Which action is required for a firewall configuration on a Mobile and Remote Access through Cisco Expressway deployment?

A. The external firewall must allow these inbound connections to Expressway: SIP: TCP 5061: HTTPS: TCP 8443; XMPP: TCP 5222; Media: UDP 36002 to 59999.

B. The internal firewall must allow these inbound and outbound connections between Expressway-׀¡ and Expressway-E: SIP: HTTPS (tunneled over SSH between ׀¡ and E): TCP 2222: TCP 7001; Traversal Media: UDP 2776 to 2777 (or 36000 to 36011 for large VM/appliance); XMPP: TCP 7400.

C. Do not use a shared address for Expressway-E and Expressway-׀¡, as the firewall cannot distinguish between them. If static NAT for IP addressing on Expressway-E is used, ensure that any NAT operation on Expressway-׀¡ does not resolve the same traffic IP address. Shared NAT is not supported.

D. The traversal zone on Expressway-׀¡ points to Expressway-E through the peer address field on the traversal zone, which specifies the Expressway-E server address. For dual NIC deployments, set the Expressway-E address using an FQDN that resolves the IP address of the internal interface.








 

Suggested Answer: A

Reference:
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-7/Cisco-Expressway-IP-Port-Usage-for-Firewall-Traversal-

Deployment-Guide-X8-7.pdf

This question is in 350-801 CLCOR exam 
For getting CCNP Collaboration Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Cisco.
Trademarks, certification & product names are used for reference only and belong to Cisco.