22

TCP/SSH

No

• Open

Admin terminal or SAL Gateway

Remote maintenance connection

• Username + password

52

DNS

No

• Open

DNS Client

IP Office acts as a DNS relay

• None

67

UDP/DHCP

Yes

• Open

DHCP clients such as IP Phones

IP Office DHCP service

• None

67

UDP/BOOTP

Yes

• Open

Manager

Manager BOOTP server for IP address and firmware for IP Office

• None

69

UDP/TFTP

No

• Open

Legacy Manager, Upgrade Wizard.

IP Office status, program data, UDP Whois. The information that is obtained can be controlled with security settings

• Obfuscated password

80*

(1-100)

TCP/HTTP

Yes

• Open

File transfer Manager and phones, Web client, DECT R4 Provisioning, SoftConsole, WebSocket SCN, Voicemail Pro.

General purpose HTTP file and WebSocket server. Phone backup/restore and firmware download.

• Some URIs RFC2617 Authenticated

123

NTP

No

• Open

DECT R4, IP Office

NTP (RFC4330) Service - SNTP subset

• None

161*

(161, 1024- 65535)

UDP/SNMP

Yes

• Open

SNMP Agent

Read-only access to MIB entries

• Community string

411

TCP/HTTPS

Yes

• Open

H.232 phone

Phone settings files

• None

443*

(1-65535)

TCP/HTTPS

Yes

• Open

Manager and phones, Web client, DECT R4 Provisioning, SoftConsole, WebSocket SCN, Voicemail Pro. SIP, H.323 phones

General purpose HTTPS file and WebSocket server. Secure phone backup/restore

• Shared secret (Softphone) X.509 certificate (IP Office)

520

UDP/RIP

Yes

• Open

Router

Exchange routing information with adjacent IP routers or receive information

• None

546

UDP/DHCPv6

Yes

• Closed

DHCPv6 clients

IP Office DHCPv6 service.

1300

TLS/H.323 signaling

Yes

• Closed

H.323 Phone

Secure H.323 signaling from IP phones

• None

1701

UDP/L2TP

Yes

• Closed

Remote Network devices

From layer 2 tunnels to remote network devices

• CHAP

1718

UDP/H.323

discovery

Yes

• Filtered

H.323 phone

H.323 service to IP Phones

• Shared secret (password) HMAC-SHA1-96

1719

UDP/H.323 status

Yes

• Filtered

H.323 phone

H.323 service to IP Phones

• Shared secret (password) HMAC-SHA1-96

1720

TCP/H.323 signaling

Yes

• Filtered

H.323 phone

H.323 service to IP Phones

• Shared secret (password) HMAC-SHA1-96

4097

TCP

No

• Filtered

N/A

Debug (disabled)

• None

5056*

(1024- 64510)

UDP+TCP/SIP

Yes

• Closed

SIP endpoint, SIP trunk, SIP Proxy

SIP extensions.

• MD5 CHAP

5060*

(1024-64510)

TCP+UDP/SIP

Yes

• Closed

SIP endpoint, SIP trunk, SIP Proxy

SIP extensions

• MD5 CHAP

5061*

(1024-64510)

TLS/SIP

Yes

• Closed

SIP endpoint, SIP trunk, SIP Proxy

SIP extensions

• MD5 CHAP

5443

TCP/HTTPS

Yes

• Open

Backup/Restore client, UC client upgrade.

Secure server for solution backup/restore. Secure URI for VM listen for UC client. Upgrade for Hosted Deployment. Applies only to IP Office Linux and Application Server

• None

5480

TCP/HTTPS

Yes

• Open

Web interface for Virtual Appliance Management Infrastructure (VAMI)

Virtual Linux-based IP Office severs. No firewall configuration needed

• Authenticated

5488

TCP

Yes

• Open

CIM client for VAMI

Linux-based IP Office severs. No firewall configuration needed.

• Authenticated

5489

Yes

• Closed

Yes

• Open

CIM client for VAMI

Linux-based IP Office severs. No firewall configuration needed.

