Opening Firewall Ports for the ARM
Ports for the ARM must be opened in the Firewall. Use the following table as reference.
Opening Firewall Ports for the ARM
|
Connection |
Port Type |
Secured Connection |
Port Number |
Purpose |
Port side / Flow Direction |
|---|---|---|---|---|---|
|
ARM and Devices (SBCs / Gateways / Hybrid nodes) |
|||||
|
Device ↔ ARM Configurator (REST) |
TCP (HTTPS) - default |
ü |
443 |
Topology Auto-discovery, Topology Status update, Quality information, long call sessions information (for licensing) |
Bi-Directional |
|
TCP (HTTP) – debug only |
û |
80 |
Topology Auto-discovery, Topology Status update, Quality information, long calls session information (for licensing) |
Bi-directional |
|
|
Device ↔ ARM Router (REST) |
TCP (HTTPS) - default |
ü |
443 |
Routing requests and calls status |
Bi-Directional |
|
TCP (HTTP) – debug only |
û |
80 |
Routing requests and calls status |
Bi-directional |
|
|
ARM and LDAP Active Directory Server |
|||||
|
ARM Configurator ↔ Active Directory LDAP server |
TCP (LDAP) |
û |
389 (Default, can be configured at ARM) |
Getting of ARM AD users and updating ARM user database |
Bi‑directional |
|
TCP (TLS - LDAPS) |
ü |
636 3268 for ‘Global catalog’ Default, can be configured at ARM) |
Getting of ARM AD users and updating ARM user database LDAPS (TLS) is configured at ARM |
Bi‑directional |
|
|
ARM GUI and North bound Interface |
|||||
|
UI (REST communication) → ARM Configurator |
TCP (HTTPS) |
ü |
443 |
ARM component status updates, GUI, Provisioning, Alarms indications |
Incoming (from ARM Configurator perspective) |
|
Third-party application (via official REST API) → ARM Configurator |
TCP (HTTPS) |
ü |
443 |
ARM component status updates, GUI, Provisioning, Alarms indications |
Incoming (from ARM Configurator perspective) |
|
ARM Configurator → SNMP Target |
UDP (SNMP) |
û |
161, 162 or configurable |
ARM generates SNMP traps/alarms toward predefined SNMP Target. |
Outgoing |
|
ARM Management / Maintenance Interfaces |
|||||
|
ARM Configurator ↔ NTP Server |
UDP (NTP server) |
û |
123 |
ARM Configurator acts as NTP client toward external (pre-configured) NTP server. It also acts as NTP Server toward ARM Routers. |
Bi-directional |
|
ARM Router → NTP Server (ARM Configurator) |
UDP (NTP) |
û |
123 |
ARM Router acts as NTP client |
Outgoing |
|
ARM Configurator ↔ Client PC (SSH) |
TCP |
ü |
22 |
SSH communication between ARM Configurator and external PC initiated by client PC: For ARM maintenance |
Bi-directional |
|
ARM Router ↔ Client PC (SSH) |
TCP |
ü |
22 |
SSH communication between ARM Router and external PC initiated by client PC: For ARM maintenance |
Bi-directional |
|
ARM Configurator → Syslog server |
TCP |
û |
514 (by default) or configurable |
ARM Configurator logs can be forwarded to external syslog server. |
Outgoing |
|
ARM Router → Syslog server |
TCP |
û |
514 (by default) or configurable |
ARM Routers logs can be forwarded to external syslog server. |
Outgoing |
|
ARM Inter-Components Communication (Configurator ↔ Routers) |
|||||
|
ARM Configurator ↔ ARM Routers |
TCP (HTTPS) |
ü |
443 |
Getting call statistics from the ARM Configurator; getting call sessions information for ARM licensing |
Bi-directional |
|
TCP (HTTP) -debug only |
û |
80 |
Getting call statistics from the ARM Configurator; getting call sessions information for ARM licensing |
Bi-directional |
|
|
ARM Configurator ← JMS Broker |
TCP (TLS) |
ü |
8080 |
Informing ARM Routers about topology changes (including topology status and quality changes) |
Incoming |
|
ARM Router → JMS Broker |
TCP (TLS) |
ü |
8080 |
Getting Topology updates from ARM |
Outgoing |
|
ARM Configurator ← Redis from Router |
TCP (TLS) |
ü |
6379 (Router uses same 80 and 443) |
Needed only if DID Masking or Dynamic Blacklist is used |
Bi-directional |
|
ARM Configurator → ARM Router (SSH) |
TCP |
ü |
22 |
SSH communication between ARM Configurator and ARM Router |
Outgoing |