The
Unable to show "metadata-from": No such page "_space_variables"
platforms (SBC 5000 series, SBC 7000, SBC SWe) listen to the TCP/IP network ports listed in the following tables. Some of these ports will not be open if the corresponding product features are not configured.Due to an IPMI vulnerability, Sonus recommends not connecting the BMC Ethernet port to an external network unless the network is deemed well-protected.
[Reference: NIST National Vulnerability Database website]
SBC 5000/7000 Series BMC Ports
SBC 5000/7000 Series BMC Ports
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|---|---|---|---|---|
| TCP | 22 | SSH | SSHD | BMC CLI via SSH | BMC CLI over SSHv2. |
| TCP | 80 | BMC GUI redirection to port 443 | HTTP server redirects browser to port 443 for HTTPS. No actual BMC access on port 80. | ||
| TCP | 443 | BMC GUI via HTTPS | |||
| TCP | 5120 | BMC Remote Console: CD | |||
| TCP | 5121 | BMC Remote Console: Keyboard and Mouse | |||
| TCP | 5123 | BMC Remote Console: Diskette | |||
| TCP | 5555 | BMC Remote Console: Encryption | |||
| TCP | 5556 | BMC Remote Console: Authentication | |||
| TCP | 6481 | BMC Remote Console: Servicetag Daemon | |||
| TCP | 7578 | BMC Remote Console: Video | |||
| TCP | 7579 | BMC Remote Console: Serial |
SBC Core Management Ports
SBC Core Management Ports
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|---|---|---|---|---|
| TCP
| 22 | SBC application CLI via SSH | Application CLI over SSHv2. | ||
80 | Embedded Management Application (EMA) GUI redirection to port 443 | HTTP server redirects browser to port 443 for HTTPS. No actual EMA access on port 80. | |||
443 | EMA GUI via https | ||||
444 | EMA GUI, Platform Mode via https | ||||
2022 | Netconf OAM interface | Netconf over SSHv2. Used by Sonus EMS to manage the SBC. | |||
2024 | Linux SFTP access via SSH | ||||
| 3091 | SSReq troubleshooting tool | Default TCP port | |||
4680 | SecureLink client GUI via http | The SecureLink client is a RASO feature that creates and maintains an SSH connection to the SecureLink server at SonusHQ, to support remote troubleshooting. This port presents a GUI interface to manage the SL client. NOTE: SecureLink runs on a separate VM instance for SBC SWe; hence this port is not applicable for SBC SWe. | |||
| UDP
| 123 | Network Timing Protocol Daemon (NTPD) | |||
161 | SNMP agent | Statistics and status retrieval. Read only. | |||
| 3054 | PSX call processing requests | This port is used for call processing requests coming from the PSX to the SBC over Diameter+. This can also be configured through PKT ports. | |||
| 3055 | Keep alive messages and registration (Diameter). | This can also be configured through PKT ports. | |||
3069 | ERE | ERE SIP SCPA process. | |||
| 3090 | SSReq troubleshooting tool | Default UDP port | |||
65xxx | PSX | Dynamically allocated server port number. Part of SBC communication with external PSX. |
SBC Core Media Physical Ports at Interface IP Addresses
SBC Core Media Physical Ports at Interface IP Addresses
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|---|---|---|---|---|
| UDP | 500 | IKE | IKEv1 or IKEv2 Internet Key Exchange for IPSec | ||
1024-65534 | RTP, RTCP, SRTP, SRTCP | Real time media | |||
| ESP | N/A | IPSec ESP | Encapsulating Security Payload |
SBC Core Media Physical Ports at Signaling Port IP Addresses
SBC Core Media Physical Ports at Signaling Port IP Addresses
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|---|---|---|---|---|
| TCP | 2569 | GW – GW signaling | Sonus proprietary gateway-to-gateway signaling. Listen port is configurable; 2569 is the default. NOTE: This port is not applicable for SBC SWe as GW-GW signaling is not supported for SWe. | ||
5060 | SIP signaling over TCP | Listen port is configurable; 5060 is the default. | |||
5061 | SIP signaling over TLS over TCP | Listen port is configurable; 5061 is the default. | |||
| UDP | 5060 | SIP signaling over UDP | Listen port is configurable; 5060 is the default. | ||
| SCTP | 5060 | SIP signaling over SCTP | Listen port is configurable; 5060 is the default. | ||
| ESP | N/A | IPsec ESP | Encapsulating Security Payload. Terminates on signaling address when IPSec is used in IMS access and peering modes (in peering mode, the protected address may be different). |
If a zone's sipSigPort is configured for transportProtocolsAllowed = sip-tls-tcp, the SBC increments the configured portNumber by 1 and uses it as the new port number for SIP over TLS signaling. The SBC then opens a TCP socket for SIP over TLS for the new TCP port number.
Example: When sipSigPort is configured with a portNumber of 5060 and transportProtocolsAllowed = sip-tls-tcp, the SBC listens on TCP port 5061 for SIP over TLS.
Overview
Content Tools