8/10/2019 OXE Ip Ports
1/38
1/38 Sheet:Introduction
Introduction
This document describes the IP flows involved in the OmniPCX Enterprise (OXE) solution for medium and large enterprises. Its aims is to allow a network
administrator to precisely configure its firewall devices to open the minimal amount of ports required to have a working OXE installation in its specific
deployment.
Every ingress and egress IP flows of each device of the OXE solution is described in a separate table. For each flow, source and destination ports are
mentioned along with the category of the flow: whether it is for user (voice) transport, signalling, management or support. This enables network
administrators to for example block at their firewalls all IP flows related to the activity of support, enabling them through on demand of a technician only.
Document organization
A first group of tab explains the notions and notations introduced later in the document. Those tabs are: Glossary, Headres, Services, Planes, Port Ranges.
The second group of tabs list the actual ingress and egress IP flows for the various network elements comprising the OXE solution. The elements are
grouped together into a reduced number of tabs: CS for the Call Server, MG for all types of media gateways, UA phones for all kinds of UA phone whether
hard phones (IP Phone and IP touch) or soft, OTUC, OTCC.
This document has been updated for OXE R7.1
Differences with the previous edition are marked in column 1
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
2/38
2/38 Sheet:Glossary
Glossary
Term Meaning Function usually assumed by
4760 OmniVista console for the configuration, maintenance, accounting, and handling of
alarms of one or more OXE systems. OmniVista consists of 4760 clients connecting to
a 4760 server. The 4760 server in turn controls the OXE CS.
4059 Operator station on Windows PC
4635 Voice mail on A4400 hardware4645 Voice mail on Alize hardware
4760i E-config: light version of OmniVista Application
AAS Alcatel Audio Station: a Windows application to record voice guides for the automated
attendant or voice mail system later transfered to the PBX.
Some WindowsPC
ACAPI Alcatel Configuration API: an API offered on Windows systems to enable applications
to remotely configure the OXE.
ACD Advanced Call Distribution
AHL Alcatel Hospitality Link to interface OXE with applications specifics to theHotel/Hospital business.
ATAPI Alcatel Telephony API
Audiocode Analog fax interface over IP, using the H.323 protocol suite.
BASE_PORT Configurable value giving the lower bound of the range of port used on the LAN to
carry voice conversations. The range width is 256 ports.
BP = 32000 for OXE = R5.1
CCD Contact Center Distribution: calls distribution to agents or other resources
CMIP Common Management Information Protocol
CMIS Common Management Information System
CS Communication Server CSTA Computer Supported Telephony Applications
DHCP server Assigns IP addresses on a subnet + gives other subnet configuration information and
TFTP server address
The Call Server
GA MediaGateway applicative
GD MediaGateway driver
HSL High Speed Link used between a GD and additionnal Aliz chassis.
INTIP-A INTerconnecting on IP network: Internode or H323 gateway and IP devices
INTIP-B INTerconnecting on IP network :only IP devicesIP link Alcatel proprietary protocol used to control a Media Gateway. Also called UA when
targeting a phone set (IP phone or IP touch).
Only terms and acronyms used in a way different than standard or specific to the OXE solution are listed here.
Some terms actually represent functions found on one or the other element of the OXE solution. In that case the third column specifies where thisfunction is located.
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
3/38
3/38 Sheet:Glossary
Term Meaning Function usually assumed by
IP phone V1 (4098RE), V1S (4098FRE), V2 (embedded box) models
IP touch Also called NOE phone. IP phone sets have references: 4018, 4028, 4038, 4068
IPP Abreviation for IP phone
LDAP server Any LDAP server containing Phonebook information.LIOE Link Optimizer board Ethernet: Inter-nodal and H.323 gateway
MAO OXE central configuration database.
MG Media Gateway. GD, GA, INT_IP A or B.
MIB browser SNMP manager collecting information from the various network elements using the
SNMP protocol to browse the elements' internal databases (MIBs).
Customer's network supervision
application (e.g. HP OpenView, IBM's
Tivoli)
MIPT Mobile IP Telephony handset
MOXA box V24 port extension device
MSM Server Security Module used to encrypt/decrypt the voice and fax flows. This moduleis used in front of the Call Server (potentialy with embedded 4645).
NMD Network Management Department (for example they produce the 4760).
NOE Abreviation for IP touch & NOE IP.
NOE IP Also called IPTouch: 4018, 4028, 4038, 4068 models
NTP server NTP is a standard (IETF) peer to peer protocol used to maintain a consistent view of
time amongst a set of cooperating systems.
The Call Server
OAW OmniAccess Wireless LAN switch
OTS Open Telephony Server: a server enabling feature-rich communication-orientedapplications to be developped around the OXE solution.
A Windows PC
OTUC OmniTouch Unified Communication.
PC admin The workstations used by the various system administrators to configure, collect
statistics or billling information.
An administrator PC or workstation
PC support The PC used by the Business Partner technician or a system administrator to pursue
an investigation in the various systems constituting the installation.
A Windows PC
PRS Presentation Server. Runs 3d party applications displaying on the various NOE phone
sets.
RADIUS Remote Authentication Dial-In User Service An authentication server provided by
the customer.
rGD Remote GDover an HSL link (not over IP)
STAP Simple Telephony Application Protocol
SSM Server Security Module used to encrypt/decrypt the voice and fax flows. This module
is used in front of the Call Server (potentialy with embedded 4645).
SVP Spectralink Voice Protocol SVP server
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
4/38
4/38 Sheet:Glossary
Term Meaning Function usually assumed by
Syslog A Linux framework enabling application to add entries to an event journal with
indication of the emitting facility indication, severity level, system name, date and time,
and free format text. The framework offers a rich dispatch mechanism, even allowing
records to be offloaded to a remote system.
The Call Server
TFTP server Download boot image voice guides, phone configuration information, binaries
download (VoIP boards/setc), etc
The Call Server
Trap supervisor System receiving the various events sent by all the network elements connected to the
customer's network.
Customer's network supervision
application (e.g. HP OpenView, IBM's
Tivoli)
Trusted router Customer's router from which IP routing information (through RIP protocol) is
received.
TSCLIOE Only the IP devices are considered here.
UA Universal Alcatel: proprietary signaling protocol. Also called IPlink when targeting amedia-gateway.
UA phone set Any of the hardware or software phone set that supports the UA signaling protocol. IP phone, IP touch, Softphone
UPS Uninterruptible Poser Supply
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
5/38
5/38 Sheet:Headers
Column headers
The meaning of the various column headers used in the product tabs (CS, 4645, UA phones, ...) is given here.
Header name Meaning Example For more
information see
tab
Purpose Function fulfilled by this flow. File transfert for what purpose. Services
Plane Function group to which belongs this flow. User plane, control plane. Planes
Protocol Layer 7 protocol carried by this flow. Telnet, HTTP. Services
Initiator System emitting the first packet. This is important forconnection tracking security functions like firewall or
NAT.
CS, OTUC server
Source port Port number or range or port from which this first
packet is emitted, if applicable.
Note that some protocols (e.g. TFTP) switch after
connection to a different port, this is specified in the
corresponding RFP.
427/tcp, Dyn_Voice/udp Port ranges
Responder The system toward which the packets are sent. NOE, GD
Service port The specific port on the Responding system listening
to the incoming connection requests.
For some specific protocols not used in the LEV
solution this can be a range of port (e.g. Sun RPC).
23/tcp, 12345/udp
Condition of activation Certain conditions are sometime required for this flow
to appear on a LAN.
Licence XX purchased, presence of server YY
Admission control Access to some services are subject to possession of
the proper credential.
IP address, certificate
OXE versionOTUC version
Some flow have disappeared (< or or >=) since the given version.
=R6.2
Parent process(on CS) Information useful for R&D
Process image(on CS) Information useful for R&D
Authentication Tells whether some form of authentication is
performed on the requesting end-user and if this
authentication is carried over the wire to the server
(responder).
login/password, cookie
Not all headers are present in every tab.
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
6/38
6/38 Sheet:Headers
Header name Meaning Example For more
information see
tab
Confidentiality Tells whether confidentiality of the information
crossing the network is preserved.
Partial or total encryption, challenge/response
Integrity Tells whether integrity of the information sent over the
wire is controlled against accidental or malicious
tampering.
CRC32, MD5, SHA1
Notes Additional information deemed relevant.
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
7/38
7/38 Sheet:Services
Services
Important:
Name Port Standard Condition of
version?
Description
ICMP N/A RFC 777 Only ping function is used by the voice applications: IPMP echo request and ICMP
echo reply. The IP stack may use other ICMP services as well (example: path MTU
discovery).
