IMG 1010 - IP Security

 

IP Security for IMG and GCEMS

To protect against denial of service attacks, the GCEMS (Linux server) and IMG Control IP can be placed behind a firewall for security.  Should remote access to the GCEMS server be needed, a NAT, VPN, or other secure solution can be used for access to the server from the public internet.

Following is a list of ports and protocols used by the IMG and the GCEMS server.

  • The Ports in red would need to be opened in the firewall based on the recommendation above for remote access.

Connections between IMG and GCEMS

Port #

Description

Purpose

TCP: 20 & 21

FTP

  • Download IMG binary from GCEMS to IMG

  • Upload of software faults from IMG to GCEMS

TCP: 23

Telnet

IMG debug access

UDP: 111

PortMap

Portmap is used to request a mount port. Usually for NFS or NIS. The port request is sent from the IMG to the GCEMS server. See PortMap Request below.

UDP: 2049

NFS

  • Call tracing

  • Downloading Call treatments

  • Downloading routing & translation tables

UDP: 1812

Radius Authentication

Call authentication

UDP: 1813

Radius Accounting

Record Call Detail Records

TCP/UDP: 161

SNMP Network

Receive SNMP requests

TCP/UDP: 162

SNMP Network

Receive SNMP Traps

TCP: 12610

GCEMS control

IMG Configuration and Provisioning

UDP: 123

NTP Network

Time Protocol

Connections to the GCEMS server

Port #

Description

Purpose

Connection from

TCP: 22

SSH

Remote access to GCEMS server

  • Local support personnel

  • Sangoma technical support

TCP: 5901

VNC

 Remote access to GCEMS server

  • Local support personnel

  • Sangoma technical support

TCP: 80

HTTP

MRTG or CACTI monitoring

Local support personnel

TCP: 1312

GCEMS

GCEMS application port

  • GateManager on Active & Standby GCEMS server

  • CommManager on Standby GCEMS server

TCP: 2623

ClientView

Data Transfer Port between ClientView and DataManager

ClientView

TCP: 2428 - 2433

ClientView

FTP Transfer to DataManager

ClientView

TCP: 2624

ClientView

Signaling Port between ClientView and DataManager

ClientView

TCP: 1098/1099

ClientView

ClientView Authentication (Only required when ClientView is running on a different machine from GCEMS)

PC running ClientView to GCEMS server

 

Connections between IMG's if running redundant SS7 or SS7 with remote IMG’s

Port #

Description

Purpose

Connection from

UDP: 34867

SS7 Management

Internal SS7 communication between IMGs

IMG


PortMap Request

  • PortMap uses Port 111 and is used to request a mount port. Request is sent from IMG.

  • Mount uses the port returned in the PortMap response.

  • NFS uses port 2049

 

 

Return to Documentation Home I Return to Sangoma Support