In this section:
The SBC Core platforms (SBC 5000 series, SBC 7000, SBC SWe) listen to the TCP/IP network ports listed in the following tables. Some of these ports will not be open if the corresponding product features are not configured.
Note
The actual ports that the SBC listens to depends on the actual system configuration.
Warning
Due to an IPMI vulnerability, Ribbon recommends not connecting the BMC Ethernet port to an external network unless the network is deemed well-protected.
[Reference: NIST National Vulnerability Database website]
SBC 5000/7000 Series BMC Ports
SBC 5000/7000 Series BMC Ports
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|---|---|---|---|---|
| TCP | 22 | SSH | SSHD | BMC CLI via SSH | BMC CLI over SSHv2. |
| TCP | 80 | TLS 1.2 | lighttpd | BMC GUI redirection to port 443 | HTTP server redirects browser to port 443 for HTTPS. No actual BMC access on port 80. |
| TCP | 443 | TLS 1.2 | lighttpd | BMC GUI via HTTPS | |
| TCP | 5120 | TCP | cdserver opp | BMC Remote Console: CD | |
| TCP | 5121 | not used | not used | BMC Remote Console: Keyboard and Mouse | |
| TCP | 5123 | not used | not used | BMC Remote Console: Diskette | |
| TCP | 5555 | not used | not used | BMC Remote Console: Encryption | |
| TCP | 5556 | not used | not used | BMC Remote Console: Authentication | |
| TCP | 6481 | not used | not used | BMC Remote Console: Servicetag Daemon | |
| TCP | 7578 | TCP | BMC Remote Console: Video | ||
| TCP | 7579 | BMC Remote Console: Serial | |||
| TCP | Random port | TCP | IPMI |
SBC Core Management Ports
SBC Core Management Ports
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|---|---|---|---|---|
| TCP | 22 | SSH | SSHD | SBC application CLI via SSH | Application CLI over SSHv2. |
80 | TLS 1.2 | apache2 | Embedded Management Application (EMA) GUI redirection to port 443 | HTTP server redirects browser to port 443 for HTTPS. No actual EMA access on port 80. | |
443 | TLS 1.2 | apache2 | EMA GUI via https | ||
444 | connexip manager | apache2 | EMA GUI, Platform Mode via https | ||
2022 | confd | Netconf OAM interface | Netconf over SSHv2. Used by Ribbon EMS to manage the SBC. | ||
2024 | sftp | Linux SFTP access via SSH | |||
| 3091 | ssreq-tcp | SSREQ | SSReq troubleshooting tool | Default TCP port | |
4680 | SecureLink client GUI via http | The SecureLink client is a RASO feature that creates and maintains an SSH connection to the SecureLink server at RibbonHQ, to support remote troubleshooting. This port presents a GUI interface to manage the SL client. NOTE: SecureLink runs on a separate VM instance for SBC SWe; hence this port is not applicable for SBC SWe. Port 4680 is restricted to "localhost." This ensures that Gatekeeper (the SecureLink GUI) cannot be accessed remotely using the management port of the SBC. | |||
| UDP | 123 | NTP | NTPD | Network Timing Protocol Daemon (NTPD) | |
161 | SNMP | SNMP daemon | SNMP agent | Statistics and status retrieval. Read only. | |
| 3054 | DIAMETER+ | DS | PSX call processing requests | This port is used for call processing requests coming from the PSX to the SBC over Diameter+. This can also be configured through PKT ports. | |
| 3055 | DIAMETER+ | DS | Keep alive messages and registration (Diameter). | This can also be configured through PKT ports. | |
3069 | DMARSH | SCPA | ERE | ERE SIP SCPA process. | |
| 3090 | ssreq-udp | SSREQ | SSReq troubleshooting tool | Default UDP port | |
65xxx | PSX | Dynamically allocated server port number. Part of SBC communication with external PSX. |
SBC Core Media Physical Ports at Interface IP Addresses
SBC Core Media Physical Ports at Interface IP Addresses
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|---|---|---|---|---|
| UDP | 500 | IKE | IKE | IKE | IKEv1 or IKEv2 Internet Key Exchange for IPSec |
1024-65534 | RTP, RTCP,SRTP,SRTCP | RTP, RTCP, SRTP, SRTCP | Real time media | ||
| ESP | N/A | IPSec ESP | Encapsulating Security Payload |
SBC Core Media Physical Ports at Signaling Port IP Addresses
SBC Core Media Physical Ports at Signaling Port IP Addresses
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|---|---|---|---|---|
| TCP | 2569 | MSC | SAM | GW – GW signaling | Ribbon proprietary gateway-to-gateway signaling. Listen port is configurable; 2569 is the default. |
5060 | SIP | SIPE | SIP signaling over TCP | Listen port is configurable; 5060 is the default. | |
5061 | SIP | SIPE | SIP signaling over TLS over TCP | Listen port is configurable; 5061 is the default. | |
| UDP | 5060 | SIP | SIPE | SIP signaling over UDP | Listen port is configurable; 5060 is the default. |
| SCTP | 5060 | SIP | SIPE | SIP signaling over SCTP | Listen port is configurable; 5060 is the default. |
| ESP | N/A | IPsec ESP | Encapsulating Security Payload. Terminates on signaling address when IPSec is used in IMS access and peering modes (in peering mode, the protected address may be different). |
Note
If a zone's sipSigPort is configured for transportProtocolsAllowed = sip-tls-tcp, and either Egress IPSP Transport Type is TLS Over TCP and/or the Egress TG’s transportPreference is tls-tcp, the SBC increments the configured portNumber by 1 and uses it as the new port number for SIP over TLS signaling. The SBC then opens a TCP socket for SIP over TLS for the new TCP port number.
Example: When sipSigPort is configured with a portNumber of 5060 and transportProtocolsAllowed = sip-tls-tcp, the SBC listens on TCP port 5061 for SIP over TLS.
Overview
Content Tools