Firewall rules
Previous pageGONext page

Interpreting the firewall information tables

The tables lists the ports that must be opened on a given firewall to provide to the subscribers and allow communication between the Lucent CM nodes and external services. If there are multiple firewalls, each of the firewalls must be configured to permit the appropriate traffic.

Row

 

Description

 

Rule

 

A number that is used to reference the rule. The numbers are only used in this guide for ease of reference. The numbers do not directly correspond to any firewall rule numbers as defined on a firewall network element.

 

Service

 

The name of the service that is offered for the corresponding destination port. Some firewalls use the service to filter packets, but is not necessary. It is included here for completeness.

 

Def. Port

 

The default network layer destination port number that the service listens on. The firewall uses the port to filter packets.

If needed, alternate ports can be used.

 

Network Protocol

 

The network layer protocol (for example, TCP, UDP) that the service is using. The firewall uses the protocol to filter packets.

 

From

 

The device name that is accessing the service.

 

To

 

The device name that is being accessed for the service. The IP address or range of addresses is used to represent the accessed entity. The firewall uses the IP address to filter packets.

 

Dir.

 

The direction of packets through the firewall.

 

Remarks

 

Contains other relevant information. Only those firewalls between the client accessing this service and the Lucent CM server need to be configured to permit this traffic. If there are no firewalls, this information is not used.

 

External firewall rules:

Rule

 

Service

 

Def. port

 

Network protocol

 

From

 

To

 

Dir.

 

Remarks

 

1

 

HTTP

 

8080

 

TCP

 

XML clients, WAP2.0 clients, FS 5000 CPE

 

U- or A-node

 

In

 

Regular:

  • Web client connection for client API

  • WAP2.0 access

  • Download requests for CPE configuration files

 

2

 

HTTPS

 

8443

 

TCP

 

XML clients, WAP2.0 clients, FS 5000 CPE

 

U- or A-node

 

In

 

Secure:

  • Web client connection for client API

  • WAP2.0 access

  • Download requests for CPE configuration files

 

3

 

Client API socket

 

1876

 

TCP

 

XML user clients

 

U- or A-node

 

In

 

Socket connection for client API and CM events.

 

4

 

Client API SSL socket

 

4776

 

TCP

 

XML user clients

 

U- or A-node

 

In

 

Encrypted socket connection for client API and CM events.

 

51

 

LDAP

 

389

 

TCP

 

U- or A-node

 

External LDAP server

 

In

 

External LDAP authentication.

 

61

 

LDAP SSL

 

686

 

TCP

 

U- or A-node

 

External LDAP server

 

In

 

Secure external LDAP authentication.

 

7

 

LB heartbeat

 

694

 

UDP

 

A-node or U-node with LB

 

A-node or U-node with LB

 

Both

 

Heartbeat packets between load balancers.

 

8

 

DNS

 

53

 

TCP/UDP

 

U- or A-node

 

DNS server

 

Out

 

Domain name service.

 

Notes:

1

Optional

Internal firewall rules:

Rule

 

Service

 

Def. port

 

Network protocol

 

From

 

To

 

Dir.

 

Remarks

 

1

 

SSH

 

22

 

TCP

 

CM node

 

CM node

 

Both

 

  • Inter communication between nodes. SSH from any node to any other must be allowed

  • LU-HA program

 

2

 

LDAP

 

3891

 

TCP

 

CM server

 

External LDAP server

 

Out

 

External LDAP authentication.

 

3

 

LDAP SSL

 

686

 

TCP

 

CM server

 

External LDAP server

 

Out

 

Secure external LDAP authentication.

 

4

 

NTP

 

123

 

TCP

 

CM nodes

 

External NTP master server

 

Both

 

To synchronize Lucent CM servers with an NTP server.

 

5

 

MySQL

 

3306

 

TCP

 

A-node or U-node

 

D-node or U-node

 

Both

 

Data access from applications to databases.

 

6

 

MySQL replication

 

3306

 

TCP

 

D-node or U-node

 

D-node or U-node mate

 

Both

 

Database replication between databases.

 

7

 

MySQL (temp)

 

4000

 

TCP

 

D- or U-node

 

D- or U-node

 

Both

 

Temporary SQL server run during installation, growth, and upgrade.

 

8

 

DBMON

 

1776

 

TCP/UDP

 

D- or U-node

 

D- or U-node

 

Both

 

DBmon program. Database status exchange between nodes.

 

9

 

Internal XML

 

5776

 

TCP

 

A- and U-node

 

A- and U-node

 

Both

 

Internal XML communication between all application nodes.

 

10

 

High Availability

 

4001-4005, 4011– 4014, 40016

 

TCP

 

All CM nodes

 

All CM nodes

 

Both

 

High availability program

 

11

 

DNS

 

53

 

TCP/UDP

 

CM nodes

 

DNS server

 

Out

 

Domain Name Service.

 

12

 

IMAP4

 

143

 

TCP

 

CM nodes

 

VM server

 

Out

 

Voice mail service.

 

13

 

Lucent FS 5000 (WPIF)

 

4060

 

TCP

 

A- and U-node

 

Lucent Feature Server 5000

 

Out

 

Call control access to Lucent Feature Server 5000.

 

14

 

Lucent FS 5000 (DB)

 

7856

 

TCP

 

A- and U-node

 

FS 5000

 

Out

 

Provisioning access to Lucent Feature Server 5000.

 

15

 

Lucent FS 3000 (CAP)

 

2206

 

TCP

 

A- and U-node

 

FS 3000

 

Out

 

Call control access to Lucent Feature Server 3000 (Release 13 and earlier releases).

 

16

 

Lucent FS 3000 (OSS)

 

1050

 

TCP

 

A- and U-node

 

FS 3000

 

Out

 

Provisioning and database access to Lucent Feature Server 3000 (Release 13 and earlier releases)..

 

16

 

Lucent FS 3000 (OCI-P)

 

2220

 

TCP

 

A- and U-node

 

FS 3000

 

Out

 

Provisioning and database access to Lucent Feature Server 3000 (Release 14 and later releases).

 

15

 

Lucent FS 3000 (OCI-C)

 

2206

 

TCP

 

A- and U-node

 

FS 3000

 

Out

 

Call control access to Lucent Feature Server 3000 (Release 14 and later releases).

 

17

 

ISG call log

 

8007

 

TCP

 

A- and U-node

 

ISG

 

Out

 

Retrieving call log information from the MiLife® Intelligent Services Gateway.

 

18

 

XCAP

 

8843

 

TCP

 

A- and U-node

 

Lucent PS server

 

Out

 

Default port for encrypted connection for the PS contact service.

 

Notes:

1

Or the port the external LDAP server uses.

Administration firewall rules:

Rule

 

Service

 

Def. port

 

Network protocol

 

From

 

To

 

Dir.

 

Remarks

 

1

 

HTTP

 

8888

 

TCP

 

CM Explorer

 

CM nodes

 

In

 

Regular web connection for Admin Client API.

 

2

 

HTTPS

 

8843

 

TCP

 

CM Explorer

 

CM nodes

 

In

 

Secure web connection for Admin Client API.

 

3

 

SSH

 

22

 

TCP

 

CM Explorer

 

CM nodes

 

In

 

Lucent CM Explorer client access.

 

4

 

SNMP traps

 

162

 

UDP

 

CM nodes

 

External trap destination

 

Out

 

To send SNMP traps to external destinations, typically Network Management Systems.

 

5

 

File transfer

 

40001

 

TCP

 

CM node

 

CM node

 

Both

 

Bulk data transfers during node growth and upgrade.

 

6

 

HTTP

 

8888

 

TCP

 

CM Explorer

 

OMC-P

 

In

 

Regular incoming XML_RPC

 

7

 

HTTPS

 

8843

 

TCP

 

CM Explorer

 

OMC-P

 

In

 

Encrypted incoming XML_RPC

 

8

 

HTTP

 

8080

 

TCP

 

CM Explorer

 

OMC-P

 

Out

 

Regular outgoing SOAP connections for Enterprise admin using the OMC-P API

 

Enterprise network firewall rules:

Rule

 

Service

 

Def. port

 

Network protocol

 

From

 

To

 

Dir.

 

Remarks

 

1

 

HTTP

 

8080

 

TCP

 

XML clients, WAP2.0 clients, FS 5000 CPE

 

U- or A-node

 

Out

 

Regular:

  • Web client connection for client API

  • WAP2.0 access

  • Download requests for CPE configuration files

 

2

 

HTTPS

 

8443

 

TCP

 

XML clients, WAP2.0 clients, FS 5000 CPE

 

U- or A-nodes

 

Out

 

Secure:

  • Web client connection for client API

  • WAP2.0 access

  • Download requests for CPE configuration files

 

3

 

Client API socket

 

1876

 

TCP

 

XML user clients

 

U- or A-node

 

Out

 

Socket connection for XML client API and CM events

 

4

 

Client API SSL socket

 

4776

 

TCP

 

XML user clients

 

U- or A-node

 

Out

 

Encrypted socket connection for CMXML client API and CM events.

 

51

 

LDAP

 

389

 

TCP

 

U- or A-node

 

External LDAP server

 

In

 

External LDAP authentication.

 

61

 

LDAP SSL

 

686

 

TCP

 

U- or A-node

 

External LDAP server

 

In

 

Secure external LDAP authentication.

 

Notes:

1

Optional

Previous page GO Next page
© Lucent Technologies