The
platforms (SBC 5000 series, SBC 7000, SBC SWe) listen to the TCP/IP network ports listed in the following tables. Some of these ports will not be open if the corresponding product features are not configured.
| Noteinfo |
|---|
|
The actual ports that the listens to depends on the actual system configuration. |
| Warning |
|---|
|
Due to an IPMI vulnerability, Sonus Ribbon recommends not connecting the BMC Ethernet port to an external network unless the network is deemed well-protected.
[Reference: NIST National Vulnerability Database website] |
...
| Multiexcerpt |
|---|
|
SBC 5000/7000 Series BMC Ports| Caption |
|---|
| 0 | Table |
|---|
| 1 | SBC 5000/7000 Series BMC Ports |
|---|
|
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|
| TCP | 22 | SSH | SSHD | BMC CLI via SSH | BMC CLI over SSHv2. | | TCP | 80 |
| | TLS 1.2 | lighttpd | BMC GUI redirection to port 443 | HTTP server redirects browser to port 443 for HTTPS. No actual BMC access on port 80. | | TCP | 443 |
| | | cdserver opp | BMC Remote Console: CD |
| not used | BMC Remote Console: Keyboard and Mouse |
| not used | BMC Remote Console: Diskette |
| | not used | BMC Remote Console: Encryption |
| | not used | BMC Remote Console: Authentication |
| not used | BMC Remote Console: Servicetag Daemon |
| | | TCP |
| BMC Remote Console: Video |
| | |
|
| BMC Remote Console: Serial |
|
|
| Multiexcerpt |
|---|
|
SBC Core Management Ports| Caption |
|---|
| 0 | Table |
|---|
| 1 | SBC Core Management Ports |
|---|
|
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|
| TCP |
| SSHD | SBC application CLI via SSH | Application CLI over SSHv2. | 80 |
| | TLS 1.2 | apache2 | Embedded Management Application (EMA) GUI redirection to port 443 | HTTP server redirects browser to port 443 for HTTPS. No actual EMA access on port 80. | 443 |
| | | apache2 | EMA GUI, Platform Mode via https |
| |
| Netconf OAM interface | Netconf over SSHv2. Used by |
Sonus Ribbon EMS to manage the SBC. | 2024 |
|
| Linux SFTP access via SSH |
| | SSREQ | SSReq troubleshooting tool | Default TCP port | 4680 |
| |
|
| SecureLink client GUI via http | The SecureLink client is a RASO feature that creates and maintains an SSH connection to the SecureLink server at |
SonusHQRibbonHQ, to support remote troubleshooting. This port presents a GUI interface to manage the SL client. NOTE: SecureLink runs on a separate VM instance for SBC SWe; hence this port is not applicable for SBC SWe.
|
UDP
Port 4680 is restricted to "localhost." This ensures that Gatekeeper (the SecureLink GUI) cannot be accessed remotely using the management port of the SBC. | | UDP
| 123 |
| NTPD | Network Timing Protocol Daemon (NTPD) |
| SNMP daemon | SNMP agent | Statistics and status retrieval. Read only. | | 3054 |
| DS | PSX call processing requests | This port is used for call processing requests coming from the PSX to the SBC over Diameter+. This can also be configured through PKT ports. | | 3055 |
| DS | Keep alive messages and registration (Diameter). | This can also be configured through PKT ports. | 3069 |
| SCPA | ERE | ERE SIP SCPA process. | | 3090 |
| SSREQ | SSReq troubleshooting tool | Default UDP port | 65xxx |
| |
|
| PSX | Dynamically allocated server port number. Part of SBC communication with external PSX. |
|
| Caption |
|---|
| 0 | Table |
|---|
| 1 | SBC Core Media Physical Ports at Interface IP Addresses |
|---|
|
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|
| UDP | 500 |
| IKE | IKE | IKEv1 or IKEv2 Internet Key Exchange for IPSec | 1024-65534 |
| | | RTP, RTCP,SRTP,SRTCP |
| RTP, RTCP, SRTP, SRTCP | Real time media | | ESP | N/A |
|
|
| IPSec ESP | Encapsulating Security Payload |
|
| Caption |
|---|
| 0 | Table |
|---|
| 1 | SBC Core Media Physical Ports at Signaling Port IP Addresses |
|---|
|
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|
| TCP | 2569 |
Sonus Ribbon proprietary gateway-to-gateway signaling. Listen port is configurable; 2569 is the default |
.NOTE: This port is not applicable for SBC SWe as GW-GW signaling is not supported for SWe | SIPE | SIP signaling over TCP | Listen port is configurable; 5060 is the default. | 5061 |
| SIPE | SIP signaling over TLS over TCP | Listen port is configurable; 5061 is the default. | | UDP | 5060 |
| SIPE | SIP signaling over UDP | Listen port is configurable; 5060 is the default. | | SCTP | 5060 |
| SIPE | SIP signaling over SCTP | Listen port is configurable; 5060 is the default. | | ESP | N/A |
| |
|
| IPsec ESP | Encapsulating Security Payload. Terminates on signaling address when IPSec is used in IMS access and peering modes (in peering mode, the protected address may be different). |
|
|
| Info |
|---|
|
note |
If a zone's sipSigPort is configured for transportProtocolsAllowed = sip-tls-tcp, and either Egress IPSP Transport Type is TLS Over TCP and/or the Egress TG’s transportPreference is tls-tcp, the SBC increments the configured portNumber by 1 and uses it as the new port number for SIP over TLS signaling. The SBC then opens a TCP socket for SIP over TLS for the new TCP port number. Example: When sipSigPort is configured with a portNumber of 5060 and transportProtocolsAllowed = sip-tls-tcp, the SBC listens on TCP port 5061 for SIP over TLS. |
...