Google Talk Ports?

Pancake_Effect
Pancake_Effect used Ask the Experts™
on
We use Google Talk to talk between IT staff members a lot, being that it's quick and easy. Google Talk works on the Lan just fine, when I connect my smart phone to the wireless, Google talk does not work. If I use phone signal without wireless, I can talk just fine. "By the way this is all just instant messaging"

So I figured our Aruba wireless is blocking it.

I added the exception based off this guide on the Aruba controller:
http://support.google.com/talk/bin/answer.py?hl=en&answer=27930

I added 5222 TCP to be allowed...but it still doesn't work. Are there any other ports I'm missing? 443 is already allowed.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
According to google, you have the right ports open.

You may want to try telneting to:

talk.google.com using port 5222 and see if you get anything.  I did when tested here.

Commented:
Also make sure you don't have a local firewall/av blocking the traffic.  So many places ports can get blocked.

Author

Commented:
This is on my phone, the desktops work fine. So it's something to do with the Aruba wireless firewall. I open ports all the time on the controller, it's like they're missing a port listing.
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

Commented:
I'm reading some more on this...  One person says he fixed it and it was a over aggresive firewall.

Another did a range of IP's, 5222-5443

Is there any logging/debugging capability that you can check on the wireless controller?

Author

Commented:
Range 5222-5443 did it!

The ports in-between that..we're not opening ourselves up to non-google ports are we? Just want to make sure I know what we're opening ourselves up to from a security standpoint.
Commented:
It would depend how you wrote the ACL rule on the controller.  If you specified a destination to talk.google.com it would only allow those ports to them.

If you just opened that range to any destination, another application that might use ports in that range could potentially work.

That port range isn't in the well-known range though.  You may want to tinker with your rule to ensure you limit the scope.

Author

Commented:
I tried limiting the destination to just talk.google.com. Doing a nslookup shows that talk.google.com IP Address is 74.125.142.125. I added the 74.125.142.125 as the destination in the exception, and it doesn't work. It only seems like only "any" works as the destination. Do they use a different IP address possibly?
Commented:
Hmm...  That stuff gets tricky to do because they round robin the dns name to a pool of servers.  Does the ACL require a ip as a destination...

I am looking some more and another article says it needs the following ports:

Port 80, Port 443 and Port 5222 and 5223.  Maybe try opening just those and see if you don't need to open such a wide range.
Commented:
I suppose it's about how secure you want to be...  And with who...

You most likely have a router at the edge doing inbound filtering of traffic...  with SPI.

Most likely leaving the range open on the controller will only affect those connected to the controller, and initiating the connecting over those ports.  You would know your network best.  I'm assuming layout from my spot.  We all know what happens when you assume ;-)

Author

Commented:
I usually just do simple management of it, and maintain, and let the networkers do the hard stuff. Little things like this I feel okay doing, but like you said I rather be completely sure. But this is on our guest network which is on it's own vlan, and for the most part separated from our network, does it even matter if these ports are open being on the guest?
Commented:
Being it is on a seperate VLAN.  It is already isolated from your main network...  Critical stuff

Yes, a range of ports is open that allows a system to connect to services over.  However, your gateway/edge router is blocking most scary traffic from getting into your network/guest network.

In my opinion, it isn't a big deal.  Traffic has to initiate from inside your network (guest) to use those ports.  I'd just add a description to the statement you added on the controller and explain the purpose of opening the range.  Then if anyone questions it, it will make sense.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial