The
platforms (SBC 5000 series, SBC 7000, SBC SWe) listen to the TCP/IP network ports listed in the following tables. Some of these ports will not be open if the corresponding product features are not configured.
Noteinfo |
---|
|
The actual ports that the listens to depends on the actual system configuration. |
Warning |
---|
|
Due to an IPMI vulnerability, Sonus recommends not connecting the BMC Ethernet port to an external network unless the network is deemed well-protected.
[Reference: NIST National Vulnerability Database website] |
Multiexcerpt |
---|
|
SBC 5000/7000 Series BMC Ports Caption |
---|
0 | Table |
---|
1 | SBC 5000/7000 Series BMC Ports |
---|
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
---|
TCP | 22 | SSH | SSHD | BMC CLI via SSH | BMC CLI over SSHv2. | TCP | 80 | TLS 1.2 | lighttpd | BMC GUI redirection to port 443 | HTTP server redirects browser to port 443 for HTTPS. No actual BMC access on port 80. | TCP | 443 | TLS 1.2 | lighttpd | BMC GUI via HTTPS | | TCP | 5120 | TCP | cdserver opp | BMC Remote Console: CD | | TCP | 5121 | not used | not used | BMC Remote Console: Keyboard and Mouse | | TCP | 5123 | not used | not used | BMC Remote Console: Diskette | | TCP | 5555 | not used | not used | BMC Remote Console: Encryption | | TCP | 5556 | not used | not used | BMC Remote Console: Authentication | | TCP | 6481 | not used | not used | BMC Remote Console: Servicetag Daemon | | TCP | 7578 | TCP | | BMC Remote Console: Video | | TCP | 7579 | | | BMC Remote Console: Serial | | TCP | Random port | TCP | IPMI | | |
|
|
Multiexcerpt |
---|
|
SBC Core Management Ports Caption |
---|
0 | Table |
---|
1 | SBC Core Management Ports |
---|
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
---|
TCP | 22 | SSH | SSHD | SBC application CLI via SSH | Application CLI over SSHv2. | 80 | TLS 1.2 | lighttpd | Embedded Management Application (EMA) GUI redirection to port 443 | HTTP server redirects browser to port 443 for HTTPS. No actual EMA access on port 80. | 443 | TLS 1.2 | lighttpd | EMA GUI via https | | 444 | connexip manager | | EMA GUI, Platform Mode via https | | 2022 | confd | | Netconf OAM interface | Netconf over SSHv2. Used by Sonus EMS to manage the SBC. | 2024 | sftp | | Linux SFTP access via SSH | | 3091 | ssreq-tcp | SSREQ | SSReq troubleshooting tool | Default TCP port | 4680 | | | SecureLink client GUI via http | The SecureLink client is a RASO feature that creates and maintains an SSH connection to the SecureLink server at SonusHQ, to support remote troubleshooting. This port presents a GUI interface to manage the SL client. NOTE: SecureLink runs on a separate VM instance for SBC SWe; hence this port is not applicable for SBC SWe. | UDP | 123 | NTP | NTPD | Network Timing Protocol Daemon (NTPD) | | 161 | SNMP | SNMP daemon | SNMP agent | Statistics and status retrieval. Read only. | 3054 | DIAMETER+ | DS | PSX call processing requests | This port is used for call processing requests coming from the PSX to the SBC over Diameter+. This can also be configured through PKT ports. | 3055 | DIAMETER+ | DS | Keep alive messages and registration (Diameter). | This can also be configured through PKT ports. | 3069 | DMARSH | SCPA | ERE | ERE SIP SCPA process. | 3090 | ssreq-udp | SSREQ | SSReq troubleshooting tool | Default UDP port | 65xxx | | | PSX | Dynamically allocated server port number. Part of SBC communication with external PSX. |
|
Caption |
---|
0 | Table |
---|
1 | SBC Core Media Physical Ports at Interface IP Addresses |
---|
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
---|
UDP | 500 | IKE | IKE | IKE | IKEv1 or IKEv2 Internet Key Exchange for IPSec | 1024-65534 | RTP, RTCP,SRTP,SRTCP | | RTP, RTCP, SRTP, SRTCP | Real time media | ESP | N/A | | | IPSec ESP | Encapsulating Security Payload |
|
Caption |
---|
0 | Table |
---|
1 | SBC Core Media Physical Ports at Signaling Port IP Addresses |
---|
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
---|
TCP | 2569 | MSC | SAM | GW – GW signaling | Sonus proprietary gateway-to-gateway signaling. Listen port is configurable; 2569 is the default. NOTE: This port is not applicable for SBC SWe as GW-GW signaling is not supported for SWe. | 5060 | SIP | SIPE | SIP signaling over TCP | Listen port is configurable; 5060 is the default. | 5061 | SIP | SIPE | SIP signaling over TLS over TCP | Listen port is configurable; 5061 is the default. | UDP | 5060 | SIP | SIPE | SIP signaling over UDP | Listen port is configurable; 5060 is the default. | SCTP | 5060 | SIP | SIPE | SIP signaling over SCTP | Listen port is configurable; 5060 is the default. | ESP | N/A | | | IPsec ESP | Encapsulating Security Payload. Terminates on signaling address when IPSec is used in IMS access and peering modes (in peering mode, the protected address may be different). |
|
|
Infonote |
---|
|
If a zone's sipSigPort is configured for transportProtocolsAllowed = sip-tls-tcp , the SBC increments the configured portNumber by 1 and uses it as the new port number for SIP over TLS signaling. The SBC then opens a TCP socket for SIP over TLS for the new TCP port number. Example: When sipSigPort is configured with a portNumber of 5060 and transportProtocolsAllowed = sip-tls-tcp , the SBC listens on TCP port 5061 for SIP over TLS. |
...