FTP data 20/tcp RFC 959 Only data is sent or received through this port. In FTP active mode the FTP server
opens the data connection towards the FTP client using this as the source port. In
passive mode the FTP client opens the FTP data connection towards the FTPserver usin this ort as the service ort.
FTP control 21/tcp RFC 959 FTP standard service port. Used by client to establish the control connection.
SSH 22/tcp pending RFC
(WG=secsh)
Provides a robust, proven and extensible solution for secure connections
telnet 23/tcp RFC 854 Used for remote connection for maintenance purpose and for management tool
(4760)
SMTP 25/tcp RFC 2821 Alarms towards 4760 (no listening on)
Domain Name Server (DNS) 53/udp RFC 1034 Only used by SIP devices in case of spatial redundancy
Bootps/DHCP Client 67/udp RFC 2131 Dynamic IP address management request to PC installer for CPU installation (no
listening on)
Bootpc/DHCP Server 68/udp RFC 2131 DHCP server for IP-Phones, GD, GA, INT-IP B boards, PCs,.
TFTP 69/udp RFC 1350 TFTP server used for binaries downloading for IP-Phones, GD, GA, INT-IP B
boards; for voice guides downloading to GD, GA boards
HTTP 80/tcp RFC 1945,
2068, 2616
Browser for 4760i
NTP 123/udp RFC 1305 Synchronization of Ccview clients (ACD V2) and Call Server
IMAP 143/tcp RFC 3501 Internet Message Access Protocol
SNMP trap 162/udp RFC 1157 Call Server incidents (SNMP traps) notification to a Network Management Platform
LDAP 389/tcp RFC 2251 LDAP client access in case of phonebook overflow
HTTPS 443/tcp RFC 2818 Secured Web Server by SSL protocol
shell 514/tcp RFC 1282 Remote Shell for command execution
syslog 514/udp RFC 3164 >=R6.2
RIP 520/udp RFC 2453 Routing Information Protocol
moxatty 1028/udp prop. NAOS Nport product from MOXA company to have multiple V24 accesses
The list below includes all IP services known to be used by Alcatel past and future products.
In no way this list implies that those ports shall be opened for the CSBU solution to deliver its expected service.
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
8/38
8/38 Sheet:Services
Name Port Standard Condition of
version?
Description
H.323 Gateway discovery 1718/udp ITU-T H.323
H.323 Gateway stats and RAS 1719/udp ITU-T H.323
H.323 RAS signalling 1720/udp ITU-T H.323H.323 H.225 signalling 1720/tcp ITU-T H.323
RADIUS 1812/udp RFC 2865 >=R7.0
H.323 H.245 signalling (Alcatel) 1961/tcp prop. ALA H.323 Internal Gatekeeper. Closed by default after F1.602.3m
H.323 Registration Authentication
and Signalling (RAS)
9090/tcp ITU-T H.323 H.323 Internal Gatekeeper
BTlink 2048/udp prop. ALA Receive incidents from IPT Security box (SSM)
BTlink 10000/udp
dynamic port
prop. ALA Sending of start_srtp to IPT Security box (SSM)
netaccess 2533/tcp prop. ALA Network access for Alcatel configuration applications based on ACAPI v1.x (CMISD,
ABC-A and TSE applications) and sending of Accounting tickets over IP
pad (packet
assembly/disassembly)
2534/tcp ITU-T X.29 PAD X.25
cmisd 2535/tcp ITU-T CMIP? Cmis server for Call Server configuration
saverest 2536/tcp prop. ALA Used by network management application 4740 for save/restore operations
(obsolete).acd 2538/tcp prop. ALA ACDV2 applications (CCM, CCS, ASM). This port gives access to many different
services at the same time: Advanced Call Distribution protocol, telnet protocol (for
support only).
builddistant 2539/tcp prop. ALA Audit/Broadcast between Call Servers
loaddistant 2540/tcp prop. ALA Audit/Broadcast between Call Servers
auditres1 2541/tcp prop. ALA Audit/Broadcast: reserved for future use
auditres2 2542/tcp prop. ALA Audit/Broadcast: reserved for future use
acdccs 2543/tcp prop. ALA ACD terminal server
acdpcag 2544/tcp prop. ALA ACD PC agentsuprout 2545/tcp prop. ALA Suproutage: supervision X25
alb 2546/tcp prop. ALA ACD Agent List Builder
rtest 2554/tcp prop. ALA Remote testing
rcsta 2555/tcp prop. ALA ASN-1 CSTA access server. This port gives access to many different services at the
same time: CSTA protocol, telnet protocol (for support only), HTTP protocol (for
configuration).
STAP, hybrid-vpn 2556/udp prop. ALA ABC-F signalling over IP for IP hybrid links
notif-gsm 2557/udp prop. ALA GSM notification server (obsolete)redundancy 2558/tcp prop. ALA Call Server duplication over Ethernet
H.323 Internal Gatekeeper
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
9/38
9/38 Sheet:Services
Name Port Standard Condition of
version?
Description
rsl 2559/udp prop. ALA RSL socket port
rlis 2560/tcp prop. ALA lis server for SOSM
ahltcp 2561/tcp prop. ALA AHL link over IP for Hotel/Hospital with external managementdhcdupli 2562/tcp prop. ALA DHCP duplication over Ethernet in case of Call Server duplication
dhcdupli_m 2563/udp prop. ALA DHCP duplication on main Call Server in case of Call Server duplication
dhcdupli_s 2564/udp prop. ALA DHCP duplication on standbye Call Server in case of Call Server duplication
servobs 2565/tcp prop. ALA Server for service observation
servobs_c 2566/tcp prop. ALA Client for service observation
dhcdupli_c 2567/udp prop. ALA DHCP dupli command
tftpd_dow 2568/udp ? Use has been related TFTP download (obsolete).
netadmin 2569/tcp prop. ALA Network configuration daemon. This port is used locally to the system the daemon is
running on. Not accessible from the LAN.prslink 2570/udp prop. ALA >=R6.0 DLink between Prs and CS
3305/udp
3305/tcp
3493/udp
3493/tcp
ATAPI 3595/tcp prop. ALA Alcatel Telephony API used by CTI applications to drive the Call Server for example
to dial outgoing phone calls.
4020/tcp4021/tcp
VIMAP 4033/tcp RFC 3501 Virtual domain IMAP
H.323 monitoring (Alcatel) 4560/udp prop. ALA
5060/udp
5060/tcp
securid 5500/udp prop. RSA Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
securidprop 5510/tcp prop. RSA Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.sdlog 5520/tcp prop. RSA Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
sdserv 5530/tcp prop. RSA Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
nmccs 5540/tcp prop. ALA NMD supervision (4760i)
SIP gateway (Alcatel) 6060/udp RFC 3261 SIP gateway service port when the SIP proxy is active on CS (SIP gateway is
available on port 5060 when SIP proxy is not active).
12300/udp =R5.1.1
nut >=R6.2 UPS monitoring for OXE versions since R6.2 (inclusive)prop. NUT
RFC 3261
?
Voice Profile for Internet Mail
incid2trap
UPS monitoring for OXE version before R6.2 (excluded)
Session Initiation Protocol proxy servier
nut
SIP proxy
prop. NUT
VPIM RFC 3804
8/10/2019 OXE Ip Ports
10/38
10/38 Sheet:Services
Name Port Standard Condition of
version?
Description
alzbootps 23400/udp
alzbootpc 23401/udp
32000-
32255/udp
Dyn_Voice/udp
=R5.1 Standard RTP protocol used to carry voice over IP. Ports from this range are used
by every new installations since R5.1.
The range width is not configurable. The range base port number is configurable
through MAO.
32128/udp =R5.1 Alcatel proprietary signalling protocol, used on this port by every new installation
since R5.1
UA lite 32641/udp prop. ALA >=R6.2 Only the START_RTP and START_FAX messages from the Alcatel proprietary
signalling protocol are sent in this protocol: i.e. no Dlink is maintained.
Non standard ports used by OmniPCX Office (OXO) to implement the DHCP service
RTP/RTCP
RFC 2131
UA
RFC 3550
prop. ALA
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
11/38
11/38 Sheet:Planes
Planes
The following 4 planes are identified in the OmniPCX for Enterprise solution:
Plane name Plane description
user This plane contains all the flows directly useful to the end user, other flows that may look like user
flaows whose content is like email exchanges or file transfert belong to the user plane only if
resulting directly from a user request.
Example of a flow belonging to this plane is: voice (RTP) flows for the OXE.
Example of a flow that do not belong to this plane but to the control plane is: email exchanges
between two voice mail systems to synchronize the states of the various user voice mailboxes.
control all IP flows used to enable transport of information in the user plane belong to this plane. This is
phone signalling, but also the FTP data transfer when used to synchronize for instance the
configuration between 2 cooperating systems.