• Authenticated

7070

TCP/HTTPS

Yes

• Open

Web Management client

Linux-based IP Office severs.

• Username + password

7071

TCP/HTTPS

Yes

• Open

Web Management client

Linux-based IP Office severs.

• Username + password

7147

TCP/HTTPS

No

• Open

Collaboration Services/SMA

IP Office Application Server and UCM.

• Internal. Token based authentication.

7444

TCP/HTTPS

No

• Open

IP Office User Portal

IP Office Application Server and UCM.

• Username + password

8000

TCP/HTTP

No

• Closed

Web Management client, Upgrade.

Upgrade web service. Log download

• Username + password

8411

TCP/HTTP

Yes

• Closed

H.323 phone

Phone settings files. Firmware download

• None

8443*

(1-65535)

TCP/HTTPS

Yes

• Closed

Web Management client

-

• None

9080

TCP/HTTP

No

• Closed

Web Management client

-

• Username + password

40750-50750

UDP/RTP

UDP/RTCP

Yes

• N/A

Media end points

IP Office Linux uses the port range 32768- 61000 for RTP connections. IP500 V2 default 40750-50750

• None

40750-50750

UDP/SRTP

UDP/SRTCP

Yes

• N/A

Media end points

IP Office Linux uses the port range 32768- 61000 for RTP connections. IP500 V2 default 40750-50750

• None

50780

UDP/Proprietary

Yes

• Open

Dongle application

Not used

• None

50792

UDP/Voicemail

Yes

• Open

Voicemail server

Voicemail Pro media

• None

50793

TCP/Proprietary

Yes

• Open

Solo Server

TAPI Wave Driver – audio stream interface for TAPI based applications

• None

50794

UDP+TCP,SysMonitor

Yes

• Open

System Monitor, DevLink.

Event, trace and diagnostics outputs

• Password

50795

UDP, Voicenet

Yes

• Open

SCN Trunks

Small Community Network peer to peer trunk signaling

• None

50796

TCP/TLS

Yes

• Open

IPOCC/ACCS

CTI link for Contact Center application

• Password

50797

TCP/TAPI

Yes

• Open

TAPI clients: CPA, PC Dialer, Web Agent

TAPI

• None

50801

TCP/Proprietary

Yes

• Open

Voice Conferencing application

-

• None

50802

TCP/Proprietary

Yes

• Open

IP Office Manager, Web Management

Whois #2 and Whois #3, TCP discovery

• -

50804*

(49152-65280)

TCP/Proprietary

Yes

• Open

IP Office Manager

IP Office configuration interface

• HMAC SHA-1 challenge sequence

50805*

(49152-65280)

TCP/TLS

Yes

• Open

IP Office Manager

IP Office configuration interface secure (encrypted)

• HMAC SHA-1 challenge sequence X.509 Certificate

50808*

(49152-65280)

TCP/Proprietary

Yes

• Open

System Status Application

IP Office status information

• HMAC SHA-1 challenge sequence

50809*

(49152-65280)

TCP/TLS

Yes

• Open

System Status Application

IP Office status information secure (encrypted)

• HMAC SHA-1 challenge sequence

50812*

(49152-65280)

TCP/Proprietary

Yes

• Open

IP Office Manager

IP Office security settings

• HMAC SHA-1 challenge sequence

50813*

(49152-65280)

TCP/TLS

Yes

• Open

IP Office Manager

IP Office security settings secure (encrypted)

• HMAC SHA-1 challenge sequence X.509 Certificate

50814*

(49152-65280)

TCP/Proprietary

Yes

• Open

one-X server

IP Office CTI control for one-X

• HMAC SHA-1 challenge sequence

50823

TCP

No

• Closed

N/A

Debug IP Office Linux (disabled)

• None

52233

TCP/HTTPS

Yes

• Closed

WebLM client

WebLM server for licensing

• X.509 certificate

56000-58000

UDP/RTP

No

• Open

WebRTC Media gateway

Media endpoints

• None

25

TCP/SMTP

Yes

• N/A

SMTP email server

Email transmission from IP Office (TLS enforced)

