Avaya Port Matrix: Updated for Communication Manager 6.3.6

Similar documents
Avaya Port Matrix: Avaya Aura Appliance Virtualization Platform 7.0

Avaya Port Matrix: Avaya Diagnostic Server 3.0

Avaya Port Matrix: Avaya Proprietary Use pursuant to the terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Communicator for Microsoft Lync 6.4. Avaya Proprietary Use pursuant to the terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura Performance Center 7.1

Avaya Proprietary Use pursuant to the terms of your signed agreement or Avaya policy.

Avaya Aura Experience Portal 7.x. Avaya Proprietary Use pursuant to the terms of your signed agreement or Avaya policy.

Avaya Port Matrix. Avaya Orchestrator 1.4. Issue 1.0 November 2, November 2018 Avaya Port Matrix: Avaya Orchestration 1.4 1

TECHNICAL WHITE PAPER. Avaya SIP Enablement Services (SIP) 3.0 / Ports and Protocols

Cisco Expressway with Jabber Guest

Introduction to Networking

Cisco Unified Communications Manager TCP and UDP Port

Defining Networks with the OSI Model. Module 2

Cisco Unified Communications Manager TCP and UDP Port

Gigabit Managed Ethernet Switch

Configure Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) Service Settings on a Switch

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Fundamentals of IP Networking 2017 Webinar Series Part 4 Building a Segmented IP Network Focused On Performance & Security

Lecture-4. TCP/IP-Overview:

ZENworks for Desktops Preboot Services

CCNA Exploration Network Fundamentals. Chapter 3 Application Layer Functionality and Protocols

Fundamentals of Network Security v1.1 Scope and Sequence

Addresses, Protocols, and Ports Reference

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

CounterACT 7.0. Quick Installation Guide for a Single Virtual CounterACT Appliance

HP Load Balancing Module

HP 830 Series PoE+ Unified Wired-WLAN Switch Switching Engine

General Important Protocols for Examination of IA Examination 2018

HP 6125G & 6125G/XG Blade Switches

IX Series Protocol APPLICATION NOTE. Wiring

Configuring SIP Enablement Services Edge 5.x for Avaya Aura Communication Manager Branch

HP 6125 Blade Switch Series

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

Gigabit Managed Ethernet Switch

Gigabit Managed Ethernet Switch

HP ArcSight Port and Protocol Information

Cisco Terminal Services (TS) Agent Guide, Version 1.0

AT-GS950/8. AT-GS950/8 Web Interface User Guide AT-S113 Version [ ] Gigabit Ethernet Switch Rev A

Network Address Translation (NAT)

( A ) 1. WAP is a (A) protocol (B) hardware (C) software (D) network architecture

TCP/IP Protocol Suite and IP Addressing

Release Notes for Avaya Aura SIP Enablement Services (SES) Release Service Pack 6. Release Notes Issue 1, 15 August, 2011

CompTIA Exam JK0-023 CompTIA Network+ certification Version: 5.0 [ Total Questions: 1112 ]

13. Internet Applications 최양희서울대학교컴퓨터공학부

CounterACT 7.0 Single CounterACT Appliance

Section 1.1: Networking Overview

AT-GS950/10PS Switch Web Interface User s Guide AT-S110 [ ]

06/02/ Local & Metropolitan Area Networks 0. INTRODUCTION. 1. History and Future of TCP/IP ACOE322

Abstract. Avaya Solution & Interoperability Test Lab

Polycom RealPresence Access Director System

Cisco TelePresence Conductor with Cisco Unified Communications Manager

Product Support Notice

Concept Questions Demonstrate your knowledge of these concepts by answering the following questions in the space provided.

7120X.exam. Number: 7120X Passing Score: 800 Time Limit: 120 min File Version: X

Management Software AT-S101. User s Guide. For use with the AT-GS950/8POE Gigabit Ethernet WebSmart Switch. Version Rev.

HP 5120 SI Switch Series

HP 6125 Blade Switch Series

Ingate Firewall & SIParator Product Training. SIP Trunking Focused

Computer Networks. More on Standards & Protocols Quality of Service. Week 10. College of Information Science and Engineering Ritsumeikan University

GS-2610G L2+ Managed GbE Switch

What s new Late-breaking features and enhancements of Avaya Communication Manager

Network+ Guide to Networks 6 th Edition. Chapter 4 Introduction to TCP/IP Protocols

HT812/HT814 Firmware Release Note IMPORTANT UPGRADING NOTE

while the LAN interface is in the DMZ. You can control access to the WAN port using either ACLs on the upstream router, or the built-in netfilter

Application Notes for Noble Systems with Avaya Aura TM SIP Enablement Services and Avaya Aura TM Communication Manager Issue 1.1

HP 6125 Blade Switch Series

24-Port: 20 x (100/1000M) SFP + 4 x Combo (10/100/1000T or 100/1000M SFP)

ForeScout CounterACT. Single CounterACT Appliance. Quick Installation Guide. Version 8.0

Previously, SIP Enablement Services sip server process occasionally generated a core dump while shutting down.

Cisco WAAS Software Command Summary

Cisco 5921 Embedded Services Router

Polycom RealPresence Access Director System

1 of 5 5/19/05 9:48 AM

Barracuda Firewall Release Notes 6.6.X

Exam Actual. Higher Quality. Better Service! QUESTION & ANSWER

Network Configuration Guide

Section 3 - Configuration. Enable Auto Channel Scan:

AT&T IP Flexible Reach And IP Toll Free Cisco Call Manager Configuration Guide. Issue /5/2007

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

SysMaster GW 7000 Digital Gateway. User Manual. version 1.0

CISCO EXAM QUESTIONS & ANSWERS

Nokia Intrusion Prevention with Sourcefire. Appliance Quick Setup Guide

HT801/HT802 Firmware Release Note IMPORTANT UPGRADING NOTE

Cisco TelePresence Video Communication Server Basic Configuration (Single VCS Control)

Introduction to TCP/IP

FGS-2616X L2+ Managed GbE Fiber Switches

APPLICATION NOTE No

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Interconnecting Cisco Networking Devices Part 1 (ICND)

PSGS-2610F L2+ Managed GbE PoE Switch

Configuring NAT for High Availability

Abstract. Avaya Solution & Interoperability Test Lab

Application Notes for Configuring Cablevision Optimum Voice SIP Trunking with Avaya IP Office - Issue 1.1

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Application Notes for Phonect SIP Trunk Service and Avaya IP Office 7.0 Issue 1.0

Polycom Video Border Proxy (VBP ) 7301

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide

Application Notes for Virsae Service Management for Unified Communications with Avaya Aura Session Manager - Issue 1.0

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Chapter 7. Local Area Network Communications Protocols

