Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Management Security Group


 
Caption
0Table
1Configuring Security Group for Management Subnet


Type

Protocol

Port Range

Source

Notes/Purpose

SSHTCP22
0
x.
0
x.
0
x.
0
x/
0
ySSH to CLI
Custom UDP ruleUDP123
0
x.
0
x.
0
x.
0
x/
0
yNTP
Custom UDP ruleUDP161
0
x.
0
x.
0
x.
0
x/
0
ySNMP Polling
Custom UDP ruleUDP162
0
x.
0
x.
0
x.
0
x/
0
ySNMP traps
Custom TCP ruleTCP2022
0
x.
0
x.
0
x.
0
x/
0
yNetConf over ssh
Custom TCP ruleTCP2024
0
x.
0
x.
0
x.
0
x/
0
ySSH to Linux
HTTPTCP80
0
x.
0
x.
0
x.
0
x/
0
yEMA
HTTPSTCP443
0
x.
0
x.
0
x.
0
x/
0
yREST to ConfD DB
Custom UDP ruleUDP30570.0.0.0/0
Used for load balancing service
Custom UDP ruleUDP3054
0
x.
0
x.
0
x.
0
x/
0
yCall processing requests
Custom UDP ruleUDP3055
0
x.
0
x.
0
x.
0
x/
0
yKeep Alives and Registration
Custom
TCP ruleTCP40190.0.0.0/0Applicable to D-SBC onlyCustom
UDP ruleUDP5093
0
x.
0
x.
0
x.
0
x/
0
ySLS (license server) traffic
Custom TCP ruleTCP444
0
x.
0
x.
0
x.
0
x/
0
yCommunicating with EMS, AWS EC2-API server, and Platform Manager.




HA Security Group 


 
Caption
0Table
1Configuring Security Group for HA Subnet


Type
Protocol
Port Range
Source
Notes/Purpose
All TrafficAllAllx.x.x.x/yx.x.x.x/y is the HA subnet CIDR.


 


Packet Security Group


 
Caption
0Table
1Configuring Security Group for Packet Ports PKT0 and PKT1


Type
Protocol
Port Range
Source
Custom UDP ruleUDP5060x.x.x.x/y
Custom TCP ruleTCP5061x.x.x.x/y
Custom UDP ruleUDP1024-65535x.x.x.x/y



Note
titleCaution

The source ranges for the packet security group may be external IP address ranges, or they may be the HFE private subnet CIDR if a High-availability Forwarding Engine is present in the configuration.


HA Forwarding Node Security Groups


Caption
0Table
1Configuring a Security Group for the Public-facing/Management Port (eth0)


Type
Protocol
Port Range
Source
Custom UDP ruleUDP5060x.x.x.x/y
Custom TCP ruleTCP5061x.x.x.x/y
Custom UDP ruleUDP1024-65535x.x.x.x/y




Caption
0Table
1Configuring a Security Group for the Private-facing Port (eth2)


Type
Protocol
Port Range
Source
Custom UDP ruleUDP5060x.x.x.x/y is the PKT0 or PKT1 subnet CIDR which is to have external connectivity
Custom TCP ruleTCP5061x.x.x.x/y is the PKT0 or PKT1 subnet CIDR which is to have external connectivity
Custom UDP ruleUDP1024-65535x.x.x.x/y is the PKT0 or PKT1 subnet CIDR which is to have external connectivity



Note
titleCaution

The source ranges for the HFE Private-facing Port security group may be the private subnet CIDR of the SBC PKT0 or PKT1 subnets.

 

 



Outbound Security Group Rules 

Ribbon recommends opening all ports using Outbound/Egress rules in the security groups associated with management, HA and packet interfaces.    


Caption
0Table
1Outbound Security Group Rules


Type 
Protocol
Port Range
Destination
All TrafficAllAll
0
x.
0
x.
0
x.
0
x/
0
y



Note
titleCaution

 If you open specific ports in outbound security group rules, the remaining ports are blocked.


Info
titleNote

Refer to the Management Security Group, HA Security Group, and Packet Security Group tables for the minimum required security group rules for the SBC to function.

 

 



Info
titleNote

 Considering that the SIP signaling port in SBC configuration is set to the default port (5060), the port numbers for UDP/TCP are set to 5060 and 5061.


Create Security Groups

  1. Navigate to EC2 Management Console.

  2. From the left pane, click Security Groups.

    Caption
    0Figure
    1Security Groups Tab

    Image Modified


  3. Click Create Security Group. The Create Security Group page displays.

  4. Enter a Security group name for the MGT0 security group and Description.

  5. Select an appropriate VPC from the list.

  6. Click Add Rule to create security group rules as suggested above. 

    Info
    titleNote

     By default, the Inbound rules tab displays on the screen.


    Caption
    0Figure
    1Creating a Security Group for MGT

    Image Modified


  7. Click Create.

  8. Repeat steps 3 through 7 to create the new security group for HA, PKT0, and PKT1 subnets.

  9. If deploying with a High-availability Forwarding Engine option, repeat steps 3 through 7 to create a new security group for the HFE public and private-facing subnets.
 


 For more information, refer to Security Groups for Your VPC

Pagebreak