mitel call paths and ports
DESCRIPTION
Mitel Call Paths and PortsTRANSCRIPT
Mitel Call Paths and Ports
Traffic Guidelines
Phone Sets and System Resources
Mitel Ports
Controller and Handsets FUNCTION SOCKET NUMBER FTP (data) TCP 20 FTP (control) TCP 21 Telnet TCP 23 SMTP (VPIM for voice mail) TCP 25 DNS UDP 53 DHCP server UDP 67 DHCP client UDP 68 TFTP UDP 69 HTTP TCP 80 SNMP UDP 161 SNMP trap UDP 162 HTTPS (SSL) TCP 443 IP Trunk (unsecured) TCP 1066 IP Trunk (SSL) TCP 1067 OPS Manager, telephone directory TCP 1606 VoiceFirst (server connection) TCP 3300 PDA, Application communication TCP 3999 EDS TCP 5002 Telephone Directory (eManager) TCP 5009 SIP TCP 5060 SIP-TLS TCP/UDP 5061 E2T to RTC (SSL) TCP 6000 Set to ICP (Unsecured) TCP 6800 Set to ICP (SSL) TCP 6801 Set to ICP (Secure Minet) TCP 6802 Data Services access TCP 7011 SDS TCP 7050 E2T IP prior to release 6 RTP/UDP 5000 to 5512 E2T IP release 6 and above RTP/UDP 50000-50255 RTC TCP 6800 MiNET Client TCP 6900-6999 MiTAI TCP 8000 MiTAI (SSL) TCP 8001 IP Sets - Voice B1/B2, Rx pre release 8.0 RTP/UDP 9000/9002 IP Sets - Voice B1/B2, Tx pre release 8.0 RTP/UDP 9000/9002 IP Sets - Voice B1/B2, Rx post release 8.0 RTP/UDP 50000-50511 IP Sets - Voice B1/B2, Tx post release 8.0 RTP/UDP 50000-50511 TFTP UDP 20001 DECT voice and signalling TCP/UDP 16320 to 32767
5550 Console "Keypad to Console PC" TCP port usage:
• The Keypad will use TCP port 6900 to establish a socket connection to the IP address of the PC on TCP port 10000
• The PC needs to allow inbound TCP sessions to TCP port 10000
"Console PC to 3300 ICP" TCP port usage:
• The PC will establish a connection to the 3300 ICP using the following TCP ports 6800, 7011 and 1606 on the 3300 ICP side
Log Output Socket Number FUNCTION SOCKET NUMBER Software Logs TCP 1750 Maintenance Logs TCP 1751 SMDR TCP 1752 Hotel Logs TCP 1753 LPR1 Printer Port TCP 1754 ACD Real Time Event TCP 15373 IP PMS (Release 6.0) TCP 15374 PMS Voice Mail Integration TCP 6830
Teleworker
Port Range Direction Purpose & Details
TCP 22 (SSH) Server « Internet AMC communications. Allow inbound and outbound packets on TCP port 22 between the 6010 and the Internet to enable server registration, software and license key downloads, alerts and reporting.
TCP 443 (HTTPS) Server « Internet
Remote Server Management. Allow inbound and outbound packets on TCP port 443 between the 6010 and the Internet to allow remote management of the server, if required. HTTPS access to the manager on the external interface must be also be explicitly enabled from the server manager interface.
TCP 443 (HTTPS) Server « LAN
Local Server Management. Allow inbound and outbound packets on TCP port 443 between the 6010 and the LAN to allow for management of the server. HTTPS access to the manager on the external interface must be also be explicitly enabled from the server manager interface. The firewall should be configured to limit HTTPS access to desired management hosts.
TCP 6800, 6801 and 6802
Server « Internet Server « LAN
Server « ICP(s)
MiNet Call Control. Allow incoming and outgoing packets for TCP ports 6801 and 6802 between the server and the Internet. Allow incoming and outgoing packets for TCP ports 6800, 6801 and 6802 between the server and the LAN and the server and the ICP(s). The LAN rule can be omitted if there are no teleworker sets on the LAN, but ensure that the ICP(s) can communicate with the server’s public address.
UDP 69 Server « Internet Server « LAN
Firmware Downloads. Allow incoming TFTP requests from the Internet and from the LAN to the server on UDP port 69. Allow outbound replies to these requests, from the server to both the Internet and the LAN. Phones will be unable to boot if this is misconfigured. LAN rules can be omitted if there are no in-office Teleworker sets. Note: a source UDP port of 69 is used for all replies from the 6010 TFTP server.
UDP 20,000 to 23,000 (RTP)
Server « Internet Server « LAN
Voice Communications. Allow incoming and outgoing RTP on UDP ports 20000 – 23000 between the server and the Internet. Misconfiguration here is a common cause of one-way audio problems.
UDP 1024 to 65,535 (RTP) Server ® LAN
Voice Communications. Allow outgoing RTP on UDP ports greater than, or equal to, 1024 from the server to the phone network (LAN). Failure to do so often results in a loss of audio from the remote phone to the local phone network (LAN).
