Avaya Port Matrix: Avaya Aura® Conferencing 8.0

Issue 1.2 April 12, 2016

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0. April 2016

© 2013, Avaya Inc. All Rights Reserved Avaya or Avaya Channel Partner (as applicable) for more information. Notice Hosted Service While reasonable efforts have been made to ensure that the information in this document is complete and accurate THE FOLLOWING APPLIES ONLY IF YOU PURCHASE at the time of printing, Avaya assumes no liability for any AN AVAYA HOSTED SERVICE SUBSCRIPTION FROM errors. Avaya reserves the right to make changes and AVAYA OR AN AVAYA CHANNEL PARTNER (AS corrections to the information in this document without the APPLICABLE), THE TERMS OF USE FOR HOSTED obligation to notify any person or organization of such SERVICES ARE AVAILABLE ON THE AVAYA WEBSITE, changes. HTTPS://SUPPORT.AVAYA.COM/LICENSEINFO UNDER

Documentation disclaimer THE LINK “Avaya Terms of Use for Hosted Services” OR SUCH SUCCESSOR SITE AS DESIGNATED BY AVAYA, AND ARE APPLICABLE TO ANYONE WHO ACCESSES “Documentation” means information published in varying OR USES THE HOSTED SERVICE. BY ACCESSING OR mediums which may include product information, operating USING THE HOSTED SERVICE, OR AUTHORIZING instructions and performance specifications that are OTHERS TO DO SO, YOU, ON BEHALF OF YOURSELF generally made available to users of products. AND THE ENTITY FOR WHOM YOU ARE DOING SO Documentation does not include marketing materials. (HEREINAFTER REFERRED TO INTERCHANGEABLY AS “YOU” AND “END USER”), AGREE TO THE TERMS Avaya shall not be responsible for any modifications, OF USE. IF YOU ARE ACCEPTING THE TERMS OF USE additions, or deletions to the original published version of ON BEHALF A COMPANY OR OTHER LEGAL ENTITY, Documentation unless such modifications, additions, or YOU REPRESENT THAT YOU HAVE THE AUTHORITY deletions were performed by or on the express behalf of TO BIND SUCH ENTITY TO THESE TERMS OF USE. IF Avaya. End User agrees to indemnify and hold harmless YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO Avaya, Avaya's agents, servants and employees against all NOT WISH TO ACCEPT THESE TERMS OF USE, YOU claims, lawsuits, demands and judgments arising out of, or MUST NOT ACCESS OR USE THE HOSTED SERVICE in connection with, subsequent modifications, additions or OR AUTHORIZE ANYONE TO ACCESS OR USE THE deletions to this documentation, to the extent made by End HOSTED SERVICE. User. Licenses Link disclaimer THE SOFTWARE LICENSE TERMS AVAILABLE ON Avaya is not responsible for the contents or reliability of THE AVAYA WEBSITE, any linked websites referenced within this site or HTTPS://SUPPORT.AVAYA.COM/LICENSEINFO, Documentation provided by Avaya. Avaya is not UNDER THE LINK “AVAYA SOFTWARE LICENSE responsible for the accuracy of any information, statement TERMS (Avaya Products)” OR SUCH SUCCESSOR or content provided on these sites and does not SITE AS DESIGNATED BY AVAYA, ARE APPLICABLE necessarily endorse the products, services, or information TO ANYONE WHO DOWNLOADS, USES AND/OR described or offered within them. Avaya does not INSTALLS AVAYA SOFTWARE, PURCHASED FROM guarantee that these links will work all the time and has no AVAYA INC., ANY AVAYA AFFILIATE, OR AN AVAYA control over the availability of the linked pages. CHANNEL PARTNER (AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH AVAYA OR AN Warranty AVAYA CHANNEL PARTNER. UNLESS OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES Avaya provides a limited warranty on Avaya hardware and NOT EXTEND THIS LICENSE IF THE SOFTWARE software. Refer to your sales agreement to establish the terms of the limited warranty. In addition, Avaya’s standard WAS OBTAINED FROM ANYONE OTHER THAN AVAYA, warranty language, as well as information regarding AN AVAYA AFFILIATE OR AN AVAYA CHANNEL support for this product while under warranty is available to PARTNER; AVAYA RESERVES THE RIGHT TO TAKE Avaya customers and other parties through the Avaya LEGAL ACTION AGAINST YOU AND ANYONE ELSE Support website: https://support.avaya.com/helpcenter/ USING OR SELLING THE SOFTWARE WITHOUT A getGenericDetails?detailId=C20091120112456651010 LICENSE. BY INSTALLING, DOWNLOADING OR under the link “Warranty & Product Lifecycle” or such USING THE SOFTWARE, OR AUTHORIZING OTHERS successor site as designated by Avaya. Please note that if TO DO SO, YOU, ON BEHALF OF YOURSELF AND You acquired the product(s) from an authorized Avaya THE ENTITY FOR WHOM YOU ARE INSTALLING, Channel Partner outside of the United States and Canada, DOWNLOADING OR USING THE SOFTWARE the warranty is provided to You by said Avaya Channel (HEREINAFTER REFERRED TO Partner and not by Avaya. INTERCHANGEABLY AS “YOU” AND “END USER”), “Hosted Service” means an Avaya hosted service AGREE TO THESE TERMS AND CONDITIONS AND subscription that You acquire from either Avaya or an CREATE A BINDING CONTRACT BETWEEN YOU AND authorized Avaya Channel Partner (as applicable) and AVAYA INC. OR THE APPLICABLE AVAYA AFFILIATE which is described further in Hosted SAS or other service (“AVAYA”). description documentation regarding the applicable hosted service. If You purchase a Hosted Service subscription, the Avaya grants You a license within the scope of the foregoing limited warranty may not apply but You may be license types described below, with the exception of entitled to support services in connection with the Hosted Heritage Nortel Software, for which the scope of the Service as described further in your service description license is detailed below. Where the order documents for the applicable Hosted Service. Contact documentation does not expressly identify a license type, Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