Flows in this plane are mandatory to go through a firewall unless condition of activation proves
that they are not used in a given deployment.
management In this plane we find all flows used to manage the system, for example to configure, establish
statistics, perform user billing.
Flows between the Call Server and the 4760 server fall mostly into this plane.
support All IP flows occuring in this plane are not needed for the day to day operation of the system (all
the 3 planes above are mandatory). Flows in this plane appear on a network for example duringmaintenance operation (e.g. system software upgrade) or support operation (e.g. when
debugging voice quality problems).
IP flows can be grouped by the broad purpose they fullfil. One possible grouping is into groups called 'planes'. One
group -or plane- is used to identify flows carrying data directly useful to the user (e.g. voice), another group carries for
example information required to establish the flows seen by the user (e.g. signalling).
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
12/38
12/38 Sheet:Port ranges
Dynamic Port Ranges
Port range
usage
Port range
name
Network element Operating System
and
Release
Range lower
bound
Range upper
bound
Notes
OXE R5.OUx and
before
(Chorus-based
operating system)
1024
ou
40000
4999
ou
44999
Range depends on TFTP answering server: Chorus (1st range
or TEL (2nd range).
Not configurable.
OXE R5.0Lx, R5.1,
R5.1.x
(old Linux based
operating system)
10000 20000
OXE >= R6.0
(Linux based
operating system)
10000 10499 Dyn_IPP/udpDyn_NOE/udp
Dyn_Win/udp
Dyn_MG GDGA
Linux 1024 4999
Dyn_INT_IP INT_IP boards ? 32512 32767 Used by INT_IP boards to download their binaries using TFTP.
Note: the values listed here are not related to the actual value of
BASE_PORT.
Dyn_IPP IPphone ? 2048 65535
Dyn_NOE IPtouch VxWorks 1024 65535
Dyn_xSM SSM, MSM ? ? ? Used by the Security Modules used to encrypt/decrypt the
signaling, voice and fax flows in transit over the LAN.
Dyn_WLAN VoWLAN solution ? 1024 65535
Dyn_Win 4760 server and
clients,
Contact center
servers
Microsoft Windows 1024 4999 Configurable through creation in the registry of the key
MaxUserPort (REG_DWORD) with a minimum value of 0x1388
(default = 5000) under the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\Tcpip\Parameters
Dyn_Lnx Linux (OTUC
servers)
Linux RH 7.3 32768 60999 Configurable through /proc/sys/net/ipv4/ip_local_port_range
Dyn_? ? ? ? ? Nothing is known about that range besides its existence.
Dyn_H225_CLT GDINT_IP A
21000/tcp 21999/tcp H323 Outgoing call establishment signalisation H225 (Q931)
Whenever an client application opens a TCP connection to a server (or a pseudo connection over UDP) and doesn't explicitely binds it to a specific port number, the
Operating System dynamically allocates one TCP (or UDP) port within a certain range of numbers: this is the dynamic port range.
CS
See doc [3] for exact information. The range lower bound is
configurable above 3000. The range width is configurable not
smaller than 128. Any port value within the range shall be lower
than 32767.
On a system more than one dynamic port ranges may coexist. The ports within those ranges are used differently: the dynamic port range is used for the client side of TCP and
UDP connection, another port range may be defined to group together ports used by RTP connections, and a third one may be used for H.245 connections.
Client side of
TCP and UDP
connections
Dyn_CS
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
13/38
13/38 Sheet:Port ranges
Port range
usage
Port range
name
Network element Operating System
and
Release
Range lower
bound
Range upper
bound
Notes
Dyn_H245_CLT GD
INT_IP A
25000/tcp 25999/tcp H323 Media Channel establishment
signalization H245 (outgoing call)
Dyn_H245_SRV GDINT_IP A
31000/tcp 31059/tcp H323 Media Channel establishmentsignalization H245 (incoming call)
Dyn_H245_GA GA 7918/tcp 7953/tcp H323 GW: H323 signalling with H323
Gateways/Terminals or ABC-F links
OXE = R5.1 32512/udp 32767/udp This port range is only used over UDP/IP to transport voice
using RTP protocol (RFC 3550) and fax using the T.38 protocol.
Ports are grouped by 4 with a specific use for each port:
- port #0 is used for voice transport (RTP)- port #1 is used for RTCP
- port #2 is not used
- port #3 is used for Fax.
The range lower bound is called BASE_PORT in the
documentation. Its value can be configured through MAO on the
CS at once for all the related network elements (Media
Gateways, IP phones, ...).
The range width is constant and contains 256 ports.
Dyn_MS OTUC Media
Server
12000/udp 12079/udp This range consists of 40 groups of sets of 2 consecutive ports.
This conforms to the RFC 3550 for RTP: ports are 2 used this
way:
- port #0 is used for voice (RTP)
- port #1 is used for voice quality control (RTCP)
Dyn_Audiocode Audiocode 4000/udp 4072/udp System ports use a bundle of 10 UDP port allocated this way:
ch 0 : 4000 (RTP), 4001 (RTCP), 4002 (fax)ch 1 : 4010 (RTP), 4011 (RTCP), 4012 (fax)
...
ch i : 4000+(i*10), 4000+(i*10)+1, 4000+(i*10)+2
i
8/10/2019 OXE Ip Ports
14/38
14/38 Sheet:CS
OXE CS, 4760, eConfig, ACAPI 2.xClient Server
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of
Activation
Admission
control?
OXE
version?
Authenticati
on
Confident
iality
Notes
Router redirection command control ICMP router N/A CS N/A Configure in
netadmin since
R5.1
ICMP redirect
Software downloading (rload) support FTP CS Dyn_CS/tcp CS 21/tcp If CS notin
securized
mode.
TCP
wrappers
password for
mtcl
ActiveFTP mode
Remote command execution control SHELL CS Dyn_CS/tcp CS 514/tcp If CS notin
securized
mode.
TCP
wrappers
Remote command execution control SSH CS Dyn_CS/tcp CS 22/tcp If CS in
securized
mode.
TCP
wrappers
>=R6.0
Dynamic IP configuration control DHCP GD, GA
INT_IP B
IPP, NOE
VoWLAN
68/udp CS 67/udp Always on none DHCP reply sent in unicast (not RFC
compliant)
Firmware and configuration download control TFTP GD, GA
INT_IP A, B
IPP
NOE
Dyn_MG/udp
Dyn_INT_IP/udp
69/udp
Dyn_NOE/udp
CS 69/udp Always on TCP
wrappers
Web server control HTTP 4645 Dyn_?/tcp CS 80/tcp If CS notin
securized
mode.
none Redirected to HTTPS port if CS is
secured.
control HTTPS 4645 Dyn_?/tcp CS 443/tcp If CS in
securized
mode.
none >=R6.1 yes
Time Synchronisation with ACDv2
clients
control NTP CS
NTP server
CCD
123/udp CS
NTP server
CCD
123/udp Peer to peer relationship (non-
predictable transit direction of first
packet).
Network supervision console managem
ent
SNMP MIB browser 2048 Trap supervisor 161/udp Configure in
netadmin
community
string
GET only is implemented. No SET
action possible.
SNMP traps managem
ent
SNMP CS 1024 Trap supervisor 162/udp
managem
ent
? ? ?/udp CS 12300/udp >=R5.1.1
managem
ent
? ? ?/udp CS 13200/udp =R6.2
Routing Information Protocol control RIP CS
trusted router
Dyn_CS/udp
Dyn_?/udp
CS 520/udp none
RADIUS (Remote Authentication Dial-
In User Service)
managem
ent
RADIUS CS Dyn_CS/udp RADIUS server 1812/udp By
configuration
>=R7.0 no System login authorization submitted
to remote authentication server.
TEL incidents translated
into SNMP traps
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
15/38
15/38 Sheet:CS
Client Server
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of
Activation
Admission
control?
OXE
version?
Authenticati
on
Confident
iality
Notes
Network access serverfor
applications (CMIS, accounting tickets
on the fly)
managem
ent
AOML Remote application
(ABC-A,TSE,OTS)
Dyn_?/tcp CS 2533/tcp none Configuration applications based on
ACAPI V1.x and tax tickets send over
IP use this port.