UDP 1024 to 65,535 (RTP) LAN ® Server
Voice Communications. Allow outgoing RTP on UDP ports greater than, or equal to, 1024 from the phone network (LAN) to the publicly routable IP address of the server. Failure to do so usually results in the loss of audio from the local phone network (LAN) to the remote phone.
TCP 3300 (VFA) Server « Internet Server « LAN
Optional VoiceFirst Communications. Allow bidirectional traffic on TCP port 3300 if you have a VoiceFirst Solution installed.
TCP 8001 (MiTAI)
Server « Internet Server « LAN
Optional MiTAI Communications. Allow bidirectional traffic on TCP port 8001 if you are using the Your Assistant Softphone v3.1 or higher with the Teleworker Solution.
TCP 3999 (5230 set)
Server « Internet Server « LAN
Optional 5230 IP Appliance Communications. Allow bidirectional traffic on TCP port 3999 if you are using Mitel 5230 IP Appliances as Teleworker sets. This enables communications from the on-board PDA.
Multi Protocol Border Gateway
Port Range
Direction
Purpose & Details
TCP 22 (SSH) Server => Internet AMC Communications. Allow
outbound packets (and replies) on TCP port 22 between the MBG Server and the Internet to enable server registration, software and license key downloads, alerts and reporting.
UDP 53 (DNS) Server => Internet DNS. The server requires DNS to look up the IP address of the Mitel AMC. Alternatively, the server can be configured to forward all DNS requests to another DNS server.
TCP 443 (HTTPS) Server <= Internet Remote Server Management (Optional). Allow inbound and outbound packets on TCP port 443 between the MBG server and the Internet to allow remote management of the server, if required. HTTPS access to the manager on the external interface must also be explicitly enabled from the server manager interface. The firewall should be configured to limit HTTPS access to desired management hosts.
TCP 443 (HTTPS) Server <= LAN Local Server Management. Allow inbound and outbound packets on TCP port 443 between the MBG Server and the LAN to allow for management of the server. HTTPS access to the manager on the external interface must also be explicitly enabled from the server manager interface. The firewall should be configured to limit HTTPS access to desired management hosts.
TCP 6800, 6801 and 6802 Server => LAN Server => ICP(s)
TCP 6801 and 6802 Server <= Internet
MiNet Call Control. Allow incoming and outgoing packets for TCP ports 6801 (MiNet-SSL) and 6802 (MiNet-Secure V1) between the server and the Internet. Allow incoming and outgoing packets for TCP ports 6800 (unencrypted MiNet), 6801 and 6802 between the server and the LAN and the server and the ICP(s). The LAN rule can be omitted if there are no IP sets on the LAN, but ensure that the ICP(s) can communicate with the server's public address.
TCP 3998, and 6880 Server <= Internet SAC Connection Support. Allow incoming TCP on ports 3998 and 6880 to support the applications and the web browsing, respectively, on the 5235, 5330, 5340 and Navigator sets, from the Internet to the MBG server. There is an additional LAN rule that follows this to complete the support.
TCP 3998, 3999 and 6880 Server => ICP(s) SAC Connection Support. Allow bi-directional TCP traffic on port 3999 to the ICP(s). This is to support the applications on the 5235, 5330, 5340 and Navigator sets. Note: 3998 and 6880 are dependent on an additional, internal MBG server that the Internet-facing server is daisychained to.
TCP 80 Server => LAN Server => Internet
SAC Connection Support (Optional). Allow TCP port 80 from the server to the Internet, and to the LAN, to support web browsing on the 5235, 5330, 5340 and Navigator sets. Also required to the Internet to allow browsing of the Internet from the set.
TCP 80 Internet <=> Server Certificate Management (Optional). On any client that makes use of MiSSLTunnel with a client certificate (UCA, CIS, etc), then this port must be open to the Internet to permit the web service to submit a certificate signing request (CSR) and check on the status of that request, finally downloading it. Also needed for CREs to register with SRC control interface.
TCP 6809 Between servers in the cluster. Cluster Comms. If making use of clustering in MBG/SRC, this port must be open between the servers in the cluster to permit them to communicate with one another.
UDP 20000 to configured upper bound (SRTP)
Server <= Internet Server <= LAN
Voice Communications. Allow incoming SRTP on UDP ports 20000 to the configured upper bound from all streaming devices on the LAN and the Internet. Misconfiguration here is a common cause of one-way audio problems.
UDP 30000 to 40000 Server => LAN Voice Recording (SRC only). For streaming voice streams from the SRC server to the CRE for recording purposes.
UDP 1024 to 65535 (RTP) Server => LAN Server => Internet
Voice Communications. Allow outgoing SRTP on UDP ports greater than, or equal to 1024 from the server to all streaming devices on the LAN and the Internet. Misconfiguration here is a common cause of one-way audio problems.