AT&T IP Flexible Reach And IP Toll Free Cisco Unified Communication Manager H.323 Configuration Guide. Issue /3/2008

Transcription:

Avaya Port Matrix: Updated for Communication Manager 6.3.6 Issue 2.0 March 21, 2014 CID 165316

ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS PROVIDED "AS IS". AVAYA INC. DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND FURTHERMORE, AVAYA INC. MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE INFORMATION PROVIDED HEREIN WILL ELIMINATE SECURITY THREATS TO CUSTOMERS SYSTEMS. AVAYA INC., ITS RELATED COMPANIES, DIRECTORS, EMPLOYEES, REPRESENTATIVES, SUPPLIERS OR AGENTS MAY NOT, UNDER ANY CIRCUMSTANCES BE HELD LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, PUNITIVE, EXEMPLARY, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THE INFORMATION PROVIDED HEREIN. THIS INCLUDES, BUT IS NOT LIMITED TO, THE LOSS OF DATA OR LOSS OF PROFIT, EVEN IF AVAYA WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS INFORMATION CONSTITUTES ACCEPTANCE OF THESE TERMS. 2014 Avaya Inc. All Rights Reserved. All trademarks identified by the or are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. Avaya Confidential &. 1

Avaya Port Matrix updated for Communication Manager (CM) 6.3.6 Defining TCP/IP Ports What are ports and how are they used? TCP and UDP use ports, defined by RFC 6335, to route traffic arriving at a particular IP device to the correct upper layer application. These ports are logical descriptors (numbers) that help devices multiplex and de-multiplex information streams. Consider your desktop PC. Multiple applications may be simultaneously receiving information. In this example, email may use destination TCP port 25, a browser may use destination TCP port 80 and a telnet session may use destination TCP port 23. These logical ports allow the PC to de-multiplex a single incoming serial data packet stream into three mini-streams inside the PC. Furthermore, each of the mini-streams is directed to the correct high-level application because the port numbers identify which application each data mini-stream belongs. Every IP device has incoming (Ingress) and outgoing (Egress) data streams. Ports are used in TCP and UDP to name the ends of logical connections which carry data flows. TCP and UDP streams have an IP address and port number for both source and destination IP devices. The pairing of an IP address and a port number is called a socket (discussed later). Therefore, each data stream is uniquely identified with two sockets. Source and destination sockets must be known by the source before a data stream can be sent to the destination. Some destination ports are open to receive data streams and are called listening ports. Listening ports actively wait for a source (client) to make contact to a destination (server) using a specific port that has a known protocol associated with that port number. HTTPS, as an example, is assigned port number 443. When a destination IP device is contacted by a source device using port 443, the destination uses the HTTPS protocol for that data stream conversation. Port Type s Port numbers are divided into three ranges: Well Known Ports, Registered Ports, and Dynamic Ports (sometimes called Private Ports). According to RFC 6335: Well Known and Registered ports are assigned by IANA (Internet Assigned Numbers Authority) and are found here: http://www.iana.org/assignments/port-numbers. Well Known Ports are those numbered from 0 through 1023. Registered Ports are those numbered from 1024 through 49151 Dynamic Ports are those numbered from 49152 through 65535 Well Known Ports For the purpose of providing services to unknown clients, a service listen port is defined. This port is used by the server process as its listen port. Common services often use listen ports in the well known port range. A well known port is normally active, meaning that it is listening for any traffic destined for a specific application. For example, well known port 23 on a server is actively waiting for a data source to contact the server IP address using this port number to establish a Telnet session. Well known port 25 is waiting for an email session, etc. These ports are tied to a well understood application and range from 0 to 1023. In UNIX and Linux operating systems, only root may open or close a well-known port. Well Known Ports are also commonly referred to as privileged ports. Registered Ports Unlike well known ports, these ports are not restricted to the root user. Less common services register ports in this range. Avaya uses ports in this range for call control. Some, but not all, ports used by Avaya in this range include: 1719/1720 for H.323, 5060/5061 for SIP, 2944 for H.248, and others. The IANA registered port range is 1024 49151. Even though a port is registered with an application name, industry often uses these ports for different applications. Conflicts can occur in an enterprise when a port is used with different meanings by different servers. Avaya Confidential &. 2

Dynamic Ports Dynamic ports, sometimes called private ports or "ephemeral ports", are available to use for any general purpose. This means there are no meanings associated with these ports. This is similar to RFC 1918 IP Address Usage. These are the safest ports to use because no application types are linked to these ports. The IANA dynamic port range is 49152 65535. Sockets A socket is the pairing of an IP address with a port number. An example would be 192.168.5.17:3009, where 3009 is the socket number associated with the IP address. A data flow, or conversation, requires two sockets one at the source device and one at the destination device. The data flow then has two sockets with a total of four logical elements. Each data flow must be unique. If one of the four elements is unique, the data flow is unique. The following three data flows are uniquely identified by socket number and/or IP address. Data Flow 1: 172.16.16.14:1234-10.1.2.3:2345 Data Flow 2: 172.16.16.14.1235-10.1.2.3:2345 Data Flow 3: 172.16.16.14:1234-10.1.2.4:2345 Data flow 1 has two different port numbers and two different IP addresses and is a valid and typical socket pair. Data flow 2 has the same IP addresses and the same port number on the second IP address as data flow 1, but since the port number on the first socket differs, the data flow is unique. Therefore, if one IP address octet changes, or one port number changes, the data flow is unique. Below is an example showing ingress and egress data flows from a PC to a web server. Notice the client egress stream includes the client s source IP and socket (1369) and the destination IP and socket (80). The ingress stream has the source and destination information reversed because the ingress is coming from the server. Avaya Server and Sockets Data flows and their sockets may be directed by a server, but for the purposes of firewall configuration these sockets may not be sourced from the server. The source may be the server's Processor Ethernet (PE), but it may be another network element such as a circuit pack or a gateway VoIP engine. Therefore, the following port matrix lists these Avaya elements as the source. However, a large number of IP ports used by CM's Processor Ethernet interface have the same IP port numbers as those used on circuit packs in port networks. In many ways, the circuit packs act as remote network interface cards for the processor controlling them. Therefore, the following CM port matrix table includes ports. The affected ports are noted. The various Avaya CM processors have a number of network interfaces (up to 5), each of which has its own IP address. Some of these addresses are fixed and chosen from IP addresses previously assigned to Lucent Technologies and used by agreement, or are assigned to Avaya. Some addresses are assigned from the local network on which the processor is operating. IP addresses of the form 192.11.0.0/16 were assigned to Lucent Technologies; addresses of the form 198.152.0.0/16 are assigned to Avaya, Inc. Table 1 illustrates how different processor models make use of various NICs. In the table, the first number in an entry is an IP address and the second the maximum supported speed in megabits per second. Interfaces assigned addresses 192.11.13.6 are for the Avaya Services Laptop, interface 2 in the figure. Interfaces assigned address 192.11.13.13 or 192.11.13.14 are for the server duplication link, interface 3 in the figure. Interfaces assigned address 192.11.13.1 are for SAMP access, which is not supported starting in CM 6.0. Addresses of the form 127.0.0.0/8 are 'host loopback' or 'internal' addresses. Addresses marked "administered" are assigned by the customer from the customer's network. Table 1 - Processor Network Interfaces Avaya Confidential &. 3