PBX configuration control CMIP OTS Dyn_?/tcp CS 2535/tcp yes no
Remote test support Rtest Remote application Dyn_?/tcp CS 2554/tcp By
configuration
control Builddistant CCD Dyn_Win/tcp CS 2539/tcp in a network of PBXs
control Loaddistant CCD Dyn_Win/tcp CS 2540/tcp
Routing over Sporadic links control RSL another CS Dyn_CS/udp CS 2559/udp By
configuration
SOSM managem
ent
RLIS Remote application Dyn_?/tcp CS 2560/tcp By
configuration
Hotel IP Link control prop. ALA Remote application Dyn_?/tcp CS 2561/tcp AHL link over IP for Hotel/Hospital withexternal management
Remote observer managem
ent
prop. ALA Remote application 2566/tcp CS 2565/tcp
DECT observation support prop. ALA Remote application Dyn_?/udp CS 9743/udp
control NUT UPS device Dyn_?/tcp CS 3305/tcp =R6.2
Inter-node (inter CS) exchanges
Hybrid VPN control STAP
hybrid-vpn
CS
Softphone
Dyn_CS/udp
Dyn_?/udp
CS 2556/udp no no This service is also used by
softphones and 4760 web clients
Redundancy control prop. ALA CS Dyn_CS/tcp CS 2558/tcp Only when CS
is duplicated.
dhcdupli control prop. ALA CS Dyn_CS/udp CS 2562/udp Only when CS
is duplicated.
DHCP dupli master control prop. ALA CS Dyn_CS/udp CS 2563/udp Only when CS
is duplicated.
DHCP dupli slave control prop. ALA CS Dyn_CS/udp CS 2564/udp Only when CS
is duplicated.
DHCP dupli command control prop. ALA CS Dyn_CS/udp CS 2567/udp Only when CS
is duplicated.
Proprietary signaling from CScontrol UA CS BP+128/udp GD BP+130/udp survivability
mode only
A remote GD lost its signaling link to
CS and opened a PSTN connection to
its rescuing GD.
support ASCII CS Dyn_CS/udp GD BP+130/udp Activation in
MAO
Remote maintenance access through
PSTN
control UA CS, INT_IP A BP+128/udp GD
INT_IP B
BP+128/udp
control UA CS, INT_IP A BP+128/udp IPP, NOE BP/udp
Network Uninterruptible Power Supply
Audit of CS configuration
Signaling link
Remote dialin access (integrated
gateway modem)
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
16/38
16/38 Sheet:CS
Client Server
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of
Activation
Admission
control?
OXE
version?
Authenticati
on
Confident
iality
Notes
X.25
PAD X25 (packet
assembly/disassembly)
control X.29 CS Dyn_CS/tcp CS 2534/tcp If PBX belongs
to a X.25
network of
PBXs
X.25 route supervision control Suprout CCD Dyn_Win/tcp CS 2545/tcp Always on CS could be the client here. To be
confirmed.
H.323 Internal GatekeeperDiscovery control H225 RAS GD, GA
INT_IP A
H323 end_point
Dyn_MG/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_?/udp
CS 1718/udp none
Registration, Admission and status control H225 RAS GD, GA
INT_IP A
H323 end_point
Dyn_MG/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_?/udp
CS 1719/udp none
Call setup control H225 Q.931 GD, GA
INT_IP A
H323 end_point
Dyn_MG/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_?/udp
CS 1720/udp none
Registration, Admission and status control RAS GD, GA
INT_IP A
Dyn_MG/tcp
Dyn_MG/tcp
Dyn_MG/tcp
CS 9090/tcp none
SIPDomain Name Server control DNS SIP end-point Dyn_? CS 53/udp Configured in
MAO
none >=R6.1 Only used by SIP devices in case of
spatialredundancy
control SIP SIP end-point Dyn_?/tcp CS 5060 (*)/tcp External SIP service port. Used since
R7.0 by SIP proxy when active.
control SIP SIP end-point Dyn_?/udp CS 5060 (*)/udp External SIP service port
control SIP SIP proxy Dyn_?/tcp CS 6060 (*)/tcp When SIP
proxy is
activated
8/10/2019 OXE Ip Ports
17/38
17/38 Sheet:CS
Client Server
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of
Activation
Admission
control?
OXE
version?
Authenticati
on
Confident
iality
Notes
4645 (eVA)control SMTP OTUC server Dyn_?/tcp 4645 25/tcp eVA configured
control SMTP ? ?/tcp 4645 587/tcp eVA configured
IMAP server control IMAP OTUC server 4645
Dyn_?/tcp
Dyn_CS/tcp
4645 143/tcp eVA configured OTUC myMessaging
control IMAPS OTUC server Dyn_?/tcp 4645 993/tcp eVA configured
+ unknown
configuration
? idem
Retrieve voice messages in mail
account and commands for UC
control VIMAP OTUC server Dyn_?/tcp 4645 4033/tcp eVA configured
control HTTP OTUC server Dyn_?/tcp 4645 80/tcp If CS not in
securized mode
+ eVAconfigured
OTUC myMessaging
control HTTPS OTUC server Dyn_?/tcp 4645 443/tcp If CS in
securized
mode + eVA
configured
>=R6.1 yes OTUC myMessaging
control UA CS BP+128/udp 4645 BP+128/udp eVA configured When the 4645 function reside on a
separate CPU than the
Communication Server
control UA CS BP+128/udp 4645 BP+132/udp eVA configured When the 4645 function reside on the
same CPU as the Communication
Server
user RTP/RTCP 4645 Dyn_Voice/udp IPP, NOEGD, GA
INT_IP A+B
BP+2,3/udpDyn_Voice/udp
Dyn_Voice/udp
eVA configured Source and destination addresses arenever modified whether encrypted or
not.
This flow is always cleartext out of the
4645, possibly encrypted through SSM
(if 4645 is on CS or with CS) or MSM
(if protected by a separate security
module) and continues encrypted to
destination.
user RTP/RTCP IPP, NOE
GD, GA
INT_IP A+B
BP+2,3/udp
Dyn_Voice/udp
Dyn_Voice/udp
4645 Dyn_Voice/udp eVA configured Direction of first packet cannot be
predetermined: both directions shall
be enabled
VPIM control 4645 Dyn_?/tcp 4645 4020 (*)/tcp4021 (*)/tcp
eVA configured Between 4645 members of same
group of Voice mail systems.
Web server
Signalling (abca)
Voice channel
Mail Transfer
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
18/38
18/38 Sheet:CS
Client Server
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of
Activation
Admission
control?
OXE
version?
Authenticati
on
Confident
iality
Notes
Contact Center solutionsACDv2 for Contact Center
applications: CCM, CCS, ASM
control ACD CCD Dyn_Win/tcp CS 2538/tcp Always on Needed only with Contact Center
applications
ACDCCS (supervisor) control ACDCCS CCD Dyn_Win/tcp CS 2543/tcp Always on
ACD PC agent control ACDpcag CCD Dyn_Win/tcp CS 2544/tcp Always on
ACD Agent List Builder control Alb CCD Dyn_Win/tcp CS 2546/tcp
Remote CSTA control Rcsta CCD
OTS
Dyn_? CS 2555/tcp password
IP Touch Security box (SSM/MSM) for signaling and voice encryptionFirmware and configuration download control TFTP SSM, MSM Dyn_xSM/udp CS 69/udp Voice
encryption
TCP
wrappers
>=R6.2
Signaling link to SSM (Server voice
encryption box)
control BTlink CS Dyn_CS/tcp SSM 11000 (*)/tcp Voice
encryption
>=R6.2 Most of the time the dynamic port
allocated on CS has value 10000 (first
port in dynamic range).
Key exchange control ? CS 2048 (*)/udp SSM 2049 (*)/udp Voiceencryption
>=R6.2
Alarms sent from SSM and MSM to
CS
control ? SSM, MSM 2048 (*)/udp CS 2048 (*)/udp Voice
encryption
>=R6.2 First packet is MSM or SSM telling it is
up and running.
Start/stop Voice for SSM control UA lite CS Dyn_CS/udp SSM 2049 (*)/udp Voice
encryption
>=R6.2 Reception of START_SRTP messages
Start/stop Fax for SSM control UA lite CS Dyn_CS/udp SSM 2050 (*)/udp Voice
encryption
>=R6.2 Reception of START_FAX messages
Remote connection support TELNET CS Dyn_CS/tcp SSM 23/tcp Voice
encryption
Only from CS >=R6.2 SSM accepts a single console
connection with priority of V.24 over
telnet connection.
4740 Management ApplicationSave and Restore control Saverest PC admin Dyn_Win/tcp CS 2536/tcp 4740 only Was used with 4740 management
application. Not used otherwise.
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
19/38
19/38 Sheet:CS
Client Server
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of
Activation
Admission
control?
OXE
version?
Authenticati
on
Confident
iality
Notes
4760 Network Management serverTest of CS presence (ping) managem
ent
ICMP 4760 server N/A CS N/A 4760 = R3.1 presence test is
done differently by attempting a TCP
connect either on FTP port (21/tcp) or
SSH port (22/tcp) if CS is securized.
File transfert : MIB, accounting
information, past time performance,
QoS tickets, software.mao, software
downloading, backup
managem
ent
FTP 4760 server Dyn_Win/tcp CS 21/tcp If CS notin
securized
mode.