TCP 3300 (VFA) Server <= Internet Server <=> LAN
Optional VoiceFirst Communications. Allow bi-directional traffic on TCP port 3300 if you have a VoiceFirst Solution installed.
TCP 2114 Server <=> LAN Server <=> Internet
Your Assistant Support. To permit the YA client to connect to the logon server on the LAN side, this port must be permitted. Failure to do so will result in the client being unable to logon via their YA client.
TCP 2116 Server <=> LAN Server <= Internet
Your Assistant Support. To permit the YA client to connect to the telephony server on the LAN side, this port must be permitted. Failure to do so will result in the client being unable to control their set via the Mitel ICP.
TCP 35000 Server <=> LAN Server <= Internet
Your Assistant Support. To permit the YA client to connect to the presence server on the LAN side, this port must be permitted. Failure to do so will result in the presence features in YA failing to function.
TCP 37000 Server <=> LAN Server <= Internet
Your Assistant Support. To permit the YA client to connect to the collaboration server on the LAN side, this port must be permitted. Failure to do so will result in the collaboration features in YA failing to function.
UDP 5060 Server <=> LAN Server <=> Internet
SIP Support. If the SIP connector is enabled, then this port is required for SIP signalling between MBG and the set, and MBG and the ICP.
UDP 5064 Server <=> LAN Server <=> Internet
SIP Trunk Support. If making use of SIP trunks, then this port must be open.
Enterprise Manage Release 2.1 and up TCP/UDP Ports
Port Type Default Description
Traps - UDP 162 SNMP Traps RMI – TCP
1099 The RMI Registry port is used in client-server communication.
Inter-process communication -
TCP 2000
This port is used for communication between the back-end and front-end components within Enterprise Manager
Apache port - TCP 9090 This port is used in Client-Server communication.
MiXML -TCP 18000 MiXML for IP Phone discovery SNMP Agent port
– UDP 8001
MySQL 3306 This port is used in the database communication between the back-end and front-end of Enterprise Manager.
IPA 48879 This port is used to send and receive data.
Software Installer Random Number
By default, random numbers are used, hence need to setup an exception based on application.
Voice Quality (Viola) 4331 This port is used to communicate to the Voice Quality
server.
TightVNC 5900 This port is used for TightVNC client server communication.
OPS Manager Release 6.10 and Up TCP/UDP Ports Port Type Default Description 80 Http TCP 80 For Ops Manager Clients to login to Ops manage Server
443 Https TCP 443 ESM access to 3300 ICP
21 Ftp TCP 21 PLID/DN Collection , Backup and restore of Network Elements
5009 UDP 5009 Unsolicited Data Transfer (alarm, Telephone Directory) 49500 to
49549 TCP
Range Data Services
7011 TCP The 3300 is listening on the 7011 port number by default for ops Data service (MAC, Backup, etc.)
23 telnet TCP 23 Access and upgrade to the sx2000
1606 csmsg – Telephone Directory, Alarm etc.
Ports used by YA
Port Type Description Host Client
Ports between YA Server and YA client 22 TCP SSH for Web Collaboration YA Server YA Client
23 TCP Telnet for Web Collaboration YA Server YA Client
80 TCP HTTP for Web Collaboration YA Server YA Client
443 TCP HTTP for Web Collaboration YA Server YA Client
1270 TCP Web Collaboration port YA Server YA Client
2114 TCP Client/Server Authentication YA Server YA Client
2115 TCP Licensing Server YA Server YA Client
2116 TCP Telephony Server YA Server YA Client
35000 TCP YA Presence Server YA Server YA Client
37000 TCP Web Collaboration port YA Server YA Client
Ports Between YA server and other
389 TCP LDAP for Active Directory Synch YA Server ADC Server
2117 TCP YA Administration port YA Server Admin Tool
Ports Between YA server and 3300 ICP
8000 TCP MiTAI 3300 ICP YA Server
8001 TCP Secure MiTAI 3300 ICP YA server
18000 TCP MiMXML Server 3300 ICP YA Server
Ports Between YA client and 3300 ICP
6800 TCP Minet Protocol 3300 ICP YA Softphone Client
6801 TCP Secure Minet (SSL) 3300 ICP YA Softphone Client
6802 TCP Secure Minet (AES) 3300 ICP YA Softphone Client
6900 TCP Minet Protocol YA Softphone Client 3300 ICP
5000 to 5414
UDP Voice (RTP) between YA Softphone and E2T (Prior to 3300 R6.0)
3300 ICP YA Softphone Client
9000 UDP Voice (RTP) Channel 1 YA Softphone Client Other YA softphone Client, IP phone or IP Trunk
9002 UDP Voice (RTP) Channel 2 YA Softphone Client Other YA softphone Client, IP phone or IP Trunk
50000- to - 50255
UDP Voice (RTP) between YA Softphone and E2T (Post to 3300 R6.0)
3300 ICP YA Softphone Client