2 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 the applicable license will be a Designated System Except where expressly stated otherwise, no use should License as set forth below in the Designated System(s) be made of materials on this site, the Documentation, License (DS) section as applicable. The applicable Software, Hosted Service, or hardware provided by number of licenses and units of capacity for which the Avaya. All content on this site, the documentation, Hosted license is granted will be one (1), unless a different Service, and the product provided by Avaya including the number of licenses or units of capacity is specified in the selection, arrangement and design of the content is documentation or other materials available to You. owned either by Avaya or its licensors and is protected by “Software” means computer programs in object code, copyright and other intellectual property laws including the provided by Avaya or an Avaya Channel Partner, sui generis rights relating to the protection of databases. whether as stand-alone products, pre-installed on You may not modify, copy, reproduce, republish, upload, hardware products, and any upgrades, updates, patches, post, transmit or distribute in any way any content, in bug fixes, or modified versions thereto. “Designated whole or in part, including any code and software unless Processor” means a single stand-alone computing expressly authorized by Avaya. Unauthorized device. “Server” means a set of Designated Processors reproduction, transmission, dissemination, storage, and or that hosts (physically or virtually) a software application use without the express written consent of Avaya can be a to be accessed by multiple users. “Instance” means a criminal, as well as a civil offense under the applicable single copy of the Software executing at a particular time: law. (i) on one physical machine; or (ii) on one deployed software virtual machine (“VM”) or similar deployment. Virtualization

