OVOC Service Provider Firewall Configuration
This section describes how to configure the Enterprise Firewall between the Live Platform Operation Center portal Service provider network and the UMP-365 and SBC devices.
| ➢ | To configure the Enterprise firewall on Microsoft Azure: |
| 1. | On Microsoft Azure, ensure that you have deployed the Live Platform Virtual Machine as described in the OVOC IOM. |
| 2. | Configure the Enterprise firewall according to the ports below. |
Live Platform Operation Center portal Firewall
|
Connection |
Port Type |
Secured Connection |
Port Number |
Purpose |
Port side / Flow Direction |
||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
Live Platform Operation Center portal clients communication |
|||||||||||
|
HTTPS/NBIF Clients ↔ Live Platform Operation Center portal server |
TCP (HTTPS) |
√ |
443 |
Connection for Live Platform Operation Center portal server/ NBIF clients. Initiator: Client |
OVOC server side / Bi-directional |
||||||
|
Microsoft Teams↔ Live Platform Operation Center portal server |
TCP (HTTPS) |
Ö |
443 |
Connection to Microsoft Teams:
|
Bi-directional |
||||||
|
WebSocket Client ↔ Live Platform Operation Center portal server |
TCP (HTTP) |
√ |
915 |
WebSocket Client and Live Platform Operation Center portal communication (internal) according to RFC 6455, used for managing the alarm and task notification mechanism in the Live Platform Operation Center portal. Initiator (internal): WebSocket Client |
Live Platform Operation Center portal server side / Bi-directional |
||||||
|
Live Platform Operation Center portal server Managed Devices |
|||||||||||
|
Device ↔Live Platform Operation Center portal server (SNMP) |
UDP |
√ |
1161 |
Keep-alive - SNMP trap listening port (used predominantly for devices located behind a NAT). Used also by Fixed License Pool and Floating License Service. Initiator: AudioCodes device |
Live Platform Operation Center portal server side / Receive only |
||||||
|
UDP |
√ |
162 |
SNMP trap listening port on the Live Platform Operation Center portal server. Initiator: AudioCodes device |
Live Platform Operation Center portal server side / Receive only |
|||||||
|
UDP |
√ |
161 |
SNMP Trap Manager port on the device that is used to send traps to the Live Platform Operation Center portal. Used also by Fixed License Pool and Floating License Service. Initiator: Live Platform Operation Center portal server |
MG side / Bi-directional |
|||||||
|
Device↔ Live Platform Operation Center portal (NTP Server) |
UDP (NTP server) |
ᵡ |
123 |
NTP server synchronization for external clock. Initiator: MG (and Live Platform Operation Center portal server when configured as NTP client) Initiator: Both sides |
Both sides / Bi-directional |
||||||
|
Device ↔ Live Platform Operation Center portal server |
TCP (HTTP) |
ᵡ |
80 |
HTTP connection for files transfer and REST communication. Initiator: Both sides can initiate an HTTP connection |
Live Platform Operation Center portal server side / Bi-directional |
||||||
|
TCP (HTTPS) |
√ |
443 |
HTTPS connection for files transfer (upload and download) and REST communication. Initiator: Both sides can initiate an HTTPS connection. |
Live Platform Operation Center portal server side / Bi-directional |
|||||||
|
Device↔ Live Platform Operation Center portal server Floating License Management |
TCP (HTTPS) |
√ |
443 |
HTTPS connection for files transfer (upload and download) and REST communication for device Floating License Management. Initiator: Device |
Live Platform Operation Center portal server side / Bi-directional |
||||||
|
Endpoints |
|||||||||||
|
Endpoints ↔ WAF/Azure Blob |
TCP (HTTPS) |
√ |
443 |
HTTPS connection between the endpoints and the WAF. Initiator: Endpoints |
Live Platform Operation Center portal Live Platform Operation Center portal server side / Bi-Directional |
||||||
|
HTTPS connection used by endpoints for downloading firmware and configuration files from the Azure Blob. Initiator: Endpoints |
|||||||||||
|
OVOC Voice Quality Package Server and Devices |
|||||||||||
|
Media Gateways ↔ Voice Quality Package |
TCP |
ᵡ |
5000 |
XML based communication for control, media data reports and SIP call flow messages. Initiator: Media Gateway |
Live Platform Operation Center portal Live Platform Operation Center portal server side / Bi-directional |
||||||
|
TCP (TLS) |
√ |
5001 |
XML based TLS secured communication for control, media data reports and SIP call flow messages. Initiator: AudioCodes device |
Live Platform Operation Center portal server side / Bi-directional |
|||||||
|
Microsoft Entra ID |
|||||||||||
|
Live Platform Operation Center portal server > Microsoft Entra ID |
TCP (HTTPS) |
Ö |
443 |
Single Sign-on connection between the Live Platform Operation Center portal server and Microsoft Entra ID for Live Platform Operation Center portal users. Initiator: Live Platform Operation Center portal server
|
Live Platform Operation Center portal server side/ Send-only
|
||||||
|
AudioCodes Floating License Service |
|||||||||||
|
Live Platform Operation Center portal server ↔AudioCodes Floating License Service |
TCP |
√ |
443 |
HTTPS for Live Platform Operation Center portal server / Cloud Service Initiator: Live Platform Operation Center portal REST client |
Live Platform Operation Center REST client side / Bi-directional |
||||||
|
External Servers |
|||||||||||
|
Live Platform Operation Center portal server ↔ Mail Server |
TCP |
√ |
25 |
Trap Forwarding to Mail server Initiator: Live Platform Operation Center portal server |
Mail server side / Bi-directional |
||||||
|
Live Platform Operation Center portal server ↔ Syslog Server |
TCP |
√ |
514 |
Trap Forwarding to Syslog server. Initiator: Live Platform Operation Center portal server |
Syslog server side /Bi-directional |
||||||
|
OVOC server ↔ Debug Recording Server |
UDP |
√ |
925 |
Trap Forwarding to Debug Recording server. Initiator: OVOC server |
Debug Recording server /Bi-directional |
||||||
|
Live Platform Operation Center portal server ↔UMP-365 server |
TCP RDP |
√ |
3389 |
Remote Desktop access to UMP-365 server Initiator:Live Platform Operation Center portal server |
UMP-365 server/Bi-directional |
||||||
|
Voice Quality |
|||||||||||
|
Voice Quality Package ↔ Endpoints (RFC 6035 ) |
UDP |
ᵡ |
5060 |
SIP Publish reports sent to the SEM server from the endpoints, including RFC 6035 SIP PUBLISH for reporting device voice quality metrics. Initiator: Endpoint |
SEM server / Bi‑directional |
||||||