TCP
wrappers
login/pwd no passiveFTP mode
Remote connection management
TELNET 4760 server Dyn_Win/tcp CS 23/tcp If CS not insecurized
mode.
TCPwrappers
login/pwd no
Remote maintenance +
File transfert : MIB, accounting
information, past time performance,
QoS tickets, software.mao, software
downloading, backup
managem
ent
SSH 4760 server Dyn_Win/tcp CS 22/tcp If CS in
securized
mode.
TCP
wrappers
OXE>=6.0
4760>=4.0
password for
mtcl
yes
Alarm mails managem
ent
SMTP 4760 server Dyn_Win/tcp Mail server 25/tcp no
Web directory managem
ent
HTTP Web browser Dyn_?/tcp 4760 server 80 (*)/tcp no Access to the phone directory from
any Web browser on any PC ifotherwise allowed.
Network supervision console managem
ent
SNMP MIB browser Dyn_?/udp 4760 server 161/udp
SNMP traps managem
ent
SNMP 4760 server 162/udp Trap supervisor 162/udp no
LDAP server replication managem
ent
LDAP LDAP replication Dyn_Win/tcp 4760 server 389/tcp if IPSEC not
configured
IPsec shall be enabled only if LDAP
replication server do support IPsec.
PBX phonebook overflow control LDAP CS Dyn_CS/tcp 4760 server 389/tcp Configure
LDAP overflow
server in MAO
anonymous
access
Port can be configured in 4760 server
PBX configuration managem
ent
CMIP 4760 server Dyn_Win/tcp CS 2535/tcp if IPSEC not
configured
yes no
Directory call by name managem
ent
STAP 4760 server Dyn_Win/udp CS 2556/udp if IPSEC not
configured
no Issued upon request by a 4760 cl ient
as if a callback was in progress
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
20/38
20/38 Sheet:CS
Client Server
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of
Activation
Admission
control?
OXE
version?
Authenticati
on
Confident
iality
Notes
CMISD server managem
ent
CMIP 4760 server Dyn_Win/tcp 4760 server 30001/tcp IPsec Notconfigurable (difference with other
4760 server service ports in the 300xx
range).
LDAP administration server managem
ent
HTTP 4760 server Dyn_Win/tcp 4760 server 30010 (*)/tcp if IPSEC not
configured
login/pwd IPsec
CMISD server managem
ent
GIOP 4760 server Dyn_Win/tcp 4760 server 30013 (*)/tcp if IPSEC not
configured
IPsec
Loader server managem
ent
GIOP 4760 server Dyn_Win/tcp 4760 server 30020 (*)/tcp if IPSEC not
configured
IPsec
LDAP PBX synchronization server managem
ent
GIOP 4760 server Dyn_Win/tcp 4760 server 30026 (*)/tcp if IPSEC not
configured
IPsec
4760 Network Management ClientWeb access managem
ent
HTTP 4760 client Dyn_Win/tcp 4760 server 80 (*)/tcp
Kerberos managem
ent
Kerberos 4760 client 88/udp 4760 server 88/udp if IPSEC
configured
yes 4760 >=
R3.0
yes IPsec uses Kerberos as its default
authentication mechanism. Anothermechanism can be defined by the
customer.
Note: Microsoft may use TCP as
transport even though not standard.
Replication avec server LDAP externe managem
ent
LDAP 4760 client Dyn_Win/tcp 4760 server 389/tcp if IPSEC not
configured
anonymous
+
login/pwd
IPsec IPsec shall be enabled only if potential
clients do support IPsec.
IPsec key exchange managem
ent
IKE 4760 client Dyn_Win/tcp 4760 server 500/udp if IPSEC
configured
4760 >=
R3.0
yes yes
IPsec encrypted flows managem
ent
ESP 4760 client N/A 4760 server N/A if IPSEC
configured
4760 >=
R3.0
yes yes IPsec is notconfigured by default.
Sybase Anywhere database managem
ent
TDS 4760 client Dyn_Win/tcp 4760 server 30011 (*)/tcp if IPSEC not
configured
login/pwd IPsec
Access to various services: Alarms,
Extractor, License, Notification,
SaveRestore, Scheduler, Security,
etc...
managem
ent
GIOP 4760 client Dyn_Win/tcp 4760 server 30012 (*)/tcp,
30014 (*)/tcp
30019 (*)/tcp,
30022 (*)/tcp
30025 (*)/tcp
if IPSEC not
configured
no IPsec
MindTerm (SSH client) on 4760 client support SSH 4760 client Dyn_Win/tcp 4760 server 30028 (*)/tcp if IPSEC not
configured
IPsec and
SSH
Telnet proxy managem
ent
TELNET 4760 client Dyn_Win/tcp 4760 server 30100 (*)/tcp
30149 (*)/tcp
if IPSEC not
configured
IPsec
Notification of CORBA events managem
ent
GIOP 4760 server Dyn_Win/tcp 4760 client 30500 (*)/tcp
30509 (*)/tcp
if IPSEC not
configured
IPsec
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
21/38
21/38 Sheet:CS
Client Server
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of
Activation
Admission
control?
OXE
version?
Authenticati
on
Confident
iality
Notes
4760i (eConfig)File transfer: MAO data during
save/restore operations
managem
ent
FTP 4760i Dyn_? CS 21/tcp If CS not in
securized
mode.
TCP
wrappers
password for
mtcl
passiveFTP mode
Remote connection managem
ent
TELNET 4760i Dyn_? CS 23/tcp If CS notin
securized
mode.
TCP
wrappers
password for
mtcl
Remote connection and file transfert
(MAO data during save/restore
operations)
managem
ent
SSH 4760i Dyn_? CS 22/tcp If CS in
securized
mode.
TCP
wrappers
>=R6.0 password for
mtcl
Applet download managem
ent
HTTP 4760i Dyn_?/tcp CS 80/tcp If CS notin
securized
mode.
none none Needed only the first time to download
the applet.
Redirected to HTTPS port if CS is
secured.
Applet download managem
ent
HTTPS 4760i Dyn_?/tcp CS 443/tcp If CS in
securizedmode.
none >=R6.1 none yes Needed only the first time to download
the applet.
PBX configuration (NMCCS) managem
ent
GIOP 4760i Dyn_?/tcp CS 5540/tcp yes no CORBA access
ACAPI 2.xFile transfer: MIB managem
ent
FTP ACAPI 2.x Dyn_Win/tcp CS 21/tcp If CS not in
securized
mode.
TCP
wrappers
password for
mtcl
no passiveFTP mode
File transferts : MIB managem
ent
SSH ACAPI 2.x Dyn_Win/tcp CS 22/tcp If CS in
securized
mode.
TCP
wrappers
>=R6.0 login/pwd yes
PBX configuration managem
ent
CMIP ACAPI 2.x Dyn_Win/tcp CS 2535/tcp yes no
Support PCRemote maintenance support TELNET PC support Dyn_?/tcp CS 23/tcp If CS notin
securized
mode.
TCP
wrappers
Maintenance access support SSH PC support Dyn_?/tcp CS 22/tcp If CS in
securized
mode.
TCP
wrappers
>=R6.0
Webtools support HTTP PC support Dyn_?/tcp CS 80/tcp If CS not in
securized
mode.
none Redirected to HTTPS port if CS is
secured.
Webtools support HTTPS PC support Dyn_?/tcp CS 443/tcp If CS in
securized
mode.
none >=R6.1 yes yes
(*) Port number is configurable
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
22/38
22/38 Sheet:MG
GD, GA, INT_IP A & BClient Server
Purpose Plane Protocol Initiator Source port Responder Service port Condition
of
Activation
Admission
control?
Notes
Router redirection command control ICMP router N/A GD, GA
INT_IP B
N/A ICMP redirect
Autodiagnostic support ICMP INT_IP A+B N/A router
CS
N/A ICMP echo request sent to
router and then CS when
signaling link to CS is lost to
determine where the link is
broken and issue incident to
help auto-diagnostic.
Diagnosis of whitecommunications
support ICMP GD, GA N/A CSGD,GA
INT_IP A+B
N/A ICMP destination unreachableemitted when packet received
on closed fastsocket. Emitting
GD/CS then logs an incident
helping diagnose broken
communications (white or
half).
Network supervision console manage
ment
SNMP MIB browser Dyn_?/udp GD, GA 161/udp community
string
Dynamic IP configuration control DHCP GD
INT_IP B
68/udp DHCP server 67/udp Request sent in broadcast (as
per RFC)
GD configuration and software
upgrade (file download: binaries
(binmg)+config (lanpbx.cfg,
startmgd)+voice guides
control TFTP GD, GA
INT_IP A+B
Dyn_MG/udp
Dyn_INT_IP/udp
CS 69/udp
UA phone sets initialization
downloads lanpbx.cfg, starttscip,
startnoe,
control TFTP Dyn_IPP/udp
Dyn_NOE/udp
Dyn_Win/udp
69/udp
Dyn_NOE/udp
GD 69/udp Survivability
mode only
GD while in survivability mode
will serve configuration files to
the UA phone sets.
