Académique Documents
Professionnel Documents
Culture Documents
© 2007 Avaya Inc. All Rights Reserved. All trademarks identified by the ® or ™
are registered trademarks or trademarks, respectively, of Avaya Inc. All other
trademarks are the property of their respective owners.
Ports are used in TCP and UDP to name the ends of logical connections which carry data flows. TCP and UDP streams have
an IP address and port number for both source and destination IP devices. The pairing of an IP address and a port number is
called a socket (discussed later). Therefore, each data stream is uniquely identified with two sockets. Source and destination
sockets must be known by the source before a data stream can be sent to the destination. Some destination ports are “open”
to receive data streams and are called “listening” ports. Listening ports actively wait for a source (client) to make contact to a
destination (server) using a specific port that has a known protocol associate with that port number. HTTPS, as an example,
is assigned port number 443. When a destination IP device is contacted by a source device using port 443, the destination
uses the HTTPS protocol for that data stream conversation.
The Well Known and Registered ports are assigned by IANA (Internet Assigned Numbers Authority) and are found here:
http://www.iana.org/assignments/port-numbers.
In UNIX and Linux operating systems, only root may open or close a well-known port. Well Known Ports are also commonly
referred to as “privileged ports”.
Dynamic Ports
Dynamic ports, sometimes called “private ports”, are available to use for any general purpose. This means there are no meanings associated with these
ports (similar to RFC 1918 IP Address Usage). These are the safest ports to use because no application types are linked to these ports. The dynamic port
range is 49152 – 65535.
Sockets
A socket is the pairing of an IP address with a port number. An example would be 192.168.5.17:3009, where 3009 is the socket number associated with the
IP address. A data flow, or conversation, requires two sockets – one at the source device and one at the destination device. The data flow then has two
sockets with a total of four logical elements. Each data flow must be unique. If one of the four elements is unique, the data flow is unique. The following
three data flows are uniquely identified by socket number and/or IP address.
Data Flow 1: 172.16.16.14:1234 - 10.1.2.3:2345
Data flow 1 has two different port numbers and two different IP addresses and is a valid and typical socket pair.
Data flow 2 has the same IP addresses and the same port number on the second IP address as data flow 1, but since the port number on the first socket
differs, the data flow is unique.
Therefore, if one IP address octet changes, or one port number changes, the data flow is unique.
Below is an example showing ingress and egress data flows from a PC to a web server.
Notice the client egress stream includes the client’s source IP and socket (1369) and the destination IP and socket (80). The
ingress stream has the source and destination information reversed because the ingress is coming from the server.
Packet Filtering is the most basic form of the firewalls. Each packet that arrives or leaves the network has its header fields
examined against criterion to either drop the packet or let it through. Routers configured with Access Control Lists (ACL) use
packet filtering. An example of packet filtering is preventing any source device on the Engineering subnet to telnet into any
device in the Accounting subnet.
Application level gateways (ALG) act as a proxy, preventing a direct connection between the foreign device and the internal
destination device. ALGs filter each individual packet rather than blindly copying bytes. ALGs can also send alerts via email,
alarms or other methods and keep log files to track significant events.
Hybrid firewalls are dynamic systems, tracking each connection traversing all interfaces of the firewall and making sure they
are valid. In addition to looking at headers, the contents of the packet, up through the application layer, is examined. A stateful
inspection firewall also monitors the state of the connection and compiles the information in a state table. Stateful inspection
firewalls close off ports until the connection to the specific port is requested. This is an enhancement to security against port
scanning1.
Firewall Policies
The goals of firewall policies are to monitor, authorize and log data flows and events. They also restrict access using IP
addresses, port numbers and application types and sub-types.
This paper is focused with identifying the port numbers used by Avaya products so effective firewall policies can be created
without disrupting business communications or opening unnecessary access into the network.
Knowing that the source column in the following matrices is the socket initiator is key in building some types of firewall
policies. Some firewalls can be configured to automatically create a return path through the firewall if the initiating source is
allowed through. This option removes the need to enter two firewall rules, one for each stream direction, but can also raise
security concerns.
Another feature of some firewalls is to create an umbrella policy that allows access for many independent data flows using a
common higher layer attribute. One example would be creating a policy to allow any H.323 data flows through the firewall.
This umbrella policy would allow H.225, H.245, H.248, RTCP and RTP streams to flow through the firewall without specifying
specific port ranges for each of these protocols.