License types The following applies if the product is deployed on a virtual machine. Each product has its own ordering code and Designated System(s) License (DS). End User may license types. Note, unless otherwise stated, that each install and use each copy or an Instance of the Software Instance of a product must be separately licensed and only: 1) on a number of Designated Processors up to the ordered. For example, if the end user customer or Avaya number indicated in the order; or 2) up to the number of Channel Partner would like to install two Instances of the Instances of the Software as indicated in the order, same type of products, then two products of that type must Documentation, or as authorized by Avaya in writing. be ordered. Avaya may require the Designated Processor(s) to be identified in the order by type, serial number, feature key, Third Party Components Instance, location or other specific designation, or to be provided by End User to Avaya through electronic means “Third Party Components” mean certain software established by Avaya specifically for this purpose. programs or portions thereof included in the Software or Hosted Service may contain software (including open Named User License (NU). You may: (i) install and use source software) distributed under third party agreements each copy or Instance of the Software on a single (“Third Party Components”), which contain terms Designated Processor or Server per authorized Named regarding the rights to use certain portions of the Software User (defined below); or (ii) install and use each copy or (“Third Party Terms”). As required, information regarding Instance of the Software on a Server so long as only distributed Linux OS source code (for those products that authorized Named Users access and use the Software. have distributed Linux OS source code) and identifying the “Named User”, means a user or device that has been copyright holders of the Third Party Components and the expressly authorized by Avaya to access and use the Third Party Terms that apply is available in the products, Software. At Avaya’s sole discretion, a “Named User” may Documentation or on Avaya’s website at: https:// be, without limitation, designated by name, corporate support.avaya.com/Copyright or such successor site as email account in the name of a person or corporate designated by Avaya. The open source software license function, or a directory entry in the administrative terms provided as Third Party Terms are consistent with database utilized by the Software that permits one user to the license rights granted in these Software License interface with the Software. Terms, and may contain additional rights benefiting You, such as modification and distribution of the open source Heritage Nortel Software software. The Third Party Terms shall take precedence over these Software License Terms, solely with respect to “Heritage Nortel Software” means the software that was the applicable Third Party Components to the extent that acquired by Avaya as part of its purchase of the Nortel these Software License Terms impose greater restrictions Enterprise Solutions Business in December 2009. The on You than the applicable Third Party Terms. Heritage Nortel Software is the software contained within the list of Heritage Nortel Products located at The following applies only if the H.264 (AVC) codec is https://support.avaya.com/LicenseInfo under the link distributed with the product. THIS PRODUCT IS “Heritage Nortel Products” or such successor site as LICENSED UNDER THE AVC PATENT PORTFOLIO designated by Avaya. For Heritage Nortel Software, LICENSE FOR THE PERSONAL USE OF A CONSUMER Avaya grants Customer a license to use Heritage Nortel OR OTHER USES IN WHICH IT DOES NOT RECEIVE Software provided hereunder solely to the extent of the REMUNERATION TO (i) ENCODE VIDEO IN authorized activation or authorized usage level, solely for COMPLIANCE WITH THE AVC STANDARD (“AVC the purpose specified in the Documentation, and solely VIDEO”) AND/OR (ii) DECODE AVC VIDEO THAT WAS as embedded in, for execution on, or for communication ENCODED BY A CONSUMER ENGAGED IN A with Avaya equipment. PERSONAL ACTIVITY AND/OR WAS OBTAINED FROM A VIDEO PROVIDER LICENSED TO PROVIDE AVC Charges for Heritage Nortel Software may be based on VIDEO. NO LICENSE IS GRANTED OR SHALL BE extent of activation or use authorized as specified in an IMPLIED FOR ANY OTHER USE. ADDITIONAL order or invoice. INFORMATION MAY BE OBTAINED FROM MPEG LA,

