In this section:

The SBC Core  platforms (SBC 5000 series, SBC 7000, SBC SWe) listen to the TCP/IP network ports listed in the following tables. Some of these ports will not be open if the corresponding product features are not configured.

Note

The actual ports that the SBC listens to depends on the actual system configuration.

Warning

Due to an IPMI vulnerability, Ribbon recommends not connecting the BMC Ethernet port to an external network unless the network is deemed well-protected.

[Reference: NIST National Vulnerability Database website]

SBC 5000/7000 Series BMC Ports

SBC 5000/7000 Series BMC Ports

Protocol

Network Port

Application Level ProtocolProcess Using the Ports

Usage

Notes
TCP22SSHSSHDBMC CLI via SSHBMC CLI over SSHv2.
TCP80TLS 1.2lighttpdBMC GUI redirection to port 443

HTTP server redirects browser to port 443 for HTTPS. No actual BMC access on port 80.

TCP443TLS 1.2lighttpdBMC GUI via HTTPS
TCP

5120

TCPcdserver opp

BMC Remote Console: CD


TCP

5121

 not used

not used

BMC Remote Console: Keyboard and Mouse


TCP

5123

not usednot used

BMC Remote Console: Diskette


TCP

5555

not usednot used

BMC Remote Console: Encryption


TCP

5556

not usednot used

BMC Remote Console: Authentication


TCP

6481

not usednot used

BMC Remote Console: Servicetag Daemon


TCP

7578

TCP

BMC Remote Console: Video


TCP7579

BMC Remote Console: Serial
TCPRandom portTCPIPMI

SBC Core Management Ports

SBC Core Management Ports

Protocol

Network Port

Application Level ProtocolProcess Using the Ports

Usage

Notes

TCP












22

SSHSSHD

SBC application CLI via SSH 

Application CLI over SSHv2.

80

TLS 1.2apache2

Embedded Management Application (EMA) GUI redirection to port 443

HTTP server redirects browser to port 443 for HTTPS. No actual EMA access on port 80. 

443

 TLS 1.2apache2

EMA GUI via https


444

connexip managerapache2

EMA GUI, Platform Mode via https


2022

confd

Netconf OAM interface 

Netconf over SSHv2. Used by Ribbon EMS to manage the SBC.

2024

sftp

Linux SFTP access via SSH 


3091ssreq-tcpSSREQSSReq troubleshooting toolDefault TCP port

4680



SecureLink client GUI via http 

The SecureLink client is a RASO feature that creates and maintains an SSH connection to the SecureLink server at RibbonHQ, to support remote troubleshooting. This port presents a GUI interface to manage the SL client.

NOTE: SecureLink runs on a separate VM instance for SBC SWe; hence this port is not applicable for SBC SWe.

Port 4680 is restricted to "localhost." This ensures that Gatekeeper (the SecureLink GUI) cannot be accessed remotely using the management port of the SBC. 

UDP



123NTPNTPDNetwork Timing Protocol Daemon (NTPD)

161   

SNMPSNMP daemon

SNMP agent 

Statistics and status retrieval. Read only.

3054DIAMETER+DSPSX call processing requestsThis port is used for call processing requests coming from the PSX to the SBC over Diameter+. This can also be configured through PKT ports.
3055DIAMETER+DSKeep alive messages and registration (Diameter).This can also be configured through PKT ports.

3069  

DMARSHSCPA

ERE   

ERE SIP SCPA process.

3090ssreq-udpSSREQSSReq troubleshooting toolDefault UDP port

65xxx  



PSX    

Dynamically allocated server port number. Part of SBC communication with external PSX.


SBC Core Media Physical Ports at Interface IP Addresses

SBC Core Media Physical Ports at Interface IP Addresses

Protocol

Network Port

Application Level ProtocolProcess Using the Ports

Usage

Notes

UDP

500

IKEIKE

IKE

IKEv1 or IKEv2 Internet Key Exchange for IPSec

1024-65534

RTP, RTCP,SRTP,SRTCP

RTP, RTCP, SRTP, SRTCP

Real time media

ESP

N/A



IPSec ESP

Encapsulating Security Payload


SBC Core Media Physical Ports at Signaling Port IP Addresses

SBC Core Media Physical Ports at Signaling Port IP Addresses

Protocol

Network Port

Application Level ProtocolProcess Using the Ports

Usage

Notes

TCP

2569

MSCSAM

GW – GW signaling

Ribbon proprietary gateway-to-gateway signaling. Listen port is configurable; 2569 is the default.

5060

SIPSIPE

SIP signaling over TCP

Listen port is configurable; 5060 is the default.

5061

SIPSIPE

SIP signaling over TLS over TCP

Listen port is configurable; 5061 is the default.

UDP

5060

SIPSIPE

SIP signaling over UDP

Listen port is configurable; 5060 is the default.

SCTP

5060

SIPSIPE

SIP signaling over SCTP

Listen port is configurable; 5060 is the default.

ESP

N/A



IPsec ESP

Encapsulating Security Payload. Terminates on signaling address when IPSec is used in IMS access and peering modes (in peering mode, the protected address may be different).

Note

If a zone's sipSigPort is configured for transportProtocolsAllowed = sip-tls-tcp, and either Egress IPSP Transport Type is TLS Over TCP and/or the Egress TG’s transportPreference is tls-tcp, the SBC increments the configured portNumber by 1 and uses it as the new port number for SIP over TLS signaling. The SBC then opens a TCP socket for SIP over TLS for the new TCP port number.

Example: When sipSigPort is configured with a portNumber of 5060 and transportProtocolsAllowed = sip-tls-tcp, the SBC listens on TCP port 5061 for SIP over TLS.

  • No labels