Interface 1 S8300D S8510, S8800, R610, R620, DL360G7, DL360PG8 (Simplex) eth0 192.11.13.6 administered 100 1000 S8800, R610, R620, DL360G7, DL360PG8 (Duplex) administered 1000 eth0:0 -- -- -- eth1 inet6 100 192.11.13.6 1000 192.11.13.6 1000 eth1.0000 135.9.71.116-- -- eth1.4093 169.254.1.31-- -- eth2 -- administered 1000 administered 1000 eth2:0 -- -- -- eth3 -- -- 192.11.13.13 1000 eth3:0 -- -- -- eth4 -- -- -- eth4:0 -- -- -- eth5 -- -- -- lo 127.0.0.1 127.0.0.1 127.0.0.1 sit0 IPv6-in-IPv4 IPv6-in-IPv4 IPv6-in-IPv4 Notes: CM 6.3.6 is supported on the System Platform and VMware servers (S8300D, S8510, S8800, R610, R620, DL360G7, and DL360pG8). The default administered eth0 address on S8510 is 192.168.1.1. The Simplex versions of S8800/R610/R620/DL360G7/DL360PG8 would be configured similar to the S8510. Understanding Firewall Types and Policy Creation Firewall Types There are three basic firewall types: Packet Filtering Application Level Gateways (Proxy Servers) Hybrid (Stateful Inspection) Packet Filtering is the most basic form of the firewalls. Each packet that arrives or leaves the network has its header fields examined against criterion to either drop the packet or let it through. Routers configured with Access Control Lists (ACL) use packet filtering. An example of packet filtering is preventing any source device on the Engineering subnet to telnet into any device in the Accounting subnet. Application level gateways (ALG) act as a proxy, preventing a direct connection between the foreign device and the internal destination device. ALGs filter each individual packet rather than blindly copying bytes. ALGs can also send alerts via email, alarms or other methods and keep log files to track significant events. Hybrid firewalls are dynamic systems, tracking each connection traversing all interfaces of the firewall and making sure they are valid. In addition to looking at headers, the content of the packet, up through the application layer, is examined. A stateful inspection firewall also monitors the state of the connection and compiles the information in a state table. Stateful inspection firewalls close off ports until the connection to the specific port is requested. This provides security against port scanning 2. 1 A colon in the interface name indicates an alias. A period in the interface name indicates a vlan. 2 The act of systematically scanning a computer's ports. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks, but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer. Avaya Confidential &. 4

Firewall Policies The goals of firewall policies are to monitor, authorize and log data flows and events. They also restrict access using IP addresses, port numbers and application types and sub-types. This paper is focused with identifying the port numbers used by Avaya products so effective firewall policies can be created without disrupting business communications or opening unnecessary access into the network. Knowing that the source column in the following matrices is the socket initiator is key in building some types of firewall policies. Some firewalls can be configured to automatically create a return path through the firewall if the initiating source is allowed through. This option removes the need to enter two firewall rules, one for each stream direction, but can also raise security concerns. Another feature of some firewalls is to create an umbrella policy that allows access for many independent data flows using a common higher layer attribute. One example would be creating a policy to allow any H.323 data flows through the firewall. This umbrella policy would allow H.225, H.245, H.248, RTCP and RTP streams to flow through the firewall without specifying specific port ranges for each of these protocols. Finally, many firewall policies can be avoided by placing endpoints and the servers that serve those endpoints in the same firewall zone. Matrix Headings Defined Source Initiator: The device or application initiating a data flow. Source Port(s): This is the default port(s) used by the source device or application. Valid values include: 0 65535. NOTE: CM source ports are listed as 1024-65535 but CM has been configured to only use local ports 32768-61000. Destination Receiver: The device or application receiving a data flow from a source. Destination Port(s): This is the default port(s) used at the device or application responding to an initiator. Valid values include: 0 65535. Network / Application Protocol: Labels of the network and application protocols used. Destination Configurable: Yes means the destination port is configurable. No means the destination port is not configurable. Valid values include: Yes or No. If populated, this field lists the range of ports that can be used by the destination. The range may or may not be configurable. Valid values include: 0 65535. Source Configurable: Yes means the source port is configurable. No means the source port is not configurable. Valid values include: Yes or No : If populated, this field lists the range of ports that can be used by the source. The range may or may not be configurable. Valid values include: 0 65535. Traffic Purpose: Describes the purpose of the data flow. Comments: Important comments. S8xx0, R610, R620, DL360G7, DL360PG8 Media Servers Software Release/Version Communication Manager 6.3.6 Source Destination Network/ Initiator Port(s) Receiver Port(s) Application Protocol Destination Source Traffic Purpose (Comments) CM NA any NA ICMP NA NA ICMP messages: ping, etc. Avaya Confidential &. 5

Source Destination Network/ Initiator Port(s) Receiver Port(s) Application Protocol Destination Source Traffic Purpose (Comments) any NA CM NA ICMP NA NA ICMP messages: ping, etc. Admin Device 1024-65535 CM 20 TCP / FTP data No No File Transfers (Data) Note 1 CM 1024 65535 IPSI 20 TCP / FTP data No No IPSI Firmware File Transfer Note 2 Admin Device 1024-65535 CM 21 TCP / FTP No No File Transfers (Command) Note 1 CM 1024-65535 IPSI 21 TCP / FTP No No IPSI Firmware File Transfer Note 2 Admin Device 1024 65535 CM 22 TCP / SSH, SCP, SFTP No No OS administration interface over Secure Shell (SSH) Note 3 Admin Device 1024 65535 CM 23 TCP / Telnet No No OS administration interfaces over Telnet; closed by default. Note 4 Any 1024 65535 CMM 25 TCP / SMTP No No Message retrieval CM or 1024-65535 DNS Server 53 UDP / DNS No No DNS Requests and Responses CM (server) 68 IPSI (client) 67 UDP / DHCP No No Dynamic Host Control Protocol (DHCP) Note 5 IPSI (client) 67 CM (server) CM 1024 65535 Services Laptop 68 UDP / DHCP No No Dynamic Host Control Protocol (DHCP) Note 5 69 UDP / TFTP No No Installs and Upgrades via Services Interface Note 6 IP Phone / H.248 GW 1024 2048 CM S8300 69 UDP / TFTP No No IP Phone and/or Gateway Firmware Download Note 7 Admin Device 1024 65535 CM 80 TCP / HTTP No No Avaya web administration interface Note 8 IP Phone 1024 2048 CM 81 TCP / HTTP No No HTTP IP Phone Avaya Confidential &. 6

