OVOC Service Provider Firewall Configuration
This section describes how to configure the Enterprise Firewall between the OVOC Service provider network and the UMP/SBC.
| ➢ | To configure the Enterprise firewall on Microsoft Azure: |
| 1. | On Microsoft Azure, ensure that you have deployed the OVOC Virtual Machine as described in the OVOC IOM. |
| 2. | Configure the Enterprise firewall according to the ports below. |
OVOC Firewall
|
Connection |
Port Type |
Secured Connection |
Port Number |
Purpose |
Port side / Flow Direction |
|---|---|---|---|---|---|
|
OVOC clients and OVOC server |
|||||
|
HTTPS/NBIF Clients ↔ OVOC server |
TCP (HTTPS) |
√ |
443 |
Connection for OVOC/ NBIF clients. Initiator: Client |
OVOC server side / Bi-directional |
|
WebSocket Client ↔ OVOC Server Communication |
TCP (HTTP) |
√ |
915 |
WebSocket Client and OVOC Server communication (internal) according to RFC 6455, used for managing the alarm and task notification mechanism in the OVOC Web. Initiator (internal): WebSocket Client |
OVOC server side / Bi-directional |
|
OVOC server and OVOC Managed Devices |
|||||
|
Device ↔ OVOC server (SNMP) |
UDP |
√ |
1161 |
Keep-alive - SNMP trap listening port (used predominantly for devices located behind a NAT). Used also by Fixed License Pool and Floating License Service. Initiator: AudioCodes device |
OVOC server side / Receive only |
|
UDP |
√ |
162 |
SNMP trap listening port on the OVOC. Initiator: AudioCodes device |
OVOC server side / Receive only |
|
|
UDP |
√ |
161 |
SNMP Trap Manager port on the device that is used to send traps to the OVOC server. Used also by Fixed License Pool and Floating License Service. Initiator: OVOC server |
MG side / Bi-directional |
|
|
Device↔ OVOC server (NTP Server) |
UDP (NTP server) |
ᵡ |
123 |
NTP server synchronization for external clock. Initiator: MG (and OVOC server, if configured as NTP client) Initiator: Both sides |
Both sides / Bi-directional |
|
Device ↔ OVOC server |
TCP (HTTP) |
ᵡ |
80 |
HTTP connection for files transfer and REST communication. Initiator: Both sides can initiate an HTTP connection |
OVOC server side / Bi-directional |
|
TCP (HTTPS) |
√ |
443 |
HTTPS connection for files transfer (upload and download) and REST communication. Initiator: Both sides can initiate an HTTPS connection. |
OVOC server side / Bi-directional |
|
|
Device↔ OVOC server Floating License Management |
TCP (HTTPS) |
√ |
443 |
HTTPS connection for files transfer (upload and download) and REST communication for device Floating License Management. Initiator: Device |
OVOC server side / Bi-directional |
|
Endpoints |
|||||
|
Endpoints ↔ WAF/Azure Blob |
TCP (HTTPS) |
√ |
443 |
HTTPS connection between the endpoints and the WAF. Initiator: Endpoints |
OVOC server side / Bi-Directional |
|
HTTPS connection used by endpoints for downloading firmware and configuration files from the Azure Blob. Initiator: Endpoints |
|||||
|
OVOC Voice Quality Package Server and Devices |
|||||
|
Media Gateways ↔ Voice Quality Package |
TCP |
ᵡ |
5000 |
XML based communication for control, media data reports and SIP call flow messages. Initiator: Media Gateway |
OVOC server side / Bi-directional |
|
TCP (TLS) |
√ |
5001 |
XML based TLS secured communication for control, media data reports and SIP call flow messages. Initiator: AudioCodes device |
OVOC server side / Bi-directional |
|
|
LDAP Active Directory Server |
|||||
|
OVOC server ↔ Active Directory LDAP server (OVOC user authentication) |
TCP |
ᵡ |
389 |
Connection between the OVOC server and the Active Directory LDAP server (OVOC Users). Initiator: OVOC server |
Active Directory server side/ Bi‑directional |
|
TCP (TLS) |
√ |
636 |
Connection between the OVOC server and the Active Directory LDAP server (OVOC Users) with SSL configured. Initiator: OVOC server |
Active Directory server side/ Bi‑directional
|
|
|
AudioCodes Floating License Service |
|||||
|
OVOC server ↔AudioCodes Floating License Service |
TCP |
√ |
443 |
HTTPS for OVOC/ Cloud Service Initiator: OVOC REST client |
OVOC REST client side / Bi-directional |
|
External Servers |
|||||
|
OVOC server ↔ Mail Server |
TCP |
√ |
25 |
Trap Forwarding to Mail server Initiator: OVOC server |
Mail server side / Bi-directional |
|
OVOC server ↔ Syslog Server |
TCP |
√ |
514 |
Trap Forwarding to Syslog server. Initiator: OVOC server |
Syslog server side /Bi-directional |
|
OVOC server ↔ Debug Recording Server |
UDP |
√ |
925 |
Trap Forwarding to Debug Recording server. Initiator: OVOC server |
Debug Recording server /Bi-directional |
|
OVOC server ↔UMP-365 server |
TCP RDP |
√ |
3389 |
Remote Desktop access to UMP-365 server Initiator: OVOC server |
UMP-365 server/Bi-directional |
|
Voice Quality |
|||||
|
Voice Quality Package ↔ Endpoints (RFC 6035 ) |
UDP |
ᵡ |
5060 |
SIP Publish reports sent to the SEM server from the endpoints, including RFC 6035 SIP PUBLISH for reporting device voice quality metrics. Initiator: Endpoint |
SEM server / Bi‑directional |