Finally, many firewall policies can be avoided by placing endpoints and the servers that serve those endpoints in the same
firewall zone.
1
The act of systematically scanning a computer's ports. Since a port is a place where information goes into and out of a computer, port
scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks, but port scanning also can be
malicious in nature if someone is looking for a weakened access point to break into your computer.
Avaya – Proprietary & Confidential. 5
Use pursuant to the terms of your signed agreement or Avaya policy.
Matrix Headings Defined
Source Initiator: The device or application initiating a data flow.
Source Port(s): This is the default port(s) used by the source device or application. Valid values include: 0 – 65535.
Destination Receiver: The device or application receiving a data flow from a source.
Destination Port(s): This is the default port(s) used at the device or application responding to an initiator. Valid values include: 0 – 65535.
Network / Application Protocol: Labels of the network and application protocols used.
Destination Configurable: “Yes” means the destination port is configurable. “No” means the destination port is not configurable. Valid values include: Yes
or No.
Range If populated, this field lists the range of ports that can be used by the destination. The range may or may not be configurable. Valid values include: 0
– 65535.
Source Configurable: “Yes” means the source port is configurable. “No” means the source port is not configurable. Valid values include: Yes or No
Range: If populated, this field lists the range of ports that can be used by the source. The range may or may not be configurable. Valid values include: 0 –
65535.
Traffic Purpose: Describes the purpose of the data flow.
Comments: Important comments.
2 Medpro Boards 2049 - 3027 VMM Server 5005 UDP / RTCP Yes Yes Medpro boards send IP
statistics to the VMM
1024 - 65535 1024 - 65535 Server
3 Media 5005 VMM Server 5005 UDP / RTCP Yes Yes Media Gateways send
Gateways IP statistics to the VMM
1024 - 65535 1024 - 65535 Server
4 VMM Server 1024+ SQL Database 1433 TCP / SQL No No Used to access the
and Monitor SQL database
5 VMM Client 1024+ VMM Server 1099, TCP / RMI No No VMM Client to Server
49177, communication; first
51173, available port of the
63006 four is used (Note:
VMM Client can be
configured to tunnel
RMI via HTTP)
6 VMM Server 1024+ VMM Monitor 27015 TCP / custom Yes Yes Used by VMM Server
to configure the VMM
1024 - 65535 1024 - 65535 Monitor
8 PIM 1024+ JBOSS 2784 – 2789 TCP / RMI Yes No Used by JBOSS on
PIM server
1024 – 65535
10 Network 1024+ Multiple 2843 TCP / RMI Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
cv.jum.rmi.port
11 Network 1024+ Multiple 2401 TCP / Multiple Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
cv.launcher.port
12 Network 1024+ Multiple 2402 TCP / Multiple Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
llm.clients.port
13 Network 1024+ Multiple 2403 TCP / RMI Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
fileaccess.rmi.port
14 Network 1024+ Multiple 2404 TCP / RMI Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
userver.rmi.port
15 Network 1024+ Multiple 2405 TCP / Multiple Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
llm.servers.port
16 Network 1024+ Multiple 2406 TCP / Multiple Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
userver.socket.port
17 Network 1024+ Multiple 2407 TCP / Multiple Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
service.smuserdb.port
18 Network 1024+ Multiple 2408 TCP / Multiple Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
service.snmpinfo.port
20 Network 1024+ Multiple 2410 TCP / Multiple Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
nmlogin.local.port
21 Network 1024+ Multiple 2411 TCP / Multiple Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
nmlogin.remote.port
22 Network 1024+ Multiple 2412 TCP / RMI Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
nmlogin.rmi.port
23 Network 1024+ Multiple 2413 TCP / Multiple Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
llm.fileaccess.port
24 Network 1024+ Multiple 2500 TCP / RMI Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
smServer.rmi.port
25 Network 1024+ Multiple 2330 TCP / RMI Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
amServer.rmi.port
26 Network 1024+ Multiple 2331 TCP / RMI Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
amProcess.rmi.port
27 Network 1024+ Multiple 2332 TCP / Multiple Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as
llm.amClient.port
28 Network 1024+ Multiple 2900 - 2950 TCP / RMI Yes No Used for Client access,
Management RMI, Login, Database,
1024- 65535 and Trap services;
defined as rmiport.min
and rmiport.max
29 JBOSS 1024+ NM Server 62080, TCP / RMI Yes No JBoss inner ports and
62005, RMI/HTTP/Naming
62099, 1024- 65535 ports
62098,
62444,
62455,
62083,
62093,
62873
31 Trap Manager 1024+ NM Server 6169 TCP / RMI Yes No RMI port for Trap
Manager
1024- 65535
32 VMM Server 1024+ Network 162 UDP / SNMP No No Optional – needed for
Management VMM SNMP Traps
System
34 Management 1024+ Apache 8080 TCP / HTTP Yes No Apache Web Server
PC
1024- 65535
39 VMM, Network 1024+ NMS, 161 UDP / SNMP No No SNMP access for
Management Communication Management
Console Manager and
other SNMP
devices
50 ASA, VAM 1024+ Communication 5000 TCP / Telnet Yes No Un-secure SAT Service
Manager ports on Oryx/Pecos-
5000 - 9999 based Voice Systems
through CLAN ports
Notes:
Ingress: This indicates data flowing INTO the product defined in the matrix.
