Page tree
Skip to end of metadata
Go to start of metadata

IP Security for IMG and GCEMS

To protect against denial of service attacks, the GCEMS (Linux server) and IMG Control IP can be placed behind a firewall for security.  Should remote access to the GCEMS server be needed, a NAT, VPN, or other secure solution can be used for access to the server from the public internet.

Following is a list of ports and protocols used by the IMG and the GCEMS server.

  • The Ports in red would need to be opened in the firewall based on the recommendation above for remote access.

Connections between IMG and GCEMS

Port #

Description

Purpose

TCP: 20 & 21

FTP

  • Download IMG binary from GCEMS to IMG
  • Upload of software faults from IMG to GCEMS

TCP: 23

Telnet

IMG debug access

UDP: 111

PortMap

Portmap is used to request a mount port. Usually for NFS or NIS. The port request is sent from the IMG to the GCEMS server. See PortMap Request below.

UDP: 2049

NFS

  • Call tracing
  • Downloading Call treatments
  • Downloading routing & translation tables

UDP: 1812

Radius Authentication

Call authentication

UDP: 1813

Radius Accounting

Record Call Detail Records

TCP/UDP: 161

SNMP Network

Receive SNMP requests

TCP/UDP: 162

SNMP Network

Receive SNMP Traps

TCP: 12610

GCEMS control

IMG Configuration and Provisioning

UDP: 123

NTP Network

Time Protocol

Connections to the GCEMS server

Port #

Description

Purpose

Connection from

TCP: 22

SSH

Remote access to GCEMS server

  • Local support personnel
  • Sangoma technical support

TCP: 5901

VNC

 Remote access to GCEMS server

  • Local support personnel
  • Sangoma technical support

TCP: 80

HTTP

MRTG or CACTI monitoring

Local support personnel

TCP: 1312

GCEMS

GCEMS application port

  • GateManager on Active & Standby GCEMS server
  • CommManager on Standby GCEMS server

TCP: 2623

ClientView

Data Transfer Port between ClientView and DataManager

ClientView

TCP: 2428 - 2433

ClientView

FTP Transfer to DataManager

ClientView

TCP: 2624

ClientView

Signaling Port between ClientView and DataManager

ClientView

TCP: 1098/1099

ClientView

ClientView Authentication (Only required when ClientView is running on a different machine from GCEMS)

PC running ClientView to GCEMS server


Connections between IMG's if running redundant SS7 or SS7 with remote IMG’s

Port #

Description

Purpose

Connection from

UDP: 34867

SS7 Management

Internal SS7 communication between IMGs

IMG


PortMap Request

  • PortMap uses Port 111 and is used to request a mount port. Request is sent from IMG.
  • Mount uses the port returned in the PortMap response.
  • NFS uses port 2049


 


   

  • No labels