Copyright L.L.C. SEE HTTP://WWW.MPEGLA.COM. Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 3 Service Provider If You suspect that You are being victimized by Toll Fraud and You need technical assistance or support, call THE FOLLOWING APPLIES TO AVAYA CHANNEL Technical Service Center Toll Fraud Intervention Hotline PARTNER’S HOSTING OF AVAYA PRODUCTS OR at +1-800-643-2353 for the United States and Canada. SERVICES. THE PRODUCT OR HOSTED SERVICE MAY For additional support telephone numbers, see the Avaya USE THIRD PARTY COMPONENTS SUBJECT TO Support website: https://support.avaya.com or such THIRD PARTY TERMS AND REQUIRE A SERVICE successor site as designated by Avaya. PROVIDER TO BE INDEPENDENTLY LICENSED DIRECTLY FROM THE THIRD PARTY SUPPLIER. AN Security Vulnerabilities AVAYA CHANNEL PARTNER’S HOSTING OF AVAYA PRODUCTS MUST BE AUTHORIZED IN WRITING BY Information about Avaya’s security support policies can AVAYA AND IF THOSE HOSTED PRODUCTS USE OR be found in the Security Policies and Support section of EMBED CERTAIN THIRD PARTY SOFTWARE, https:// support.avaya.com/security. INCLUDING BUT NOT LIMITED TO MICROSOFT SOFTWARE OR CODECS, THE AVAYA CHANNEL Suspected Avaya product security vulnerabilities are PARTNER IS REQUIRED TO INDEPENDENTLY OBTAIN handled per the Avaya Product Security Support Flow ANY APPLICABLE LICENSE AGREEMENTS, AT THE (https:// AVAYA CHANNEL PARTNER’S EXPENSE, DIRECTLY support.avaya.com/css/P8/documents/100161515). FROM THE APPLICABLE THIRD PARTY SUPPLIER. Downloading Documentation WITH RESPECT TO CODECS, IF THE AVAYA CHANNEL PARTNER IS HOSTING ANY PRODUCTS THAT USE OR EMBED THE G.729 CODEC, H.264 For the most current versions of Documentation, see the CODEC, OR H.265 CODEC, THE AVAYA CHANNEL Avaya Support website: https://support.avaya.com, or PARTNER ACKNOWLEDGES AND AGREES THE such successor site as designated by Avaya. AVAYA CHANNEL PARTNER IS RESPONSIBLE FOR ANY AND ALL RELATED FEES AND/OR ROYALTIES. Contact Avaya Support THE G.729 CODEC IS LICENSED BY SIPRO LAB TELECOM INC. SEE See the Avaya Support website: WWW.SIPRO.COM/CONTACT.HTML. THE H.264 (AVC) https://support.avaya.com for product or Hosted Service CODEC IS LICENSED UNDER THE AVC PATENT notices and articles, or to report a problem with your PORTFOLIO LICENSE FOR THE PERSONAL USE OF Avaya product or Hosted Service. For a list of support A CONSUMER OR OTHER USES IN telephone numbers and contact addresses, go to the Avaya Support website: https://support.avaya.com (or WHICH IT DOES NOT RECEIVE REMUNERATION TO: such successor site as designated by Avaya), scroll to (I) ENCODE VIDEO IN COMPLIANCE WITH THE AVC the bottom of the page, and select Contact Avaya STANDARD (“AVC VIDEO”) AND/OR (II) DECODE AVC Support. VIDEO THAT WAS ENCODED BY A CONSUMER ENGAGED IN A PERSONAL ACTIVITY AND/OR WAS Trademarks OBTAINED FROM A VIDEO PROVIDER LICENSED TO PROVIDE AVC VIDEO. NO LICENSE IS GRANTED OR The trademarks, logos and service marks (“Marks”) SHALL BE IMPLIED FOR ANY OTHER USE. displayed in this site, the Documentation, Hosted Service(s), ADDITIONAL INFORMATION and product(s) provided by Avaya are the registered or unregistered Marks of Avaya, its affiliates, its licensors, its FOR H.264 (AVC) AND H.265 (HEVC) CODECS MAY suppliers, or other third parties. Users are not permitted to BE OBTAINED FROM MPEG LA, L.L.C. SEE HTTP:// WWW.MPEGLA.COM. use such Marks without prior written consent from Avaya or such third party which may own the Mark. Nothing contained in this site, the Documentation, Hosted Service(s) and Compliance with Laws product(s) should be construed as granting, by implication, estoppel, or otherwise, any license or right in and to the You acknowledge and agree that it is Your responsibility for Marks without the express written permission of Avaya or the applicable third party. complying with any applicable laws and regulations, including, but not limited to laws and regulations related to call recording, data privacy, intellectual property, trade secret, fraud, and music performance rights, in the country or territory where the Avaya product is used.

Preventing Toll Fraud

“Toll Fraud” is the unauthorized use of your telecommunications system by an unauthorized party (for example, a person who is not a corporate employee, agent, subcontractor, or is not working on your company's behalf). Be aware that there can be a risk of Toll Fraud associated with your system and that, if Toll Fraud occurs, it can result in substantial additional charges for your telecommunications services.

Avaya Toll Fraud intervention Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

4 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Avaya is a registered trademark of Avaya Inc.

All non-Avaya trademarks are the property of their respective owners. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. Java is a registered trademark of Oracle and/or its affiliates.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 5 1 Conferencing Components The Avaya Aura® Conferencing server platform supports the configuration of a single “bonded” network interface. Each bonded interface consists of two physical Ethernet network interfaces operating in active/standby mode. The server attaches to only one subnet and uses only one server IP address for the bond0 interface. The Avaya Aura® Conferencing server platform supports the configuration of multiple IPv4 addresses in one subnet. Depending on the deployment model selected for deployment, one or more components may share the same server, along with the server IP address. Please refer to Deploying Avaya Aura Conferencing 8.0 for supported configurations.