Synthesis of IP flows in OmniPCX Enterprise solution
23/38 Sh t MG
8/10/2019 OXE Ip Ports
23/38
23/38 Sheet:MG
Client Server
Purpose Plane Protocol Initiator Source port Responder Service port Condition
of
Activation
Admission
control?
Notes
Proprietary signaling
CS controlling the MG control UA CS, INT_IP A BP+128/udp GD, INT_IP B BP+128/udpMG controlling the GA control UA GD BP+128/udp GA BP+128/udp
Survivabilityagainst CS
connectivity loss
Rescuingside control UA CS BP+128/udp GD BP+130/udp Survivability
mode only
Trafic goes over the PSTN.
This port is only used on
rescuing GD (close to the CS)
= the one called through
PSTN by the GD to be
rescued.
Rescuedside control UA GD
INT_IP A+B
BP+128/udp IPP, NOE
Softphone
BP/udp Survivability
mode only
Rescued side
Encryptionsupport
Voice commands control UA lite GD, GA
INT_IP A+B
BP+130/udp MSM 2049 (*)/udp Voice
encryption
Fax commands control UA lite GD, GA
INT_IP A+B
BP+131/udp MSM 2050 (*)/udp Voice
encryption
Synthesis of IP flows in OmniPCX Enterprise solution
24/38 Sheet:MG
8/10/2019 OXE Ip Ports
24/38
24/38 Sheet:MG
Client Server
Purpose Plane Protocol Initiator Source port Responder Service port Condition
of
Activation
Admission
control?
Notes
H.323 Gateway (GW)
H.323 gatekeeper discovery (bcastor multicast to IP@ 224.0.1.41))
control ? GD, GAINT_IP A
H.323 end_point
Dyn_?/udp GD, GAINT_IP A
1718/udp Iff a H.323trunk is
declared
H.323 GK discovery (unicast) and
GW RAS signaling
control ? GD, GA
INT_IP A
H.323 end_point
Dyn_?/udp GD, GA
INT_IP A
1719/udp Iff a H.323
trunk is
declared
H323 RAS signaling control H.323 RAS H.323 end_point Dyn_?/udp INT_IP A 1720/udp Iff a H.323
trunk is
declared
H.323 Call establishment signaling
(H.225) with H.323 terminals, othergateways or ABC-F links
control ? GD, GA
INT_IP AH.323 extern gw
H.323 end_point
Dyn_H225_CLT/tcp GD, GA
INT_IP AH.323 extern gw
1720/tcp
H.323 Call establishment
signalisation H.225
(Q.931)
control ? GD, GA
INT_IP A
H.323 extern gw
H.323 end_point
?/tcp GD Dyn_H225_CLT/tcp No more needed?
H.245 signaling control ? GD, GA
INT_IP A
Dyn_?/tcp GD, GA
INT_IP A
1961/tcp Iff a H.323
trunk is
declaredH.245 media channel establishment
signalization
control ? GD, INT_IP A
H.323 extern gw
H.323 end_point
Dyn_H245_CLT/tcp
Dyn_?/tcp
Dyn_?/tcp
GD, INT_IP A Dyn_H245_SRV/tcp Iff a H.323
trunk is
declared
H.323 signalling with H.323
Gateways/Terminals or ABC-F links
control ? ? ?/tcp GA Dyn_H245_GA/tcp
H.323 monitor manage
ment
? ? Dyn_?/tcp GD 4560/tcp
Synthesis of IP flows in OmniPCX Enterprise solution
25/38 Sheet:MG
8/10/2019 OXE Ip Ports
25/38
25/38 Sheet:MG
Client Server
Purpose Plane Protocol Initiator Source port Responder Service port Condition
of
Activation
Admission
control?
Notes
Media: voice, fax...
user RTP/RTCP GD, GAINT_IP A+B
Dyn_Voice/udp IPP, NOESoftphone
BP+2,3/udp START_RTPin signaling
Whether encrypted of not, thesource and destination
addresses are not changed:
this flow is cleartext out of the
MG. When voice is encrypted,
cleartext flows through MSM
where it is encrypted and
continues encrypted to
destination.
user RTP/RTCP IPP, NOESoftphone
BP+2,3/udp GD, GAINT_IP A+B
Dyn_Voice/udp START_RTPin signaling
Direction of first packet cannotbe predetermined: both
directions shall be enabled
user T.38 GD, GA
INT_IP A+B
Dyn_Voice/udp Fax ?/udp START_FAX
in signaling
Whether encrypted of not, the
source and destination
addresses are not changed:
this flow is cleartext out of the
MG. When voice is encrypted,
cleartext flows through MSM
where it is encrypted and
continues encrypted to
destination.
user T.38 Fax ?/udp GD, GA
INT_IP A+B
Dyn_Voice/udp START_FAX
in signaling
Direction of first packet cannot
be predetermined: both
directions shall be enabled
Fax over IP
Voice channel, voice quality control
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
26/38
27/38 Sheet:Auxiliaries
8/10/2019 OXE Ip Ports
27/38
Various network elementsClient Server
Purpose Plane Protocol Initiator Source port Responder Service port Condition
of
Activation
Admission
control?
OXE
version
Notes
Audiocode (Z behind IP)H.225 listen & dial port control H.225 ? ?/tcp Audiocode 1720/tcp Mandatory
RAS control H.323 ? ?/udp Audiocode 1719/udp Optional
H.245 control H.245 ? Dyn_?/tcp Audiocode Dyn_?/tcp Mandatory
user RTP/RTCP GD, GA
INT_IP A+B
Dyn_Voice/udp Audiocode Dyn_Audiocode/u
dp
Direction of first packet
cannot be predetermined:
both directions shall be
enabled
user RTP/RTCP Audiocode Dyn_Audiocode/u
dp
GD, GA
INT_IP A+B
Dyn_Voice/udp
Web manageme
nt
HTTP PC admin Dyn_?/tcp Audiocode 80/tcp Optional
Syslog manageme
nt
Syslog ? 2048 Audiocode 514/udp Optional
SNMP manageme
nt
SNMP ? 1024 Audiocode 160,161/udp Optional
Moxa (V.24 port extender over IP)Telnet manageme
nt
TELNET PC support Dyn_?/tcp MOXA 23/tcp
Configurator / FW settings manageme
nt
CS Dyn_CS/tcp MOXA 4000/tcp
Data port user CS Dyn_CS/tcp MOXA [950,965]/tcp Upper bound depends on
number of ports supported
by the box. Example a 4-port
box range will end at 953.
Command port control CS Dyn_CS/tcp MOXA [966, 981]/tcp Likewise upper bound for a 4-
port box will be 969.
Broacast monitor real com installer manageme
nt
? Dyn_?/udp MOXA 1028/udp
RTP, RTCP, T.38
Synthesis of IP flows in OmniPCX Enterprise solution
28/38 Sheet:Auxiliaries
8/10/2019 OXE Ip Ports
28/38
Client Server
Purpose Plane Protocol Initiator Source port Responder Service port Condition
of
Activation
Admission
control?
OXE
version
Notes
Presentation Server (PRS)Signaling link control UA CS BP+128/udp PRS 2570/udp
OXE >= R6.0Client API on WIndows system control HTTP PC appli Dyn_Win/tcp PRS 8080/tcp Windows server supported
only in smallconfiguration
Client API on Linux system control HTTP PC appli Dyn_Lnx/tcp PRS 8080/tcp
8083/tcp
Linux server(s) in large
configurations
Web-based management manageme
nt
HTTP PC admin Dyn_?/tcp PRS 2010/tcp
PRS monitoring support ? PC admin Dyn_?/tcp PRS 2009/tcp
NOE applications user HTTP NOE Dyn_NOE PRS or
API servers
80/tcp NOE >= v3 The HTTP server is any of
the API servers. Actualrequest port may be any of
80, 8080, 8081, 8083, etc...
Alcatel Audio Station (AASVocal guide file transfert support FTP PC support Dyn_Win/tcp CS 21/tcp If CS notin
securized
mode.
mtcl pwd ActiveFTP mode
support SSH PC support Dyn_Win/tcp CS 22/tcp If CS in
securized
mode
mtcl pwd >=R6.0
PC InstallerFile Transfer for software update support FTP CS Dyn_CS/tcp PC Installer 21/tcp ActiveFTP mode, CS is
client.