Source Destination Network/ Initiator Port(s) Receiver Port(s) Application Protocol Destination Source Traffic Purpose (Comments) Firmware Download Note 9 Any 1024 65535 CMM 110 TCP / POP3 No No Message retrieval Message Manager DEM Message Manager DEM 1024 65535 CMM 111 UDP / RPC No No Message Manager Note 10 1024 65535 CMM 111 TCP / RPC No No Message Manager Note 10 CM 1024 65535 Network Time Server (NTS) 123 UDP / NTP No No Network Time Protocol (client) Note 11 CM 1024-65535 IPSI 123 UDP / NTP No No Network Time Protocol (NTP) Note 33 IPSI 1024 65535 CM 123 UDP / NTP No No Network Time Protocol (NTP) CM / SCS / SRS 1024 65535 CM 123 UDP / NTP No No Network Time Protocol (server) Note 12 Any 1024 65535 CMM 143 TCP / IMAP4 No No Message retrieval SNMP NMS 1024 65535 CM 161 UDP / SNMP Agent No No SNMP (server) Note 13 SNMP NMS 1024 65535 161 UDP/SNMP Agent No No SNMP agent CM 1024 65535 SNMP NMS 1024-65535 SNMP NMS 162 UDP / SNMP Trap 162 UDP/SNMP Trap No No SNMP traps (client) for alarms or notable events Note 14 No No SNMP traps for alarms/events Gateway/ CM / SCS / SRS / UPS 1024 65535 CM 162 UDP/ SNMP Trap No No SNMP traps (server) collection Note 15 Any 1024 65535 CMM 389 TCP / LDAP No No CMM LDAPFE Note 16 IP Phone 1024 2048 CM 411 TCP / HTTPS No No HTTPS IP Phone configuration file download Note 17 Admin 1024 65535 CM 443 TCP / HTTPS No No Avaya web administration Avaya Confidential &. 7

Source Initiator Port(s) Destination Receiver Port(s) Network/ Application Protocol Device / Destination Source Traffic Purpose (Comments) interface (HTTPS) SCS/SRS Any 1024 65535 CMM 465 TCP / SSL, SMTP No No Secure message retrieval, IPSI, Crossfire 1024-65535 CM 514 UDP/SYSLOG Yes No TN Board Logging CM 1024-65535 Rsyslog server. 514 UDP/Syslog Yes No Remote system log storage CM / SCS / SRS 512 1023 CM SRS 514 TCP / RSH No No Legacy (CM1.3) Filesync Service Note 18 CM - SRS 514 CM / SCS / SRS 512-1023 TCP / RSH No No Legacy Filesync Service Note 18 Any 1024 65535 CMM 636 TCP /SSL/ LDAP Any 1024 65535 CMM 993 TCP / IMAP4, SSL Any 1024 65535 CMM 995 TCP / POP3, SSL No No CMM LDAPFE Note 16 No No Secure message retrieval No No Secure message retrieval Any 1024 65535 CMM 8000-10000 UDP/RTP Yes No Audio record. Message Manager 1024 65535 CMM 1024 65535 UDP / No No Message Waiting indicators H.248 Media Gateways 1024 65535 CM or 1039 TCP / Encrypted H.248 No No encrypted H.248 over TCP Note 19 CM/SAMP 1234 SAMP/ CM 1234 TCP/Modem No No Not used in CM 6.0 or later - SAMP not supported H.323 Phone 1024-5000 CM 1300 TLS / H.323 No No Encrypted H.323 signaling CM 1024 65535 CM S8xx0 1332 UDP / DES Encrypted No No Arbiter Note 20 H.323 Phone CM H.323 Phone 49300 CM or 1024-65535 CM or 1500 6500 CM or 1719 UDP / H.225 No No Registration, Admission, and Status (RAS) Note 19 1719 TCP/H.323 No No H.323 RAS for trunks 1720 TCP / H.323 No No H.323 signaling Note 22, Note 19. Avaya Confidential &. 8

Source Destination Network/ Initiator Port(s) Receiver Port(s) CM 5000-5021 CM / SCS / SRS or 1719, 1720, 5000-9999 Application Protocol Destination Source Traffic Purpose (Comments) TCP / H.323 Yes No H.323 IP trunk Signaling Ports admin via SAT Third Party GK or GW 1024-65535 CM / SCS / SRS or 1719, 1720, 5000-9999 TCP / H.323 Yes No H.323 IP trunk Signaling Ports admin via SAT CM (via /PE) CM RADIUS Client CM RADIUS Client 61440-61444 H.323 Phone 1024 65535 RADIUS Server 1024 65535 RADIUS Server 1720 TCP / H.323 No Yes TTS Note 35 1812 UDP/RADIUS Yes No RADIUS based login processing Note 36 1813 UDP/RADIUS Yes No RADIUS based login processing Note 36 CM 1024-65535 IPSI 1956 TCP / No No IPSI Command Server Service Admin Device 1024 65535 CM 2222 TCP / SSH No No High Priority SSH Note 23 H.248 GW 1024 65535 CM or H.248 GW 1024 65535 CM or 2944 TCP / H.248 No No TLS encrypted H.248 Note 24, Note 19. 2945 TCP / H.248 No No Unencrypted H.248 Note 24, Note 19. CM 1024 65535 CM 5005 TCP / CM 1024-65535 IPSI 5010 TCP / CM 1024-65535 IPSI 5011 TCP / CM 1024 65535 IPSI 5012 TCP / No No Border Communication Note 37 No No IPSI / Server control channel No No IPSI / Server IPSI version channel No No IPSI / Server serial number channel Admin Device Admin Device 1024 65535 CM 5022 TCP / SSH No No SAT interface over SSH Note 25 1024 65535 CM 5023 TCP / Telnet No No SAT interface over Telnet Note 26 CM SafeWord Client 1024 65535 SafeWord Server 5030 TCP/ SafeWord Yes No SafeWord based login processing Note 36 SIP Trunks 1024 65535 CM or 5060 TCP / SIP Yes No SIP Avaya Confidential &. 9