Component Description Database The Database is the component that stores configuration data for the Avaya Aura® Conferencing Network Elements. Element Manager (EM) The Element Manager is the component that manages all the Avaya Aura® Conferencing Network Elements. Accounting Manager The Accounting Manager is the component that manages all the billing (AM) and account details. Provisioning Manager The Provisioning Manager is the component that manages configuration procedures via a web interface for configuring system wide conferencing details and templates, and managing user configuration specific to conferencing. Collaboration Agent (CA) The Collaboration Agent Manager is the component that hosts the Manager Collaboration Agent which is a web interface for users to see their conference status, perform actions on the conference, and share a web collaboration session. Application Server (AS) The Application Server is the component that manages conferencing signaling. Media Server (MS) The Media Server is the component that host conferencing, relay media, and optionally records and stores recorded content for playback retrieval when configured in a Recording Media Server Cluster. When used in the co-resident deployment model, the Media Server requires an additional IPv4 network address on the “bond0” interface for media due to the number of ports used by media flows. Web Conferencing The Web Conferencing Management Server is the component that Management Server manages Web Conferencing Servers and relays documents to the (WCMS) Document Conversion Server when document conversion is requested. Web Conferencing Server The Web Conferencing Server is the component that handles user actions (WCS) and media during web collaboration. Document Conversion The Document Conversion Server it the component that converts Office Server (DCS) documents into the format required for document sharing during a web conference session. Flash Media Gateway The FMG component converts sessions between the Flash-domain (FMG) (RTMP signaling and media) and the Multimedia-domain (SIP signaling and RTP/RTCP media). Flash Media Management The Flash Media Management Server component provides OAM&P Server functions for configuration, administration, and management of Audio/Video in Collaboration Agent. Audio/Video in This is a Flash-based client that connects to the Flash Media Management Collaboration Server and provides access to OAM&P functions for configuration, Management Portal Client administration, and management of Audio/Video in Collaboration systems. Avaya Aura® Session The Avaya Aura® Session Manager is the SIP routing and core component Manager of the Avaya Aura® solution. Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

6 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Component Description Avaya Aura® System The Avaya Aura® System Manager is the central management system Manager component of the Avaya Aura® solution. Avaya Session Border The Avaya Session Border Controller is a secure interface for SIP trunking Controller (SBC) and remote worker connectivity.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 7 2 Port Usage Tables

2.1 Port Usage Table Heading Definitions Ingress Connections (In): This indicates connection requests that are initiated from external devices to open ports on this product. From the point of view of the product, the connection request is coming “In”. (Note that in most cases, traffic will flow in both directions.)

Egress Connections (Out): This indicates connection requests that are initiated from this product to known ports on a remote device. From the point of view of the product, the connection requests is going “Out”. (Note that in most cases, traffic will flow in both directions.)

Intra-Device Connections: This indicates connection requests that both originate and terminate on this product. Normally these would be handled on the loopback interface, but there may be some exceptions where modules within this product must communicate on ports open on one of the physical Ethernet interfaces. These ports would not need to be configured on an external firewall, but may show up on a port scan of the product.

Destination Port: This is the default layer-4 port number to which the connection request is sent. Valid values include: 0 – 65535. A”(C)” next to the port number means that the port number is configurable. Refer to the Notes section after each table for specifics on valid port ranges.

Network/Application Protocol: This is the name associated with the layer-4 protocol and layers-5-7 application.

Optionally Enabled / Disabled: This field indicates whether customers can enable or disable a layer-4 port changing its default port setting. Valid values include: Yes or No

“No” means the default port state cannot be changed (e.g. enabled or disabled). “Yes” means the default port state can be changed and that the port can either be enabled or disabled.

Default Port State: A port is either open, closed, filtered or N/A.

Open ports will respond to queries.

Closed ports may or may not respond to queries and are only listed when they can be optionally enabled.

Filtered ports can be open or closed. Filtered UDP ports will not respond to queries. Filtered TCP will respond to queries, but will not allow connectivity.

N/A is used for the egress default port state since these are not listening ports on the product.

External Device: This is the remote device that is initiating a connection request (Ingress Connections) or receiving a connection request (Egress Connections).

