Create security group rules for the four subnets, by referring the corresponding tables in this section:
- MGT0
- HA
- PKT0
- PKT1
Customize security groups based on your network security requirement.
Note
If you are installing SBC SWe for the first time, you must create a security group to allow https access.
Inbound Security Group Rules
Sonus recommends opening up the following ports for Inbound/Ingress rules in the security groups associated with management, HA and packet interfaces.
Management Security Group
Configuring Security Group for Management Subnet
| Type | Protocol | Port Range | Source | Notes/Purpose |
|---|---|---|---|---|
| SSH | TCP | 22 | 0.0.0.0/0 | SSH to CLI |
| Custom UDP rule | UDP | 123 | 0.0.0.0/0 | NTP |
| Custom UDP rule | UDP | 161 | 0.0.0.0/0 | SNMP Polling |
| Custom TCP rule | TCP | 2022 | 0.0.0.0/0 | NetConf over ssh |
| Custom TCP rule | TCP | 2024 | 0.0.0.0/0 | SSH to Linux |
| HTTP | TCP | 80 | 0.0.0.0/0 | EMA |
| Custom TCP rule | TCP | 444 | 0.0.0.0/0 | Platform Manager |
| HTTPS | TCP | 443 | 0.0.0.0/0 | REST to ConfD DB |
| Custom UDP rule | UDP | 3057 | 0.0.0.0/0 | Used for load balancing service |
| Custom UDP rule | UDP | 3054 | 0.0.0.0/0 | Call processing requests |
| Custom UDP rule | UDP | 3055 | 0.0.0.0/0 | Keep Alives and Registration |
| Custom TCP rule | TCP | 4019 | 0.0.0.0/0 | Applicable to D-SBC only |
| Custom UDP rule | UDP | 5093 | 0.0.0.0/0 | SLS (license server) traffic |
HA Security Group
Configuring Security Group for HA Subnet
| Type | Protocol | Port Range | Source | Notes/Purpose |
|---|---|---|---|---|
| All Traffic | All | All | x.x.x.x/y | x.x.x.x/y is the HA subnet CIDR. |
Packet Security Group
Configuring Security Group for Packet Ports PKT0 and PKT1
| Type | Protocol | Port Range | Source |
|---|---|---|---|
| Custom UDP rule | UDP | 5060 | x.x.x.x/y |
| Custom TCP rule | TCP | 5061 | x.x.x.x/y |
| Custom UDP rule | UDP | 1024-65535 | 0.0.0.0/0 |
Outbound Security Group Rules
Sonus recommends opening up all the ports for outbound/Egress rules in the security groups associated with management, HA and packet interfaces.
Outbound Security Group Rules
| Type | Protocol | Port Range | Destination |
|---|---|---|---|
| All Traffic | All | All | 0.0.0.0/0 |
Caution
If specific ports are opened in outbound security group rules, the remaining ports are blocked.
Note
Refer Management Security Group, HA Security Group, and Packet Security Group tables for the minimum required security group rules for SBC to function.
Management Security Group
Configuring Security Group for Management Subnet
| Type | Protocol | Port Range | Destination | Notes/Purpose |
|---|---|---|---|---|
| Custom UDP rule | UDP | 123 | 0.0.0.0/0 | NTP |
| Custom UDP rule | UDP | 161 | 0.0.0.0/0 | SNMP polling |
| Custom UDP rule | UDP | 162 | 0.0.0.0/0 | SNMP traps |
| Custom UDP rule | UDP | 3057 | 0.0.0.0/0 | Used for load balancing service |
| Custom UDP rule | UDP | 3054 | 0.0.0.0/0 | Call processing requests |
| Custom UDP rule | UDP | 3055 | 0.0.0.0/0 | Keep Alives and Registration |
| Custom UDP rule | UDP | 5093 | 0.0.0.0/0 | SLS (license server) traffic |
| Custom TCP rule | TCP | 443 | 0.0.0.0/0 | Communicating with EMS and AWS EC2-API server. |
HA Security Group
Configuring Security Group for HA Subnet
| Type | Protocol | Port Range | Destination | Note/Purpose |
|---|---|---|---|---|
| All Traffic | All | All | x.x.x.x/y | x.x.x.x/y is the HA subnet CIDR. |
Packet Security Group
Configuring Security Group for Packet Ports PKT0 and PKT1
| Type | Protocol | Port Range | Destination | Note/Purpose |
|---|---|---|---|---|
| Custom UDP rule | UDP | 5060 | x.x.x.x/y | Destination IP address to be filled based on call configuration |
| Custom TCP rule | TCP | 5061 | x.x.x.x/y | Destination IP address to be filled based on call configuration |
| Custom UDP rule | UDP | 1024-65535 | 0.0.0.0/0 |
Note
Considering that SIP signaling port for SBC configuration is set to the default port (5060), the port numbers for UDP/TCP are set to 5060 and 5061.
Create Security Group
To create a security group:
- Navigate to EC2 Management Console.
From the left pane, click Security Groups.
Security Groups Tab
Click Create Security Group. The Create Security Group page displays.
Enter Security group name and Description.
Select an appropriate VPC from the list.
Click Add Rule to create security group rules.
NoteBy default, inbound rules are displayed in the screen.
Creating Security Group for MGT
- Click Create.
Repeat step 3 through 7 to create new security group for HA, PKT0, and PKT1 network interfaces.
Overview
Content Tools