Egress: This indicates data flowing away FROM the product defined in the matrix.
Port(s): This is the layer-4 port number. Valid values include: 0 – 65535. Note all ports listed are destination ports.
Network/Application Protocol: This is the name associated with the layer-4 protocol and layers-5-7 application.
Optionally Enabled / Disabled: This field indicates whether customers can enable or disable a layer-4 port changing its default port setting. Valid values
include: Yes or No
No means the default port state cannot be changed (e.g. enable or disabled).
Yes means the default port state can be changed and that the port can either be enabled or disabled.
Default Port State: A port is either open, closed, filtered or N/A.
Open ports will respond to queries
Closed ports may or may not respond to queries and are only listed when they can be optionally enabled.
Filtered ports can be open or closed. Filtered UDP ports will not respond to queries. Filtered TCP will respond to queries, but will not allow connectivity.
N/A is used for the egress default port state since these are not listening ports on the product.
The port numbers are assigned by IANA (Internet Assigned Numbers Authority) and are found here:
http://www.iana.org/assignments/port-numbers
The protocol numbers are assigned by IANA (Internet Assigned Numbers Authority) and are found here:
http://www.iana.org/assignments/protocol-numbers
This paper attempts to provide the customer with relevant information about the Integrated Management Windows-
based applications in order for customers to make an assessment of the necessary protocols and services needed to
run on their Windows server.
The following table gives meanings for most of the terms and acronyms used in this document.
Term Meaning
API Application Programming Interface
ASA Avaya Site Administration
CLAN Control-LAN, a Communication Manager IP interface circuit pack
FIFO First In First Out
FTP File Transfer Protocol
GUI Graphical User Interface
HKCU HKey Current User
HKLM HKey Local Machine
HTML HyperText Markup Language
HTTP HyperText Transfer Protocol
HTTPS HyperText Transfer Protocol Secure
IP Internet Protocol
NM Network Management
NMSI Network Management System Integration
NNM Network Node Manager
OV HP OpenView
PIM Provisioning and Installation Manager
PPP Point-to-Point Protocol
RMATS Remote Maintenance and Test System
RMI Remote Method Invocation
SAT System Access Terminal
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SSH Secure Shell
T&M Time and Materials
TCP Transmission Control Protocol
TSC Technical Service Center
UDP User Datagram Protocol
VAM Voice Announcement Manager
VMM VoIP Monitoring Manager
VNC Virtual Network Computing - software that makes it possible to view
and fully-interact with one computer from any other computer or
mobile device anywhere on the Internet
VPN Virtual Private Network
C:\Program Files\Avaya\Third Party Installed contains copies of all the third party
installers used for IM install
Registry Entries:
HKLM\SOFTWARE\Avaya\Avaya Integrated Management\
HKLM\SOFTWARE\Avaya\JRE 1.5.0_08\
HKLM\SOFTWARE\Avaya\JRE 1.5.0_08\AppsInstalled\
Environment Variables:
The following entries are made in the environment registry at HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment\:
PROP_PATH
Registry Entries:
HKLM\SOFTWARE\Avaya\Avaya Integrated Management\
Environment Variables:
The following entries are made in the environment registry at HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment\:
