Firewall Rules for Service Provider with Single Node
The table below describes the OVOC Server Provider firewall settings for a Service Provider with a single node.
Enterprise Firewall
|
Connection |
Port Type |
Secured Connection |
Port Number |
Purpose |
Port side / Flow Direction |
||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
OVOC clients and OVOC server |
|||||||||||
|
HTTPS/NBIF Clients ↔ OVOC server |
TCP (HTTPS) |
Ö |
443 |
Connection for OVOC/ NBIF clients.
|
OVOC server side / Bi-directional |
||||||
|
Microsoft Teams↔ |
TCP (HTTPS) |
Ö |
443 |
Connection to Microsoft Teams
|
Bi-directional |
||||||
|
WebSocket Client ↔ OVOC Server Communication |
TCP (HTTP) |
Ö |
915 |
WebSocket Client and OVOC Server communication (internal) according to RFC 6455, used for managing the alarm and task notification mechanism in the OVOC Web.
|
OVOC server side / Bi-directional |
||||||
|
OVOC server and OVOC Managed Devices |
|||||||||||
|
Device ↔ OVOC server (SNMP) |
UDP |
Ö |
1161 |
Keep-alive - SNMP trap listening port (used predominantly for devices located behind a NAT). Used also by Fixed License Pool and Floating License Service.
|
OVOC server side / Receive only |
||||||
|
UDP |
Ö |
162 |
SNMP trap listening port on the OVOC.
|
OVOC server side / Receive only |
|||||||
|
UDP |
Ö |
161 |
SNMP Trap Manager port on the device that is used to send traps to the OVOC server. Used also by Fixed License Pool and Floating License Service.
|
MG side / Bi-directional |
|||||||
|
Device↔ OVOC server (NTP Server) |
UDP (NTP server) |
Ö |
123 |
NTP server synchronization for external clock. Initiator: MG (and OVOC server, if configured as NTP client)
|
Both sides / Bi-directional |
||||||
|
Device ↔ OVOC server |
TCP (HTTP) |
´ |
80 |
HTTP connection for files transfer and REST communication.
|
OVOC server side / Bi-directional |
||||||
|
TCP (HTTPS) |
Ö |
443 |
HTTPS connection for files transfer (upload and download) and REST communication.
|
OVOC server side / Bi-directional |
|||||||
|
Device↔ OVOC server Floating License Management |
TCP (HTTPS) |
Ö |
443 |
HTTPS connection for files transfer (upload and download) and REST communication for device Floating License Management.
|
OVOC server side / Bi-directional |
||||||
|
Devices Managed by the Device Manager |
|||||||||||
|
Endpoints ↔ OVOC Device Manager |
TCP (HTTPS) |
û |
80 |
HTTP connection between the Endpoints and the OVOC Device Manager.
|
OVOC Device Manager side/ Bi-Directional |
||||||
|
Endpoints ↔ OVOC Device Manager |
TCP (HTTPS) |
Ö |
443 |
HTTPS connection between the Endpoints and the OVOC Device Manager.
|
OVOC Device Manager side / Bi-Directional |
||||||
|
HTTPS connection that is used by endpoints for downloading firmware and configuration files .
|
|||||||||||
|
OVOC Device Manager ↔ ShareFile |
TCP (HTTPS) |
Ö |
443 |
HTTPS connection used by OVOC Device Manager for downloading firmware and configuration files from ShareFile.
For information on ShareFile IP Ranges, see ShareFile Firewall Configuration. |
OVOC Device Manager Side / Bi-Directional |
||||||
|
Endpoints ↔ WAF (Imperva Incapsula) and Azure Blob |
TCP (HTTPS |
Ö |
443 |
HTTPS connection between the endpoints and the WAF.
|
Endpoints WAF side / Bi-Directional | ||||||
|
HTTPS connection used by endpoints for downloading firmware and configuration files from the Azure Blob.
|
Azure Blob side / Bi-Directional |
||||||||||
|
OVOC Device Manager à Azure Blob |
HTTPS connection used by OVOC to update firmware and configuration files to the Azure Blob.
|
OVOC Device Manager Side / Send-only |
|||||||||
|
OVOC Device Manager ↔ ShareFile |
HTTPS connection used by OVOC Device Manager for downloading firmware and configuration files from ShareFile.
For information on ShareFile IP Ranges, see ShareFile Firewall Configuration. |
OVOC Device Manager Side / Bi-Directional |
|||||||||
|
OVOC Voice Quality Package Server and Devices |
|||||||||||
|
Media Gateways ↔ Voice Quality Package |
TCP |
´ |
5000 |
XML based communication for control, media data reports and SIP call flow messages.
|
OVOC server side / Bi-directional |
||||||
|
TCP (TLS) |
Ö |
5001 |
XML based TLS secured communication for control, media data reports and SIP call flow messages.
|
OVOC server side / Bi-directional |
|||||||
|
LDAP Active Directory Server |
|||||||||||
|
OVOC server ↔ Active Directory LDAP server (OVOC user authentication) |
TCP |
´ |
389 |
Connection between the OVOC server and the Active Directory LDAP server (OVOC Users).
|
Active Directory server side/ Bi‑directional |
||||||
|
TCP (TLS) |
Ö |
636 |
Connection between the OVOC server and the Active Directory LDAP server (OVOC Users) with SSL configured.
|
Active Directory server side/ Bi‑directional
|
|||||||
|
AudioCodes Floating License Service |
|||||||||||
|
OVOC server ↔AudioCodes Floating License Service |
TCP |
Ö |
443 |
HTTPS for OVOC/ Cloud Service
|
OVOC REST client side / Bi-directional |
||||||
|
External Servers |
|||||||||||
|
OVOC server ↔ Mail Server |
TCP |
´ |
25 |
Trap Forwarding to Mail server
|
Mail server side / Bi-directional |
||||||
|
OVOC server ↔ Syslog Server |
TCP |
´ |
514 |
Trap Forwarding to Syslog server.
|
Syslog server side /Bi-directional |
||||||
|
OVOC server ↔ Debug Recording Server |
UDP |
´ |
925 |
Trap Forwarding to Debug Recording server.
|
Debug Recording server /Bi-directional |
||||||
|
OVOC server ↔Remote Managed Device |
TCP RDP |
Ö |
3389 |
Remote Desktop access Apache to Managed Device through the Guacamole VPN gateway.
|
Managed Device/Bi-directional |
||||||
|
Voice Quality |
|||||||||||
|
Voice Quality Package ↔ Endpoints (RFC 6035 ) |
UDP |
û |
5060 |
SIP Publish reports sent to the SEM server from the endpoints, including RFC 6035 SIP PUBLISH for reporting device voice quality metrics.
|
SEM server / Bi‑directional |
||||||