Source Destination Network/ Destination Source Traffic Purpose Application (Comments) Initiator Port(s) Receiver Port(s) Protocol 5000-9999 Note 27, Note 19. CM 1024 65535 SIP Trunks 5060 TCP / SIP Yes 1 to 65535 No SIP Note 27, Note 19. SIP Trunks 1024 65535 CM or 5061 TCP/TLS / SIPS Yes 5000-9999 No SIPS Note 28, note 19. CM 1024 65535 SIP Trunks 5061 TCP/TLS / SIPS Yes 1 to 65535 No SIPS Note 28, note 19. CM 1024 65535 CM 5098, 12080 TCP / TLS (optionally encrypted) CM 1024 65535 CM 5100 TCP/ CM 1024 65535 CM 5101 TCP/ CM 1024 65535 CM 5200 TCP/ CM 1024 65535 CM 5210 TCP/ CM 1024 65535 CM 5220 TCP/ No No Dupmgr (SW duplication) Note Error! Reference source not found. No No GMM Inquiry Command Note 37 No No Test Alarms Command Note 37 No No GMM to SNMP INADS Note 37 No No GMM to G3 Agent Note 37 No No GMM to FP Agent Note 37 Audix / LX / MM / MN 1024 65535 CMM 5500 TCP / No No Audix Digital Networking CM SecurID Client 1024 65535 SecurID Server 5500 UDP/SecurID Yes No SecurID based login processing Note 36 CM or 5500 Audix / LX / MM /MN 1024-65535 TCP / No No Audix Digital Networking CM 1024 65535 CM 7007 TCP / CM 1024 65535 CM 7010 TCP / CM 1024 65535 CM 7011 TCP / No No SME Note 37 No No Watchdog Communication Note 37 No No Watchdog Communication Avaya Confidential &. 10

Source Destination Network/ Initiator Port(s) Receiver Port(s) Application Protocol Destination Source Traffic Purpose (Comments) Note 37 NA NA NA 8009 TCP / tomcat No No Not Required. Note 29 AEServices 1024 65535 CM 8765 TCP / ASAI (Q.931 ASN.1) CM 1024 65535 CM 9000 TCP / No No AEServices Note 32 No No DGB Server Admin Device 1024-65535 SAMP/CM 10022 TCP/SSH No No Not used in CM 6.0 or later - SAMP not supported Any 1024-65535 CMM 1024-65535 TCP/SIP Yes No Call control CMM, 2 ports CM 1024-65535 SSA 10162 UDP/SNMP Yes Yes INADS to secure services agent Not used. Admin Device 1024-65535 SAMP/CM 10443 TCP/HTTPS No No Not used in CM 6.0 or later - SAMP not supported CM 1024 65535 CM 12080 TCP / No No Dupmgr Control CM/SAMP 19121 SAMP/CM 19121 UDP/HPI No No Not used in CM 6.0 or later - SAMP not supported CM / SCS / SRS 20873-21872 CM /SCS/ SRS 20873-21872 TCP / TLS No No Internal Filesync communication Note 34 CM / SCS / SRS CM / SCS / SRS 1024 65535 CM SRS 21873 TCP / TLS No No Filesync over SSL Note 30 1024 65535 CM 21874 TCP / TLS No No Filesync over SSL Note 31 Message Manager 1024 65535 CMM 55000 TCP / No No IMAPI CMM 1024 65535 Message Manager 55000 TCP / No No IMAPI LDAPFE 1024 65535 CMM 55389 TCP / LDAP No No Internal use by LDAPFE. Note 37 G650 1024 65535 CM or 59000 59200 TCP / H.245 No No H.245 Avaya Confidential &. 11

Notes: 1. By default the File Transfer Protocol (FTP) service is disabled. In CM3.1 or later, the FTP service can be enabled by authenticating to the media server web administration interface --> Launch Maintenance Web Interface --> Security --> Server Access --> Change Service Name FTP Server (21) and set Server State to Enabled. Prior to CM3.1, the FTP service can be enabled by authenticating to the media server web administration interface --> Launch Maintenance Web Interface --> Security --> Start/Stop FTP Server. *Once enabled this service automatically disables after 15 minutes of inactivity. 2. By default the FTP service is disabled on Avaya IPSI circuit packs. This service is enabled during IPSI firmware upgrades. When the FTP service is started, the Avaya Communication Manager initiates the client-side of the FTP protocol and then transfers a new firmware file to the IPSI. Once the transfer is complete, the FTP service is automatically disabled. A five-minute timeout is enforced to guard against cases where the firmware download is started but terminated prematurely. 3. In CM3.1 or later, the Secure Shell (SSH), Secure Copy Protocol (SCP), and Secure File Transfer Protocol (SFTP) services can be Disabled and/or blocked by authenticating to the media server web administration interface --> Launch Maintenance Web Interface --> Security --> Server Access --> Change Service Name SSH Server (SCP/SFTP 22) and set Server State to Disabled and/or set Corporate LAN Firewall to Disabled. Prior to CM3.1, the SSH service can be blocked, via the media server host firewall, by authenticating to the media server web administration interface --> Launch Maintenance Web Interface --> Security --> Firewall -> Uncheck Input to Server for Server ssh. 4. In CM 4 and later, telnet is disabled by default. In CM3.1 or later, the Telnet service can be Disabled and/or blocked by authenticating to the media server web administration interface --> Launch Maintenance Web Interface --> Security --> Server Access --> Change Service Name Telnet Server (23) and set Server State to Disabled and/or set Corporate LAN Firewall to Disabled. Prior to CM3.1, the Telnet service could be blocked, via the media server host firewall, by authenticating to the media server web administration interface --> Launch Maintenance Web Interface --> Security --> Firewall -> Uncheck Input to Server for Server telnet. 5. The Dynamic Host Control Protocol (DHCP) service is used only in multi-connect configurations to assign IP addresses to all the IPSI boards in the various port networks. By default the DHCP service is disabled on Avaya media servers and is only enabled if DHCP is configured during installation or administered via the media server web administration interface. In multi-connect configurations, this option is available by authenticating to the media server web administration interface --> Launch Maintenance Web Interface -- > Server Configuration --> Configure Server --> Continue --> Continue --> Select Configure individual services --> Continue --> Select Set DNS/DHCP --> Check Enable DHCP service on this server for IPSIs. When enabled the DHCP services is only available via the Control Network interfaces and is not available via the Customer LAN Interface. 6. Within the web administration interface --> Launch Maintenance Web Interface --> Manage Software --> TFTP can optionally be used to copy a Communication Manager release to the local media server hard drive using a TFTP server on the services laptop. Alternative copy methods include from the local CD- ROM drive or from a URL. 7. The TFTP service is only enabled in Avaya S8300 and S8400 media servers by default and can be utilized for Gateway and IP Phone firmware download. In S8300 CM3.1 or later, the Trivial File Transfer Protocol (TFTP) service can be Disabled and/or blocked by authenticating to the media server web administration interface --> Launch Maintenance Web Interface --> Security --> Server Access --> Change Service Name TFTP Server (69) and set Server State to Disabled and/or set Corporate LAN Firewall to Disabled. Prior to CM3.1, the TFTP service can be blocked, via the media server host firewall, by authenticating to the media server web administration interface --> Launch Maintenance Web Interface --> Security --> Firewall -> Uncheck Input to Server for Server tftp. It is recommended this service disabled if not utilizing a file server, or utilizing external TFTP, HTTP, or HTTPS server(s) for firmware downloads. 8. An Avaya Welcome and Access Warning banner is displayed via this port. Once the user s selects Continue this port automatically redirects to HTTPS (443/tcp). 9. In CM2.2 and later, HTTP (81/tcp) and HTTPS (411/tcp) are offered as secure replacements to the TFTP IP Phone firmware download service. These ports are limited to 100 simultaneous connections. Moved to Utility Server. 10. The Remote Procedure Call (RPC) service is utilized for communication between the CM Messaging Application (CMM) and the Message Manager client applications. This service is only enabled if CMM is Avaya Confidential &. 12