AIM_VERSION AIM_FPM
AIM_CCS AIM_GMS
AIM_EPI AIM_IMD
AIM_EPI_PORT AIM_MSA
AIM_PATH AIM_MSG
AIM_SERVER AIM_NSM
AVAYA_ROOT AIM_PA
ASA_FLAG AIM_VOIP
VAM_FLAG AIM_VMSC
MM_FLAG AIM_IEM
AIM_MM
C:\Program Files\Avaya\Site Administration\data data files; such as bitmaps, defaults and list files
Registry Entries:
HKLM\SOFTWARE\Avaya\Avaya Integrated Management\
HKLM\SOFTWARE\Avaya\Avaya Integrated Management Avaya Site Administration\
HKLM\SOFTWARE\Avaya\Avaya Site Administration\
HKLM\SOFTWARE\Avaya\Avaya Site Administration\SASL Library\
HKLM\SOFTWARE\Avaya\Avaya Site Administration \System\
HKCU\SOFTWARE\Avaya\Avaya Site Administration\
Environment Variables:
The following entries are made in the environment registry at HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment\:
AIM_PATH
AIM_SERVER
SA_PATH
DSA_PATH
C:\Program Files\Avaya\Voice Announcement contains JPEG, GIF and bitmap image files
Manager\images
Registry Entries:
HKLM\SOFTWARE\Avaya\Avaya Integrated Management\
HKLM\SOFTWARE\Avaya\Avaya Integrated Management Administration Tools\
Environment Variables:
The following entries are made in the environment registry at HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment\:
AIM_PATH
AIM_SERVER
VAL_PATH
JRE2_BIN
Registry Entries:
HKLM\SOFTWARE\Avaya\Avaya Integrated Management\
HKLM\SOFTWARE\Avaya\Avaya Integrated Management VoIP Monitoring Manager\
HKLM\SOFTWARE\Avaya\VoIP Monitoring Manager\
HKLM\SOFTWARE\Avaya\VoIP Monitoring Manager\RtcpMon\
Environment Variables:
The following entries are made in the environment registry at HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment\:
AIM_PATH
AIM_SERVER
VMON_PATH
JRE2_BIN
AIM_VOIP
WebLM:
Default Directories:
C:\Program Files\Apache Group\Tomcat 4.1\ contains expanded war file, once WebLM is
webapps\WebLM started
Registry Entries:
None
Environment Variables:
The following entries are made in the environment registry HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment\:
WEBLM_IP
WEBLM_PORT
CATALINA_HOME
JAVA_HOME
Registry Entries:
HKLM\SOFTWARE\Microsoft\MSSQLSERVER\
Registry Entries:
HKLM\SOFTWARE\Avaya\Avaya Integrated Management\
HKLM\SOFTWARE\Avaya\Avaya Integrated Management Network Management\
HKLM\SOFTWARE\Avaya\Avaya Integrated Management Network Management 3.1\
HKLM\SOFTWARE\Avaya\Avaya Integrated Management Network Management 3.1\ Components\
HKLM\SOFTWARE\Avaya\Avaya Integrated Management Network Management 3.1\ Versions\
Environment Variables:
The following entries are made in the environment registry at HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment\:
AIM_VERSION AIM_FPM
AIM_CCS AIM_GMS
AIM_EPI AIM_IMD
AIM_EPI_PORT AIM_MSA
AIM_PATH AIM_MSG
AIM_SERVER AIM_NSM
NM_PATH AIM_PA
NM_INSTALLED AIM_VOIP
JRE2_BIN AIM_VMSC
AVAYA_ROOT AIM_IEM
CYGWIN AIM_MM
SCP_PATH ASA_FLAG
CV_PATH VAM_FLAG
CVS_HOME MM_FLAG
LUL_HOME
Default Directories:
C:\Program Files\Apache Group\Tomcat 4.1 contains executable files
Registry Entries:
HKLM\SOFTWARE\Apache Group\Tomcat\
Default Directories:
C:\Program Files\Apache Group\Apache2 contains executable files
Registry Entries:
HKLM\SOFTWARE\Apache Group\Apache\
SCP/SSH
OpenSSH for Windows used for SCP
Default Directories:
C:\Program Files\OpenSSH\
C:\Program Files\OpenSSH\bin\ contains executable files
Registry Entries:
HKLM\SOFTWARE\Cygnus Solutions\ Cygwin\
Environment Variables:
The following entries are made in the environment registry at HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment\:
CYGWIN
SCP_PATH