Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 2

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel

In this section:

Table of Contents
maxLevel4

This page describes the summary of all the ports used in the Sonus cloud products.

Note

The ports are specific to an application or a feature and only applies when it is in use.

In the cloud environment, these ports are allowed in the security group associated with the instance type. The various fields are:

  • Direction (initial) - for UDP, this will be BOTH. For TCP, this will be OUTBOUND for clients and INBOUND for servers (to match the direction of the initial connection). 

    Info

    This definition matches the way firewall rules typically have to be defined.

  • Ether Type - It is either IPv4 or IPv6. Separate rules are supplied when both IPv4 and IPv6 are supported.
  • IP Protocol - UDP or TCP.
  • Local Port - an exact port number, or a wildcard. Note that TCP clients usually use an ephemeral local port which must be wildcarded.
  • Local IP/interface - the local interface or internal object (such as SIP SP)
  • Remote Port - an exact port number, or a wildcard. Note that TCP clients usually use an ephemeral local port (which must be wildcarded).
  • Remote Peers - peer type. Use this to set the most constrained remote network prefix. 

SBC Configurator Security Rules

The following tables provide security rules for SBC Configurator - Only the management interface is used.

Caption
0Table
1SBC Configurator Security Rules

 

 Direction
(Initial)
Ether TypeIP ProtocolNotes
IngressIPv4/v6TCPSSH to CLI
BothIPv4/v6UDPNTP
IngressIPv4/v6TCPREST to ConfD DB (HTTPS)
EgressIPv4/v6TCPREST back to EMS
IngressIPv4/v6TCPNetConf over ssh
IngressIPv4/v6TCPSSH to Linux, EMS SFTP

S-SBC and M-SBC Security Rules

The following tables provide security rules for S-SBC and M-SBC:

Caption
0Table
1Management Port

 

Direction
(Initial) 		Ether TypeIP ProtocolPort RangeRemote IP PrefixNotes
IngressIPv4/v6TCP20240.0.0.0/0SSH to CLI
IngressIPv4/v6UDP123::/0NTP
EgressIPv4/v6UDP123::/0NTP
IngressIPv4/v6UDP161::/0SNMP Polling
EgressIPv4/v6UDP161::/0SNMP Polling
IngressIPv4/v6UDP162::/0SNMP traps
EgressIPv4/v6UDP162::/0SNMP traps
IngressIPv4/v6TCP20220.0.0.0/0NetConf over ssh
IngressIPv4/v6TCP20240.0.0.0/0SSH to Linux
IngressIPv4/v6TCP (HTTP)800.0.0.0/0EMA
IngressIPv4/v6TCP4440.0.0.0/0Platform Manager
IngressIPv4/v6TCP (HTTPS)4430.0.0.0/0REST to ConfD DB
IngressIPv4/v6UDP30570.0.0.0/0Used for load balancing service
EgressIPv4/v6UDP30570.0.0.0/0Used for load balancing service
IngressIPv4/v6UDP3054::/0Call processing requests
EgressIPv4/v6UDP3054::/0Call processing requests
IngressIPv4/v6UDP30550.0.0.0/0Keep Alives and Registration
EgressIPv4/v6UDP30550.0.0.0/0Keep Alives and Registration
IngressIPv4/v6TCP4019::/0Applicable to M-SBC only
EgressIPv4/v6TCP40190.0.0.0/0Applicable to S-SBC only
IngressIPv4/v6UDP5093::/0SLS (license server) traffic
EgressIPv4/v6UDP5093::/0SLS (license server) traffic

Caption
0Table
1HA Ports

 

Direction
(Initial) 		Ether TypeIP ProtocolPort RangeRemote IP PrefixNotes
IngressIPv4UDP1024-65535  
IngressIPv4TCP4000-8000x.x.x.x/yRemote IP is HA subnet

Caption
0Table
1Packet Ports

 

Direction
(Initial) 		Ether TypeIP ProtocolPort RangeRemote IP PrefixNotes
IngressIPv4UDP5060x.x.x.x/yOn S-SBC only. One per signaling port accepting UDP SIP calls; Remote IP is either a peer network prefix or wild-carded to 0.0.0.0/0
IngressIPv6UDP5060x::x/yIPv6 equivalent to the above.
EgressIPv4UDP5060x.x.x.x/yOn S-SBC only. One per signaling port initiating UDP SIP calls; remote IP is either a peer network prefix or wild-carded to 0.0.0.0/0
EgressIPv6UDP5060x::x/yIPv6 equivalent to above.
IngressIPv4TCP5061x.x.x.x/yTCP equivalents for each signaling port for ingress calls
IngressIPv6TCP5061x::x/y
EgressIPv4TCP1024-65535x.x.x.x/yTCP equivalents for each signaling initiating calls. Note that the source port is ephemeral for outbound TCP connections, hence the port range.
EgressIPv6TCP1024-65535x::x/y
IngressIPv4UDP1024-655350.0.0.0/0RTP port space. On M-SBC only.
IngressIPv6UDP1024-65535::/0
EgressIPv4UDP1024-655350.0.0.0/0
EgressIPv6UDP1024-65535::/0
EgressIPv4TCP1024-65535x.x.x.x/yFor S-SBC only; client-side of media control protocol; remote IP is the network prefix of the M-SBC cluster; local port is ephemeral
IngressIPv4TCP4019x.x.x.x/yFor M-SBC only; server-side of media control protocol; remote IP is the network prefix of the S-SBC cluster.

Pagebreak