• None

37

UDP/TIME

Yes

• N/A

Manager and VMPro

TIME (RFC868) Service

• None

53

UDP/DNS

Yes

• N/A

DNS server

Name Service

• None

68

UDP/DHCP

Yes

• N/A

DHCP server

IP Office obtaining DHCP address from a server

• None

68

UDP/BOOTP

Yes

• N/A

Manager

IP Office obtaining IP address and firmware

• None

69

UDP/TFTP

Yes

• N/A

Manager

IP Office obtaining firmware on behalf of phones

• None

123

UDP/NTP

Yes

• N/A

NTP server

NTP (RFC 4330) Service - SNTP

• None

162*

UDP/SNMP

Yes

• N/A

SNMP Receiver

Trap generation from IP Office

• Community string

389

TCP/LDAP

Yes

• N/A

LDAP service

Import of directory information from LDAP database

• Kerberos 4 or simple password

443

TCP/HTTPS

Yes

• N/A

SCEP server

SCEP to System Manager

• Password

443

HTTPS

Yes

• -

Google Cloud Storage

Subscription system backup, restore, and upgrade.

500

UDP/IKE

Yes

• N/A

Remote device

Form IPSec association with remote security devices

• Shared secret MD5 or SHA

514*

UDP+TCP/Syslog

Yes

• N/A

Syslog server

-

• None

520

UDP/RIP

Yes

• Open

Router

Exchange routing information with adjacent IP routers or receive information

• None

547

UDP/DHCPv6

Yes

• Closed

DHCPv6 Server

IP Office DHCPv6 IP address request.

3478*

UDP

Yes

• N/A

STUN Server

-

• None

5060

UDP+TCP/SIP

Yes

• N/A

c

-

• MD5 CHAP

5061

TLS/SIP

Yes

• N/A

SIP trunk

-

• MD5 CHAP

5443

TCP/HTTPS

Yes

• N/A

HTTPS server

Solution backup/restore using HTTPS

• Username + password

6514

TLS/Syslog

Yes

• N/A

Syslog server

-

• None

10162

UDP/SNMP

Yes

• N/A

SNMP trap

SNMP trap to System Manager

• None

40750-50750*

UDP/RTP-RTCP UDP/SRTPSRTCP

Yes

• N/A

Media end points

IP Office Linux uses the port range of 32768- 61000 for RTP connections with the media server.

IP500 V2 default 46750-50750

• None

50791

UDP/Voicemail

Yes

• N/A

Voicemail server

Voicemail Pro signaling/media

• None

50795

UDP/Voicenet

Yes

• N/A

SCN trunks

SCN peer to peer trunk signaling Legacy trunks only, WebSocket SCN uses 80/443

• None

50815

TCP/TLS

No

• Open

one-X Portal

IP Office CTI control for one-X Portal

• HMAC SHA-1 challenge sequence

52233

TCP/HTTPS

Yes

• N/A

WebLM server

Used for WebLM licensing

• X.509 certificate

4096

TCP

Yes

• Open

IP Office SNMP Agent

-

• Internal.

4444

TCP/JMX

Yes

• Open

WebRTC signaling gateway

Management port used by WebRTC signal gateway to communicate with media gateway

• Internal.

4445

TCP/JMX

Yes

• Open

Messaging port used by WebRTC signal gateway to communicate with media gateway

• Internal.

5005*

TCP

Yes

• Open

RTCP monitoring

-

• Internal.

5555

TCP

Yes

• Open

WebRTC signaling gateway

Messaging port used by WebRTC signal gateway to communicate with media gateway

• Internal.

5556

TCP/JMX

Yes

• Open

Messaging port used by WebRTC signal gateway to communicate with media gateway

• Internal.

6006

TCP

Yes

• Open

QoS

-

• Internal.

17777

TCP

Yes

• Open

IP Office and Jade

Communication between IP Office and JADE

• Internal.

42004*

TCP/SIP

Yes

• Open

WebRTC signaling gateway

SIP client connections from IP Office

• Internal.

42008*

TCP/SIP

Yes

• Open

SIP trunk connections from IP Office

• Internal.