selected during installation and CMM is enabled. CMM is only available on the S8510, S8300 and S8400 media servers. 11. The Network Time Protocol (NTP) client service is enabled if NTP is configured during installation or administered via the media server web administration interface --> Launch Maintenance Web Interface -- > Server Configuration --> Configure Server --> Continue --> Continue --> Select Configure individual services --> Continue --> Select Configure Time Server. The IP address or Domain Name Server (DNS) Name for a Primary, Secondary, or Tertiary Network Time Server (NTS) can be provided. Furthermore, the NTP the media server can be configured to support multicast timing messages or direct poll requests to the Network Time Server (NTS). Finally, keys can optionally be provided for secure communications with the NTS. 12. The Network Time Protocol (NTP) server service is enabled if NTP is configured during installation or administration via the media server web administration interface --> Launch Maintenance Web Interface - -> Server Configuration --> Configure Server --> Continue --> Continue --> Select Configure individual services --> Continue --> Select Configure Time Server --> Select this computer synchronizes with the duplicated server. This option is utilized to synchronize time between the main media server, duplicated media server, Survivable Remote Servers (SRS, formerly called LSP), and Survivable Core Servers (SCS, formerly called ESS). 13. By default the Simple Network Management (SNMP) Agent service is disabled. The SNMP Agent service can be enabled and configured via authenticating to the media server web administration interface --> Launch Maintenance Web Interface --> Alarms --> SNMP Agents. If SNMP is enabled, it is recommended that SNMP access be restricted to administered IP addresses and that SNMPv3 be utilized for enhanced security. 14. By default SNMP Trap client service is disabled. The SNMP Trap client service can be enabled and configured via authenticating to the media server web interface --> Launch Maintenance Web Interface -- > Alarms --> SNMP Traps --> Add. 15. By default the SNMP Trap server service is blocked. The SNMP Trap server services can be unblocked, via the media server host firewall, by authenticating to the media server web administration interface --> Launch Maintenance Web Interface --> Security --> Firewall -> Uncheck Input to Server for Server snmp trap. 16. CMM LDAP Service. Only needed internally. These messages do not go out into nor are received from the network. 17. In CM2.2 and later, HTTP (81/tcp) and HTTPS (411/tcp) are offered as secure replacements to the TFTP IP Phone firmware download service. These ports are limited to 100 simultaneous connections. Moved to Utility Server. 18. By default the Legacy Filesync service is disabled. This port is only enabled if the SRS is configured to synchronize with a media server running CM 1.3. 19. By default only the S8300 and S8400 have Processor Ethernet enabled. Processor Ethernet enables use of the Ethernet card resident in the processor cabinet, in place of a C-LAN card. Processor Ethernet can be confirmed enabled or disabled using the SAT interface --> Type display system-parameters customeroptions --> under page 4 see Processor Ethernet. 20. The Arbiter service is only enabled on S87x0 media servers. The Arbiter process runs on S87x0 Media Servers to 1.) Decide which server is healthier and more able to be active and 2.) Coordinate data shadowing between servers, under the Duplication Manager s control. UDP port 1333 was also used on legacy systems but is no longer used. 21. One port for each of the active processor and the standby processor. 22. CM as the destination is only when with Processor Ethernet is enabled. The Processor Ethernet limits H.323 signaling connection requests to a processor-dependent rate on the order of 5-10 per second. 23. In CM3.1 or later, the High Priority SSH service can be Disabled and/or blocked, via the media server host firewall, by --> Launch Maintenance Web Interface --> Security --> Server Access --> Change Service Name High Priority SSH (2222) and set Server State to Disabled and/or set Corporate LAN Firewall to Disabled. Prior to CM3.1, the High Priority SSH service could be blocked, via the media server host firewall, by authenticating to the media server web administration interface --> Launch Maintenance Web Interface --> Security --> Firewall -> Uncheck Input to Server for Server hp-sshd. 24. The H.248 service is only enabled on media servers with Processor Ethernet enabled. It limits connection requests to 50 with a burst limit of 100. 25. In CM3.1 or later, the Station Administration Terminal (SAT) SSH service can be Disabled and/or blocked, via the media server host firewall, by --> Launch Maintenance Web Interface --> Security --> Avaya Confidential &. 13

Server Access --> Change Service Name SAT (SSH 5022) and set Server State to Disabled and/or set Corporate LAN Firewall to Disabled. Prior to CM3.1, the SAT SSH service could be blocked, via the media server host firewall, by authenticating to the media server web administration interface --> Launch Maintenance Web Interface --> Security --> Firewall -> Uncheck Input to Server for Server secure-sat. 26. In CM3.1 or later, the Station Administration Terminal (SAT) Telnet service can be Disabled and/or blocked, via the media server host firewall, by --> Launch Maintenance Web Interface --> Security --> Server Access --> Change Service Name SAT (Telnet 5023) and set Server State to Disabled and/or set Corporate LAN Firewall to Disabled. Prior to CM3.1, the SAT Telnet service could be blocked, via the media server host firewall, by authenticating to the media server web administration interface --> Launch Maintenance Web Interface --> Security --> Firewall -> Uncheck Input to Server for Server def-sat. 27. The SIP service is only enabled on media servers with Processor Ethernet enabled. It limits connection requests 50 with a burst limit of 100. The configurable range excludes well known ports used by other services; e.g. wrongly attempting to use 5060 for TLS. 28. The SIPS service is only enabled media servers with Processor Ethernet enabled. It limits connection requests to 50 with a burst limit of 100. The configurable range excludes well known ports used by other services; e.g. wrongly attempting to use 5060 for TLS. 29. This port is not required for external connectivity and has been closed by default in CM 4.0 and later. See Avaya Security Advisory ASA-2007-051. 30. In CM2.x the filesync (over SSL) utilized port 21873/tcp to transfer translation, unicode, license, and password files to the standby server(s). 31. In CM3.x and later the filesync (over SSL) utilized port 21874/tcp to transfer translation, unicode, license, and password files to the standby server(s). 32. Optionally encrypted in CM 4.1 and later. See AE Services Administration and Maintenance Guide, Release 4.1 (02-300357 Issue 8 December 2007). 33. CM sends the NTP data to IPSI using an ephemeral port specified in the IPSI request. 34. Ports used for internal filesync communication; defaults to 20873 20877. Number of ports used (up to 1000) is a function of the FileSyncMaxClient variable in /etc/opt/ecs/ecs.conf. 35. Source port is configurable using the change ip-network-region SAT command (page 2). The default is 61440 61444. 36. Disabled by default. Requires root access to enable. 37. Used only for communication between two software processes on the same hardware platform. These messages do not go out into nor are received from the network. Avaya Confidential &. 14