DHCP client support DHCP CS 68/udp PC Installer 67/udp Only for complete
reinstallation of system and
call handling software on CS.
CS is the client.
TFTP client support TFTP CS Dyn_CS/udp PC Installer 69/udp Only for complete
reinstallation of system andcall handling software on CS.
CS is the client.
Synthesis of IP flows in OmniPCX Enterprise solution
29/38 Sheet:UA terminals
8/10/2019 OXE Ip Ports
29/38
IP phone (IPP), IP touch (NOE), MIPT, SoftphoneClient Server
Purpose Plane Protocol Initiator Source port Responder Service port Condition of
Activation
Admission
control?
Version? Notes
control ICMP IPP N/A router N/A ICMP echo request/replyWas criticalfor correct
operation
control ICMP NOE N/A router N/A ICMP echo request/reply
NOTcritical for correct
operation
Router redirection command control ICMP router N/A IPP, NOE,
MIPT
N/A ICMP redirect
Network supervision console manage
ment
SNMP MIB browser Dyn_?/udp IPP 161/udp community
string
IP phone only, not NOE.
Dynamic IP configuration control DHCP IPP, NOE,MIPT 68/udp DHCP server 67/udp If dynamicconfiguration
Phone configuration and software
upgrade(file download:
binaries+config information
Download lanpbx.cfg, starttscip,
startnoe)
control TFTP IPP
NOE, MIPT
Softphone
Dyn_IPP/udp
Dyn_NOE/udp
Dyn_Win/udp
TFTP server 69/udp
Phone directory control LDAP Softphone Dyn_Win/tcp LDAP server 389/tcp
Proprietary signalingcontrol UA CS, INT_IP A BP+128/udp IPP, NOE,
MIPT
BP/udp When not in encrypted
modecontrol STAP CS, INT_IP A 2556/udp Softphone BP/udp
control UA GD
INT_IP A+B
BP+128/udp IPP, NOE,
MIPT
BP/udp When in survivability
mode
The phone needs to be
statically configured for the
survivability mode to be
effective.control ATAPI Softphone Dyn_Win/tcp OTS 3595/tcp
control IKE SSM Dyn_?/udp NOE 500/udp When in encrypted
mode
OXE >=
R6.2
control ESP SSM N/A NOE N/A When in encrypted
mode
OXE >=
R6.2
Router presence check
Signaling link
Encryption of voice and signaling
Synthesis of IP flows in OmniPCX Enterprise solution
30/38 Sheet:UA terminals
8/10/2019 OXE Ip Ports
30/38
Client Server
Purpose Plane Protocol Initiator Source port Responder Service port Condition of
Activation
Admission
control?
Version? Notes
Media: voice, fax...user RTP/RTCP
orSRTP/SRTCP
GD, GA
INT_ IP A+B
Dyn_Voice/udp IPP, NOE,
MIPT,Softphone
BP+2,3/udp Whether encrypted of not,
the source and destination
addresses are not
changed.user RTP/RTCP
or
SRTP/SRTCP
IPP, NOE,
MIPT
BP+2,3/udp GD, GA
INT_ IP A+B
Dyn_Voice/udp Direction of first packet
cannot be predetermined:
both directions shall be
enableduser RTP/RTCP Softphone Dyn_Win/udp GD, GA
INT_ IP A+B
Dyn_Voice/udp Voice packets emitted by
the softphone are sent
from a dynamic UDP port.user RTP/RTCPor
SRTP/SRTCP
IPP, NOE,
MIPT
BP+2,3/udp IPP, NOE,
MIPT,
Softphone
BP+2,3/udp Whether encrypted of not,
the source and destination
addresses are not
changed.user RTP/RTCP
or
SRTP/SRTCP
IPP, NOE,
MIPT
BP+2,3/udp IPP, NOE,
MIPT
BP+2,3/udp Direction of first packet
cannot be predetermined:
both directions shall be
enableduser RTP/RTCP Softphone Dyn_Win/udp IPP, NOE,
MIPT
BP+2,3/udp Voice packets emitted by
the softphone are sentfrom a dynamic UDP port.
ApplicationsNOE applications
(See tab 'Auxiliaries' for
more information on PRS)
user HTTP NOE Dyn_NOE PRS
API servers
80/tcp NOE >= v3 The HTTP server is anyone
amongst the API servers.
Actual request port may be
any from 80, 8080, 8081,
8083, etc...
Maintenance and Support
support TELNET PC support Dyn_?/tcp IPP 23/tcp always on Incomingconnection
request
allowed only
from Call
Server
support TELNET PC support Dyn_?/tcp NOE 23/tcp SET_PARAM UA
message with telnetd
timeout
none
Voice channel
Voice quality control
with gateways
Voice channel
Voice quality control
between UA phones
Maintenance access
Synthesis of IP flows in OmniPCX Enterprise solution
31/38 Sheet:OTUC
8/10/2019 OXE Ip Ports
31/38
OmniTouch Unified CommunicationsClient Server
Purpose Plane Protocol Initiator Source port Responder Service Port OTUC
version?
Authentication Confidentiality Integrity Notes
myPhonecontrol ATAPI Client Dyn_Win/tcp OTS 3595/tcp (*) YES NO
control LDAP Client Dyn_Win/tcp LDAP server 389/tcp NO NO Not for Websoftphone
control TFTP Client Dyn_Win/udp TFTP server 69/udp NO NO
control STAP CS 2556/udp Client BP/udp ? NO
user RTP/RTCP GD, GA, 46x5
INT_IP A+B
Media Server
IPP, NOE
Dyn_Voice/udp
Dyn_Voice/udp
Dyn_MS/udp
BP+2,3/udp
Softphone BP+2,3/udp NO NO
Direction of first packet cannot
be predetermined: both
directions shall be enableduser RTP/RTCP Softphone Dyn_Win/udp GD, GA, 46x5
INT_IP A+B
Media Server
IPP, NOE
Dyn_Voice/udp
Dyn_Voice/udp
Dyn_MS/udp
BP+2,3/udp
NO NO Voice packets emitted by the
softphone are sent from a
dynamic UDP port.
Service Infrastructure
CS interfacing control CSTA Service Infra Dyn_?/tcp CS 2555/tcp YES OTS server
Mngt Interfacing control CMISD Service Infra Dyn_?/tcp CS 2535/tcp YES OTS server
myMessaging
control HTTP Client Dyn_Win/tcp Service Infra 8080/tcp YES YES (HTTPS) Only if LARGE or
Websoftphonecontrol SOAP/HTTP Client Dyn_Win/tcp Service Infra 8083/tcp >=R3.x ? ? Not for Websoftphone
control IMAP4 Client Dyn_Win/tcp 46x5 143/tcp (993/tcp) YES YES if IMAP4s Only if integrated voice mail
control FlexLM Client Dyn_Win Service Infra 27000 Not for Websoftphone
control MAPI Client Dyn_Win/tcp Exchange ?/tcp YES
control IMAP4 Client Dyn_Win/tcp 46x5
IMAP4 Server
143/tcp (993/tcp) YES YES if IMAP4s Only if integrated voice mail or
external IMAP server
control HTTP Client Dyn_Win/tcp Service Infra 8080/tcp YES YES (HTTPS) Only if LARGE
control SOAP/HTTP Client Dyn_Win/tcp Service Infra 8083/tcp >=R3.x ? ?
control NAPI Client Dyn_Win/tcp Domino ?/tcp YES
control IMAP4 Client Dyn_Win/tcp 46x5IMAP4 Server
143/tcp (993/tcp) YES YES if IMAP4sOnly if external IMAP server
control HTTP Client Dyn_Win/tcp Service Infra 8080/tcp YES YES (HTTPS) Only if LARGE
control SOAP/HTTP Client Dyn_Win/tcp Service Infra 8083/tcp >=R3.x ? ?
Email server
Store Voice Message control SMTP Service Infra Dyn_?/tcp Email server 25/tcp
IMAP4 server access control IMAP4 Service Infra Dyn_?/tcp Email server 143/tcp Not if Exchange or Domino is
used as eMail server
Mail box access control HTTP Service Infra Dyn_?/tcp Email server 8000/tcp
PIM mngt control HTTP Service Infra Dyn_?/tcp Email server 8001/tcp
Filter mngt control HTTP Service Infra Dyn_?/tcp Email server 8002/tcpNotif request control HTTP Email server Dyn_?/tcp Service Infra 8082/tcp
Proprietary signaling
Voice
Web client
Outlook Client
Lotus Client
Synthesis of IP flows in OmniPCX Enterprise solution
32/38 Sheet:OTUC
Cli S
8/10/2019 OXE Ip Ports
32/38
Client Server
Purpose Plane Protocol Initiator Source port Responder Service Port OTUC
version?