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

8 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 2.2 Port Tables Below are the tables which document the port usage for this product. Each component is represented by a separate table. For components that use more than one IP Address, that component has a table for each address separating the ingress/egress traffic per IP Address. Most components share a server IP Address with other components therefore there will be some duplication of ports, for example each server IP address will have the SSH TCP Port 22 open. For communication between components, egress traffic will be ingress traffic for the other component. In addition, unless otherwise noted, the source port of the data flows is the ephemeral port range (49152 – 65535) as suggested by the IANA.

2.2.1 Firewall Boundary Legend Notes If communication may cross an optional firewall boundary, it is noted in the note column for that table using the following symbols:

 δ – Used to note communication crossing Firewall boundary between a DMZ and the Core Data Center Network.  δ’ – Used to note communication crossing Firewall boundary between a DMZ and the Core Data Center that exists due to initial installation having the WCMS in the DMZ and has not been moved to the Core Data Center Network.  ε – Used to note communication crossing DMZ Firewall boundary from the Internet.  ρ – Used to note communication crossing Firewall boundary between the Core Data Center Network and a Remote Hosting Location Network.

Figure 1 below shows a high level diagram where these firewall boundaries may exist and the corresponding symbol use to correlate using the notes column in the respective tables that follow.

ε δ ρ

Internet Enterprise Network Remote Location DMZ

Figure 1: Firewall Boundaries

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 9 2.2.2 Conferencing Database Servers

Table 1 Ports for Database (DB) Server IP Addresses

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 1.1.1 22 TCP/SSH No Open Admin Terminal, SAL Gateway System Management requiring shell access 1.1.2 4891 TCP/TLS No Open EM Server NED 1.1.3 5432 TCP/TLS No Open EM Server Database SQL 1.1.4 5432 TCP/TLS No Open AM Server Database SQL 1.1.5 5432 TCP/TLS No Open Provisioning Manager Server Database SQL 1.1.6 5432 TCP/TLS No Open CA Manager Server Database SQL δ 1.1.7 5432 TCP/TLS No Open AS Server Database SQL 1.1.8 5432 TCP/TLS No Open MS Server Database SQL ρ 1.1.9 5432 TCP/TLS No Open WCMS Server Database SQL δ’ 1.1.10 5432 TCP/TLS No Open WCS Server Database SQL δ 1.1.11 5432 TCP/TLS No Open DCS Server Database SQL 1.1.12 5438-5439 TCP/TLS No Open Redundant Database server Database synchronization EGRESS CONNECTIONS 1.2.1 123 UDP No N/A NTP Source NTP 1 1.2.2 514 UDP Yes N/A Syslog server Remote Syslog Server 1.2.3 2100 TCP/TLS No N/A All Network Element servers NED FTP pull passive mode (control) 2 1.2.4 2101 – 2151 TCP/TLS No N/A All Network Element servers NED FTP pull passive mode (data) 2 1.2.5 5438 – 5439 TCP/TLS No N/A Redundant Database server Database synchronization INTRA-DEVICE CONNECTIONS 1.3.1 NONE

Notes:

