ksaye -> RE: Magicjack. . .ISA blocking VOIP ports? (23.May2010 11:36:24 PM)
For others who are having this issue, I have documented how to get this working below:
Allowing MagicJack through ISA/TMG
This setup assumes you have a working TMG2010 server, but the steps should work with ISA as well. In my particular case, I decided to run the MagicJack device on the TMG server, but I also tested in on a machine (Windows7, x64) behind the TMG server also.
TMG is up and working
There is already a rule that allows the TMG server and machines behind the TMG server to communicate with the internet using HTTP and HTTPS.
The rule that we will create below should be very high in the order list, to ensure that no other rule applies, as the UDP “send receive” setting is required.
TMG Rule Setup:
We will simply create a Firewall Rule named “MagicJack” that allows outbound communication (and replies) on UDP port 5070 (needed for registration and connection) and allows for UDP communication on ports above 10,000 (needed for voice communication).
Step 1: Create a new Access Rule (in TMG, right click Firewall Policy č New č Access Rule).
Step 2: Name the rule “MagicJack” and click next.
Step 3: Set the rule action to “Allow” and click next.
Step 4: On the select protocols, click add and create (and add) the following 2 Protocols.
· Name: Magic Jack, Protocol: UDP, Direction: Send Receive, Ports: from 5070 to 5070
· Name: UDP 10K+, Protocol: UDP, Direction: Send Receive, Ports: from 10000 to 65535
Step 5: On the Access Rule Source screen, select “Local Host” (or Internal if not running on TMG server) and click next.
Step 6: On the Access Rule Destination screen, select “External” and “Local Host” and click next.
Step 7: On the User Sets screen, leave the “All Users” and click next.
Step 8: Click finished then click the apply button to apply changes. TMG may take a few minutes to apply.