Port Summary: Ingress: This indicates data flowing INTO the product defined in the matrix. Egress: This indicates data flowing away FROM the product defined in the matrix. Port(s): This is the layer-4 port number. Valid values include: 0 65535. Note all ports listed are destination ports. Network/Application Protocol: This is the name associated with the layer-4 protocol and layers-5-7 application. Optionally Enabled / Disabled: This field indicates whether customers can enable or disable a layer-4 port changing its default port setting. Valid values include: Yes or No No means the default port state cannot be changed (e.g. enable or disabled). Yes means the default port state can be changed and that the port can either be enabled or disabled. Default Port State: A port is either open, closed, filtered or N/A. Open ports will respond to queries Closed ports may or may not respond to queries and are only listed when they can be optionally enabled. Filtered ports can be open or closed. Filtered UDP ports will not respond to queries. Filtered TCP will respond to queries, but will not allow connectivity. N/A is used for the egress default port state since these are not listening ports on the product. Avaya S8510, S8800, R610, R620, DL360G7 and DL360PG8 Port Summary Ports Network / Application Protocol Optionally Enabled / Disabled? Default Port State Ingress 1. 20 TCP / FTP Yes Closed 2. 21 TCP / FTP Yes Closed 3. 22 TCP / SSH Yes Open 4. 23 TCP / Telnet Yes Closed 5. 25 TCP/SMTP No Open* 6. 68 UDP / DHCP Yes Closed 7. 80 TCP / HTTP No Open 8. 81 TCP / HTTP No Open 9. 110 TCP/POP3 No Open* 10. 123 UDP / NTP Yes Closed 11. 143 TCP/IMAP4 No Open* 12. 161 UDP / SNMP Yes Closed 13. 162 UDP / SNMP Yes Closed 14. 15. 411 TCP / HTTPS No Open 443 TCP / HTTPS No Open 16. 465 TCP/SMTP No Open* 17. 514 UDP/SYSLOG Yes Closed 18. 993 TCP/IMAP4 No Open* 19. 995 TCP/POP3 No Open* 20. 1039 TCP Yes Closed 21. 1300 TLS Yes Closed 22. 1332 TCP No Closed 23. 1719 UDP / H.225 Yes Closed 24. 1720 TCP / H.323 Yes Closed 25. 2222 TCP / SSH Yes Open 26. 5060 TCP / SIP Yes Closed 27. 5061 TCP / SIPS Yes Closed 28. 5022 TCP / SAT Yes Open Column Descriptions Ingress -- data flows coming into the product. Egress -- data flows leaving the product. Port(s) Logical number(s) at OSI layer-4. Valid values include: 0 65535 Network / Application Protocol Top layer protocol. i.e. RTP, HTTP, etc. Optionally Enabled/Disabled indicates whether customers can enable or disable a layer-4 port changing its default port setting. Valid values include: Yes or No. Default Port State: Valid Values include: Open, Closed, Filtered or N/A *Open if CMM co-resident. **Open for duplex configurations Avaya Confidential &. 15

29. 30. 31. 32. 33. 34. 5023 TCP / SAT Yes Closed 5098 TCP/TLS No Open** 8009 TCP / HTTP No Closed 8765 TCP Yes Closed 12080 TCP Yes Closed 21874 TCP / TLS No Open Egress 1. 20 TCP / FTP Yes NA 2. 21 TCP / FTP Yes NA 3. 53 UDP / DNS No NA 4. 67 UDP / DHCP Yes NA 5. 68 UDP / DHCP Yes NA 6. 69 UDP / TFTP Yes NA 7. 123 UDP / NTP Yes NA 8. 162 UDP / SNMP Yes NA 9. 1719 UDP / H.225 Yes NA 10. 1720 TCP / H.323 Yes NA 11. 1956 TCP No NA 12. 13. 14. 5010 TCP No NA 5011 TCP No NA 5012 TCP No NA 15. 5060 TCP / SIP Yes NA 16. 5061 TLS / SIPS Yes NA 17. 55000 TCP No NA 18. 1024 65535 UDP / TCP No NA Avaya S8300 Port Summary Ports Network / Application Protocol Optionally Enabled / Disabled? Default Port State Ingress 1. 20 TCP / FTP Yes Closed 2. 21 TCP / FTP Yes Closed 3. 22 TCP / SSH Yes Open 4. 23 TCP / Telnet Yes Closed 5. 25 TCP/SMTP No Open* 6. 68 UDP / DHCP Yes Closed 7. 69 UDP / TFTP Yes Closed 8. 80 TCP / HTTP No Open 9. 81 TCP / HTTP No Open 10. 110 TCP/POP3 No Open* 11. 111 UDP / RPC Yes Closed 12. 111 TCP / RPC Yes Closed 13. 123 UDP / NTP Yes Closed 14. 143 TCP/IMAP4 No Open* 15. 161 UDP / SNMP Yes Closed 16. 17. 162 UDP / SNMP Yes Closed 411 TCP / HTTPS No Open Column Descriptions Ingress -- data flows coming into the product. Egress -- data flows leaving the product. Port(s) Logical number(s) at OSI layer-4. Valid values include: 0 65535 Network / Application Protocol Top layer protocol. i.e. RTP, HTTP, etc. Optionally Enabled/Disabled indicates whether customers can enable or disable a layer-4 port changing its default port setting. Valid values include: Yes or No. Default Port State: Valid Values include: Open, Closed, Filtered or N/A *Open if CMM co-resident. Avaya Confidential &. 16

