it is possible for Cisco Meraki devices to operate without the recommended firewall settings in place for the backup cloud connection, the firewall settings for Meraki cloud communication are still required for the devices to function correctly.

In instances where MV Sense is configured to transmit to outbound IP addresses or upstream local resources, the upstream firewall rules will need to be configured to allow for MQTT telemetry and analytics data to be sent outbound. These destination IP address (or hostnames) and ports are configurable on a per-camera basis, so ensure these are recorded in a central location for all devices within your network(s). MQTT commonly uses port numbers of 1883 for TCP and 8883 for TLS.

In instances where another firewall is positioned upstream from the MX, the following FQDN destinations need to be allowed in order for categorization information traffic to pass successfully to the MX, so it can use the proper category classifications. Keep in mind that the IP addresses these domains resolve to will be different regionally, so ensure you are allowing the correct, current IPs if using IP-based rules instead of FQDN rules on your upstream firewall.

Domain names to add to the allow list on upstream firewall

3a8082e126