Opening firewall ports for Sametime Gateway Server
Work closely with your firewall administrator to open specific ports in the internal and external firewalls to allow messages to flow to and from the Sametime® Gateway Server in the DMZ to the local Sametime community, and to permit access to LDAP and DB2®. In addition, verify that the external firewall allows inbound and outbound connections to and from specific IP addresses. Make sure any kind of SIP fixup or SIP inspection is disabled in your firewall settings.
About this task
A Sametime Gateway Server or cluster is normally deployed in the DMZ, which is the zone between the internal and external firewalls. You also need to open ports in the external firewall to allow the Sametime Gateway Server to connect with external communities.
You can deploy a Network Address Translator (NAT) between local Sametime Community Servers and a Sametime Gateway Server. However, deploying a NAT device between Sametime Gateway Server and the Internet is not supported when trying to connect a Sametime Gateway Server to AOL or TLS-encrypted SIP-based external communities. While there are SIP-aware NAT devices, they are not sufficient because AOL communities require secure SIP (SSL/TLS) communication, and a NAT device would not be able to decrypt and translate the packets for proper operation.