Authentication Confidentiality Integrity Notes
Voice mail server
Voice Mail access control IMAP4 Service Infra Dyn_?/tcp 46x5 143/tcp (993/tcp) YES YES if IMAP4s Only if integrated voice mail
Voice Mail Control control VMMC2/HTTP Service Infra Dyn_?/tcp 46x5 80/tcp YES NO Only if integrated voice mailMedia Server (MS)
Voice Signaling control SIP CS 5060 (*)/udp MS 5060 (*)/udp YES but Not used NO
user RTP/RTCP GD, GA, 46x5
INT_IP A+B
IPP, NOE,
Softphone
Dyn_Voice/udp
Dyn_Voice/udp
BP+2,3/udp
MS Dyn_MS/udp NO NO
Direction of first packet cannot
be predetermined: both
directions shall be enabled
user RTP/RTCP MS Dyn_MS/udp GD, GA, 46x5
INT_IP A+BIPP, NOE,
Softphone
Dyn_Voice/udp
Dyn_Voice/udpBP+2,3/udp
NO NO
control HTTP/VXML MS Dyn_?/tcp Service Infra 8080/tcp NO NO
control HTTP/PPR Service Infra Dyn_?/tcp MS 8015/tcp NO NO
myAssistant
no specific flow
Common Service Infrastructure
OTUC application control Java RMI another CS Dyn_CS/tcp Service Infra 1099/tcp YES
Licences access control FlexLM Service Infra Dyn_? Licences
Server
27000
Directories control LDAP Service Infra Dyn_? Directory 389 YES YES LDAP directory internal to
OTUC (not the company's
directory)
SQL Database control Service Infra Dyn_? Database ? Internal to OTUC (only if
LARGE)
API openness control SOAP/HTTP Third party Dyn_?/tcp Service Infra 8080/tcp YES YES (HTTPS) Home page access. Only in
LARGE.
Notes (*) configurable through command line upon server startup
Voice Application
Voice Flow
Synthesis of IP flows in OmniPCX Enterprise solution
33/38 Sheet:OTCC
8/10/2019 OXE Ip Ports
33/38
OmniTouch Contact CenterClient Server
Purpose Plane Protocol Initiator Source
port
Responder Service
Port
Port
Location
Condition of
activation
Authentication Notes
CCD
Stats transfer manage
ment
FTP PC admin Dyn_? Afe 21/tcp YES
Mngt interfacing control CMIS Afe Dyn_CS Cmisd 2535/tcp OXE YES
CCD Supervision control ? CCS Dyn_Win Afe 2538/tcp OXE YES
TSS tool for Afe support Text PC support
(adm_acd)
Dyn_? Afe 2538/tcp OXE NO Debug only
CCS emulator support TELNET PC support
(terminal)
Dyn_? Afe 2538/tcp OXE NO Debug only
CCS Server control ? CCS Server Dyn_Win Afe 2538/tcp OXE NO
TSS tool for CCS Server
support Text PC support
(adm_acd -
servccs)
Dyn_? CCS Server 2543/tcp OXE or
Windows
NO Debug only
CCD Supervision control ? CCS Dyn_Win CCS Server 2543/tcp OXE or
Windows
YES
pilot_test support UA PC support
(pilot_test)
? rtest 2554/tcp OXE Manual
configuration
NO Test only
PABX interfacing control CSTA / C Afe ? CSTA server 2555/tcp OXE NO
support CSTA / ASN1 Pilot/Pilot2a ? CSTA Server 2555/tcp OXE NO Test only
support CSTA / C Pilot2 ? CSTA Server 2555/tcp OXE NO Test only
CSTA web access control HTML Browser ? CSTA Server 2555/tcp OXE NO
CSTA Telnet support TELNET telnet ? CSTA Server 2555/tcp OXE NO Debug only
lis support LIS lis ? rlis 2560/tcp OXE Manual
configuration
YES Test SOSM
lisEA manage
ment
LIS lisEA ? rlisEA 2561/tcp OXE EAU
configuration
YES
CSTA Tools
Synthesis of IP flows in OmniPCX Enterprise solution
8/10/2019 OXE Ip Ports
34/38
35/38 Sheet:OTCC
Client Server
8/10/2019 OXE Ip Ports
35/38
Client Server
Purpose Plane Protocol Initiator Source
port
Responder Service
Port
Port
Location
Condition of
activation
Authentication Notes
Contact Center Outbound (CCO)
CTI application control CSTA / ASN1 CSTA Server ? GenesysT-Server
2555/tcp OXE NO
agent scripting control HTTP WEB Server ? CCA 80/tcp Windows NO
CCO Script Editor control FTP FTP Server ? CCOSE 2121/tcp Windows YES
Data synchronization => control ? Synchro
Server
? Afe 2538/tcp OXE NO
CCO Script Editor
8/10/2019 OXE Ip Ports
36/38
37/38 Sheet:VoWLAN
Voice over Wireless LAN: Airespace or Aruba infrastructure
8/10/2019 OXE Ip Ports
37/38
Voice over Wireless LAN: Airespace or Aruba infrastructure
Client Server
Purpose Plane Protocol Initiator Source port Responder Service Port Condition
of
activation
VoWLAN
version?
Notes
Mobile IP Telephony handset (MIPT)
Dynamic IP configuration control DHCP MIPT 68/udp SVP 67/udp
Download configuration
files, binary, menu files
control TFTP MIPT Dyn_WLAN/udp TFTP server 69/udp
Spectralink voice protocol control SRP (119) MIPT N/A SVP N/A This is an IP protocol at same level as
UDP or TCP (no notion or source or
destination port)H.323 incoming call control H.323/H.225 GD Dyn_H225_CLT/tcp MIPT (NATed) 1720/tcp Traffic to MIPT translated is actually
intercepted by SVP which performs a
pseudo NAT function, redirecting the
traffic through SRP protocol
H.323 outgoing call control H.323/H.225 MIPT (NATed) Dyn_WLAN/tcp GD 1720/tcp
H.245 to GD control H.323/H.245 MIPT (NATed) Dyn_WLAN/tcp GD Dyn_H245_SRV/tcp
H.245 to MIPT control H.323/H.245 GD Dyn_H245_CLT/tcp MIPT (NATed) 41788/tcp
user RTP/RTCP GD, GA, 46x5
INT_IP A+B
Media Server
IPP, NOE
Softphone
Dyn_Voice/udp
Dyn_Voice/udp
Dyn_MS/udp
BP+2/udp
Dyn_?/udp
MIPT (NATed) 19282/udp RTCP may be blocked bu firewall since
all RTCP traffic to MIPT is ignored and
MIPT doesn't emit any RTCP packet.
user RTP/RTCP MIPT (NATed) 19282/udp GD, GA, 46x5
INT_IP A+B
Media Server
IPP, NOESoftphone
Dyn_Voice/udp
Dyn_Voice/udp
Dyn_MS/udp
BP+2/udpDyn_?/udp
Direction of first packet cannot be
predetermined: both directions shall be
enabled
Voice channel, Voice
quality control
Synthesis of IP flows in OmniPCX Enterprise solution
38/38 Sheet:VoWLAN
Client Server
8/10/2019 OXE Ip Ports
38/38
Purpose Plane Protocol Initiator Source port Responder Service Port Condition
of
activation
VoWLAN
version?
Notes
SVP managementDynamic IP configuration control DHCP SVP 68/udp DHCP server 67/udp SVP acts as a DHCP proxy relayingthe DHCP request in unicast to the
actual DHCP server.
DHCP can be made mandatory for
every terminal
H.225 RAS to H.323
Gatekeeper
control H.323/H.225 GD 1719/udp SVP 1719/udp registration or RAS admission
message
Maintenance download of
configuration files, binary
support TFTP SVP Dyn_WLAN/udp TFTP server 69/udp
Management console
access
manage
ment
TELNET PC support Dyn_?/tcp SVP 21/tcp
OAW managementMaintenance download of
configuration files, binary
support TFTP OAW Dyn_WLAN/udp TFTP server 69/udp
manage
ment
TELNET PC support Dyn_?/tcp OAW 21/tcp
management SSH PC support Dyn_?/tcp OAW 22/tcp
manage
ment
HTTP PC admin Dyn_?/tcp OAW 80/tcp
manage
ment
HTTPS PC admin Dyn_?/tcp OAW 443/tcp
Journaling output manage
ment
SYSLOG OAW Dyn_WLAN/udp syslog server 514/udp
SNMP requests manage
ment
SNMP Supervision
console
Dyn_?/udp OAW 161/udp
SNMP traps management
SNMP OAW Dyn_WLAN/udp Supervisionconsole
162/udp
Management console
access
Web-based management
Synthesis of IP flows in OmniPCX Enterprise solution