1. Source port 123 2. Uses SSL FTP (RFC 4217)

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

10 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 2.2.3 Element Manager

Table 2: Ports for EM Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 2.1.1 22 TCP/SSH No Open Admin Terminal, SAL Gateway System Management requiring shell access 2.1.2 123 UDP No Open NTP Source NTP 1 2.1.3 161 UDP No Open All Network Element servers SMNP (GET) δ,δ’,ρ 2.1.4 2100 TCP/TLS No Open All Network Element servers NED FTP pull passive mode (control) δ,δ’,ρ,2 2.1.5 2101 – 2151 TCP/TLS No Open All Network Element servers NED FTP pull passive mode (data) δ,δ’,ρ,2 2.1.6 4891 TCP/TLS No Open All Network Element servers NED δ,δ’,ρ 2.1.7 12102 TCP/TLS No Open EM Service Config. Mtce (perfect channel) Config. Mtce (perfect channel) and 2.1.8 12102 UDP No Open EM Service associated heartbeat to the TCP Perfect 3 Channel. 2.1.9 12113 TCP No Open EM Service Logs (perfect channel) Logs (perfect channel), Associated 2.1.10 12113 UDP No Open EM Service 4 Heartbeat to TCP Perfect Channel 2.1.11 12115 TCP No Open EM Service OMs (perfect channel) OMs (perfect channel), Associated 2.1.12 12115 UDP No Open EM Service 5 Heartbeat to TCP Perfect Channel 2.1.13 12150 UDP No Open Redundant EM Server FT heartbeat 6,7 2.1.14 12153 TCP No Open Redundant EM Server FT Sync Channel 6 2.1.15 49152 – 65535 UDP No Open Redundant EM Server FT Sync Channel 6 2.1.16 49152 – 65535 UDP No Open EM Service Alarms (sync channel) EGRESS CONNECTIONS 2.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 2.2.2 123 UDP No N/A NTP Source NTP 1 2.2.3 161 UDP No N/A Media Server SNMP (GET) 2.2.4 443 TCP/HTTPS No N/A Avaya Aura® System Manager Trust Management 2.2.5 514 UDP Yes N/A Syslog Server Remote Syslog Server 2.2.6 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 2 2.2.7 2101 – 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 2 2.2.8 5432 TCP/TLS No N/A DB Server Database SQL 2.2.9 10162 TCP No N/A Avaya Aura® System Manager SNMP (TRAP) 12 2.2.10 162, 1024-65535 TCP No N/A External SNMP Manager SNMP (TRAP) 13 2.2.11 12112 UDP No N/A EM Service Logs (perfect channel) 9 2.2.12 12114 UDP No N/A EM Service OMs (perfect channel) 10 Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 11 Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) 2.2.13 12125 TCP/TLS No N/A EM Service Alarm Sync 11 2.2.14 12150 UDP No N/A Redundant EM Server FT heartbeat 6,7 2.2.15 12153 TCP No N/A Redundant EM Server FT Sync Channel 6 2.2.16 49152 – 65535 UDP No N/A Redundant EM Server FT Sync Channel 6 2.2.17 49152 – 65535 UDP No N/A EM Service Alarm Sync 11 INTRA-DEVICE CONNECTIONS 2.3.1 NONE

Notes:

1. Source port 123 2. Uses SSL FTP (RFC 4217) 3. Source port is 12101, 49152 – 65535 4. Source port is 12112, 49152 – 65535 5. Source port is 12114, 49152 – 65535 6. Sync between active and standby instance 7. Source Port 12150 8. Source Port 12153 9. Source port 12113 10. Source port 12115 11. Source port 12104 12. Source port 10162. Trap port value must be either 162 or between 1024 and 65535. 13. No default source port value. Trap port value must be either 162 or between 1024 and 65535.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

