Cisco Cisco Expressway Maintenance Manual

Note that:

■

Ports 8191/8192 TCP and 8883/8884 TCP are used internally within the Expressway-C and the Expressway-E
applications. Therefore these ports must not be allocated for any other purpose. The Expressway-E listens
externally on port 8883; therefore we recommend that you create custom firewall rules on the external LAN
interface to drop TCP traffic on that port.

■

The Expressway-E listens on port 2222 for SSH tunnel traffic. The only legitimate sender of such traffic is the
Expressway-C (cluster). Therefore we recommend that you create the following firewall rules for the SSH
tunnels service:

—

one or more rules to allow all of the Expressway-C peer addresses (via the internal LAN interface, if
appropriate)

—

followed by a lower priority (higher number) rule that drops all traffic for the SSH tunnels service (on the
internal LAN interface if appropriate, and if so, another rule to drop all traffic on the external interface)

External XMPP Federation

This section describes how to configure your Expressway to support external XMPP federation.

Deploying Expressway for External XMPP Federation

External XMPP federation enables users registered to Unified CM IM & Presence to communicate via the Expressway-
E with users from a different XMPP deployment.

The following diagram shows how XMPP messages are routed from your on-premises IM & Presence server via the
Expressway-C and Expressway-E Collaboration Edge solution to the federated XMPP server. It also shows the ports
and connections that are used as the messages traverse DMZ firewalls.

Supported Systems

■

Expressway-E supports XMPP federation with:

—

Cisco Unified Communications Manager IM and Presence Service 9.1.1 or later

—

Cisco Webex Connect Release 6.x

—

other XMPP standards-compliant servers

■

Cisco Jabber 9.7 or later

Cisco Expressway Administrator Guide