18. 443 TCP / HTTPS No Open 19. 465 TCP/SMTP No Open* 20. 514 TCP / RSH Yes Closed 21. 514 UDP/SYSLOG Yes Closed 22. 993 TCP/IMAP4 No Open* 23. 995 TCP/POP3 No Open* 24. 1024 65535 UDP No Open 25. 1037 TCP No Open 26. 1039 TCP Yes Open 27. 1300 TLS Yes Closed 28. 1320 TCP No Closed 29. 30. 31. 32. 1332 TCP No Closed 1719 UDP / H.225 Yes Closed 1720 TCP / H.323 Yes Closed 2222 TCP / SSH Yes Open 33. 2944 TLS/H.248 Yes Closed 34. 2945 TCP / H.248 Yes Open 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 5022 TCP / SAT Yes Open 5023 TCP / SAT Yes Closed 5060 TCP / SIP Yes Closed 5061 TCP / SIPS Yes Closed 5098 TCP/TLS No Open** 5500 TCP No Open 8009 TCP / HTTP No Closed 8765 TCP Yes Closed 12080 TCP Yes Closed 21873 TCP No Open 21874 TCP / TLS No Open 55000 TCP Yes Closed 47. 59000-59200 TCP No Open Egress 1. 20 TCP / FTP Yes NA 2. 21 TCP / FTP Yes NA 3. 53 UDP / DNS No NA 4. 67 UDP / DHCP Yes NA 5. 69 UDP / TFTP Yes NA 6. 68 UDP / DHCP Yes NA 7. 123 UDP / NTP Yes NA 8. 162 UDP / SNMP Yes NA 9. 1719 UDP / H.225 Yes NA 10. 1720 TCP / H.323 Yes NA 11. 1956 TCP No NA Avaya Confidential &. 17

12. 13. 14. 5010 TCP No NA 5011 TCP No NA 5012 TCP No NA 15. 5060 TCP / SIP Yes NA 16. 5061 TLS / SIPS Yes NA 17. 55000 TCP No NA 18. 1024 65535 UDP / TCP No NA The port numbers are assigned by IANA (Internet Assigned Numbers Authority) and are found here: http://www.iana.org/assignments/port-numbers Avaya Confidential &. 18

IP Protocol Summary: IP Protocol Number: This is the layer-3 or layer- protocol number. Valid values include: 0 255. IP Protocol Name: This is the name associated with the layer-3 protocol or layer-4 port number. Examples are ICMP, TCP, UDP, IGMP, etc. Optionally Enabled / Disabled: This field indicates whether customers can enable or disable a layer-3 protocol from its default setting. Valid values are: Yes or No. No means the default protocol state cannot be changed (e.g. enable or disabled). Yes means the default protocol state can be changed and that the protocol can either be enabled or disabled. Default Protocol State: A protocol is open, closed or filtered. Open will respond to queries whereas filtered is open, but will not respond. Valid values include: Open, Close or Filtered. For brevity, closed protocols are not listed unless they can be optionally enabled. Open protocols will respond to queries Closed protocols may or may not respond to queries and are only listed when they can be optionally enabled. Filtered protocols can be open or closed. Avaya IP Protocol Summary IP Protocol Number IP Protocol Name Optionally Enabled/ Disabled? Default Protocol State 1 1 ICMP Yes Open 2 6 TCP No Open 3 17 UDP No Open 4 5 6 7 8 9 10 Column Description IP Protocol Number Logical number at OSI layer-3 or layer-4. Valid values include: 0 255 IP Protocol Name OSI layer 3 & 4. i.e. ICMP, TCP, UDP, IGMP Optionally Enabled/Disabled indicates whether customers can enable or disable a layer-3 or layer-4 protocol changing its default protocol setting. Default Protocol State: Valid Values include: Open, Closed or Filtered The protocol numbers are assigned by IANA (Internet Assigned Numbers Authority) and are found here: http://www.iana.org/assignments/protocol-numbers Terminology and Acronyms Table 2 - Terminology and Acronym List Term ACL AES, AEServices ALG ASA ASAI ASN AUDIX C-LAN CM CMM Meaning Access Control List. Application Enablement Services. Application Level Gateway. Avaya Security Advisory Adjunct Switch Application Interface Abstract Syntax Notation Audio Information Exchange Control-LAN (TN799 board). Communication Manager. Communication Manager Messaging (formerly IA-770). Avaya Confidential &. 19

Term Meaning Def-sat DEFINITY System Administration Terminal DHCP Dynamic Host Configuration Protocol. DNS Domain Name Service. Dupmgr Duplication Manager ESS Enterprise Survivable Server, now called SCS. Eth Ethernet Filesync File Synchronization, especially of administration translations. FP Fault and Performance. FTP File Transfer Protocol. GK Gatekeeper. GMM Global Maintenance Manager. GW Gateway. HPI Hardware Platform Interface. HTTP Hypertext Transfer Protocol. HTTPS Hypertext Transfer Protocol Secure. IANA Internet Assigned Numbers Authority ICMP Internet Control Management Protocol. IGMP Internet Group Management Protocol IMAP4 Internet Message Access Protocol version 4. IMAPI Intuity Messaging Applications Programming Interface. INADS Initialization and Administration System. IA Intuity AUDIX IP Internet Protocol. IPSI Internet Protocol Server Interface (TN2312 board). IPv6 Internet Protocol version 6. LDAP Lightweight Directory Access Protocol. LDAPFE Lightweight Directory Access Protocol Front End. LSP Local Survivable Processor, now called SRS. MTU Maximum Transmission Unit. NA Not Applicable NIC Network Interface Card NSS Network Security Services. NTS Network Time Server NTP Network Time Protocol. OSI Open System Interconnection PE Processor Ethernet. POP3 Post Office Protocol version 3. RADIUS Remote Authentication Dial In User Service. RAS Registration, Admission, Status. RFC Request For Comments. RPC Remote Procedure Call. RSH Remote Shell Avaya Confidential &. 20

Rsyslog RTCP RTP SAMP SASL SAT SCP SCS SFTP SIP SME SMTP SNMP SRS SSA SSH SSL TCP TFTP TLS TTS UDP VLAN VOIP Term Meaning Remote System Log RTP Control Protocol. Real Time Transport Protocol. Server Availability Management Processor. Simple Authentication and Security Layer. Station Administration Terminal. Secure Copy. Survivable Core Server, formerly called ESS. Secure File Transfer Protocol. Session Initiation Protocol. Server Maintenance Engine. Simple Mail Transfer Protocol. Simple Network Management Protocol. Survivable Remote Server, formerly called LSP Secure Services Agent. Secure Shell. Secure Sockets Layer. Transmission Control Protocol. Trivial File Transfer Protocol. Transport Layer Security. Time To Service. User Datagram Protocol. Virtual Local Area Network. Voice Over Internet Protocol. Avaya Confidential &. 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback