Configuring Windows Firewall for Speech Server
This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.
Windows Firewall determines which network connections are allowed for the computer. When Windows Firewall is running, it rejects all network connections except those specified as exceptions. When Windows Firewall is not running, all network connections are allowed, leaving the computer vulnerable to external attackers.
Use Windows Firewall to help secure network connections and only allow those connections specified as exceptions on the computer running Speech Server. Exceptions are specified by port number or by programs (or processes).
You can manually configure the Windows Firewall exceptions using the port and process exceptions described in following sections. For more information about how to manually configure Windows Firewall, see Help: Windows Firewall.
Alternatively, you can automatically configure Windows Firewall exceptions using the Security Configuration Wizard, which also enables and disables services and other features required by Speech Server. For more information, see Using the Security Configuration Wizard to Help Secure Speech Server.
Windows Firewall Port Exceptions for Speech Server
The following table lists the default network ports that must be configured as port exceptions for Speech Server to accept connections from SIP peers. After configuring the default network port as a port exception, you must enable the newly configured ports in Windows Firewall. For more information, see How to: Configure the Listening Ports for SIP Peer Communication.
Port | Purpose |
---|---|
5060 |
The default port for TCP connections on which Speech Server listens for incoming INVITE messages from SIP peers. |
5061 |
The default port for Transport Layer Security (TLS) connections on which Speech Server listens for incoming INVITE messages from SIP peers. |
7423 |
The default port for TCP connections on which Telephony Interface Manager Connector (TIMC) listens for incoming INVITE messages from Speech Server.
Note:
This port is only required if you are using TIMC and TIMC is installed on a computer other than the one running Speech Server.
|
7424 |
The port for TLS connections on which TIMC listens for incoming INVITE messages from Speech Server.
Note:
This port is only required if you are using TIMC and TIMC is installed on a computer other than the one running Speech Server.
|
Note
If application listening ports have been configured, you must include those ports on the Windows Firewall exceptions. When specified, these ports are used for SIP traffic instead of the default listening ports. For more information, see How to: Configure Application Listening Ports.
Windows Firewall Process Exceptions for Speech Server
The following table lists the Speech Server processes that need to be specified in Windows Firewall to allow communications with SIP peers.
Processes | Purpose |
---|---|
SESWorker.exe |
The process that dynamically allocates ports for Real-time Transport Protocol (RTP) and RTP Control Protocol (RTCP) connections used to transmit audio data between Speech Server and the trusted SIP peer. The range of ports used for RTP and RTCP connections is 1024 to 65535 and is configurable using the Speech Server??Administrator console. For more information, see How to: Configure Speech Server Audio Settings. |
W3WP.exe |
The process that hosts application instances for Speech Server and dynamically allocates ports for redirected SIP invites originating from the TAP process. When the port is established for an application instance, SIP messages between Speech Server and the trusted SIP peer use this port. W3WP.exe allocates ports from 1024 to 65535. |