12 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Table 3: Ports for EM Service IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 3.1.1 12101 TCP/TLS No Open Network Element Servers Config. Mtce (perfect channel) δ,δ’,ρ 3.1.2 12101 UDP No Open Network Element Servers Config. Mtce (perfect channel) δ,δ’,ρ,1 3.1.3 12106 UDP No Open Redundant ADR EM Service ADR Inter-system Heartbeat ρ 3.1.4 12112 TCP/TLS No Open Network Element Servers Logs (perfect channel) δ,δ’,ρ 3.1.5 12112 UDP No Open Network Element Servers Logs (perfect channel) δ,δ’,ρ,2 3.1.6 12114 TCP/TLS No Open Network Element Servers OMs (perfect channel) δ,δ’,ρ 3.1.7 12114 UDP No Open Network Element Servers OMs (perfect channel) δ,δ’,ρ,3 EM Console connection to the EM Service 3.1.8 12120 TCP Yes Open EM Console Address. EM Console secure connection to the EM 3.1.9 12121 TCP/TLS No Open EM Console Service Address 3.1.10 12125 TCP/TLS No Open Network Element Servers Alarms (sync channel) δ,δ’,ρ,4 3.1.11 12126 TCP/TLS No Open EM Console EM Console Log Browser Stream 3.1.12 49152 – 65535 UDP No Open Network Element Servers Alarms Sync δ,δ’,ρ,4 EGRESS CONNECTIONS 3.2.1 12106 UDP No N/A Redundant ADR EM Service ADR Inter-system Heartbeat ρ 3.2.2 12302 TCP/TLS No N/A AM Server Config. Mtce (Perfect Channel) Config. Mtce (Perfect Channel) and 5 3.2.3 12302 UDP No N/A AM Server associated heartbeat to TCP Perfect Channel 3.2.4 12313 TCP/TLS No N/A AM Server Logs (Perfect Channel) Logs (Perfect Channel) and associated 6 3.2.5 12313 UDP No N/A AM Server heartbeat to TCP Perfect Channel 3.2.6 12315 TCP/TLS No N/A AM Server OMs (Perfect Channel) OMs (Perfect Channel) and associated 7 3.2.7 12315 UDP No N/A AM Server heartbeat to TCP Perfect Channel 3.2.8 15002 TCP/TLS No N/A AS Server Config. Mtce (Perfect Channel) Config. Mtce (Perfect Channel) and 3.2.9 15002 UDP No N/A AS Server associated heartbeat to TCP Perfect 5 Channel 3.2.10 15013 TCP/TLS No N/A AS Server Logs (Perfect Channel) Logs (Perfect Channel) and associated 3.2.11 15013 UDP No N/A AS Server 6 heartbeat to TCP Perfect Channel 3.2.12 15015 TCP/TLS No N/A AS Server OMs (perfect channel) OMs (perfect channel), Associated 3.2.13 15015 UDP No N/A AS Server 7 Heartbeat to TCP Perfect Channel 3.2.14 17002 TCP/TLS No N/A WCMS Server Config. Mtce (Perfect Channel) δ’ Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 13 Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) Config. Mtce (Perfect Channel) and 3.2.15 17002 UDP No N/A WCMS Server associated heartbeat to TCP Perfect δ’,5 Channel 3.2.16 17013 TCP/TLS No N/A WCMS Server Logs (Perfect Channel) δ’ Logs (Perfect Channel) and associated 3.2.17 17013 UDP No N/A WCMS Server δ’,6 heartbeat to TCP Perfect Channel 3.2.18 17015 TCP/TLS No N/A WCMS Server OMs (perfect channel) δ’ OMs (Perfect Channel) and associated 3.2.19 17015 UDP No N/A WCMS Server δ’,7 heartbeat to TCP Perfect Channel Provisioning or CA Manager 3.2.20 24002 TCP/TLS No N/A Config. Mtce (Perfect Channel) δ Server Config. Mtce (Perfect Channel) and Provisioning or CA Manager 3.2.21 24002 UDP No N/A associated heartbeat to TCP Perfect δ,5 Server Channel Provisioning or CA Manager 3.2.22 24013 TCP/TLS No N/A Logs (Perfect Channel) δ Server Provisioning or CA Manager Logs (Perfect Channel) and associated 3.2.23 24013 UDP No N/A δ,6 Server heartbeat to TCP Perfect Channel Provisioning or CA Manager 3.2.24 24015 TCP/TLS No N/A OMs (perfect channel) δ Server Provisioning or CA Manager OMs (perfect channel), Associated 3.2.25 24015 UDP No N/A δ,7 Server Heartbeat to TCP Perfect Channel 3.2.26 46002 TCP/TLS No N/A DCS Config. Mtce (Perfect Channel) Config Mtce (Perfect Channel) and 3.2.27 46002 UDP No N/A DCS associated heartbeat to TCP Perfect 5 Channel 3.2.28 46013 TCP/TLS No N/A DCS Logs (Perfect Channel) Logs (Perfect Channel) and associated 3.2.29 46013 UDP No N/A DCS 6 heartbeat to TCP Perfect Channel 3.2.30 46015 TCP/TLS No N/A DCS OMs (perfect channel) 7 OMs (perfect channel) and associated 3.2.31 46015 UDP No N/A DCS heartbeat to TCP Perfect Channel 3.2.32 48902 TCP/TLS No N/A WCS Server Config. Mtce (Perfect Channel) δ Config. Mtce (Perfect Channel) and 3.2.33 48902 UDP No N/A WCS Server associated heartbeat to TCP Perfect δ,5 Channel 3.2.34 48913 TCP/TLS No N/A WCS Server Logs (Perfect Channel) δ Logs (Perfect Channel) and associated 3.2.35 48913 UDP No N/A WCS Server δ,6 heartbeat to TCP Perfect Channel 3.2.36 48915 TCP/TLS No N/A WCS Server OMs (perfect channel) δ Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

14 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) OMs (Perfect Channel) and associated 3.2.37 48915 UDP No N/A WCS Server δ,7 heartbeat to TCP Perfect Channel 3.2.38 49002 TCP/TLS No N/A MS Server Config. Mtce (Perfect Channel) ρ Config. Mtce (Perfect Channel) and 3.2.39 49002 UDP No N/A MS Server associated heartbeat to TCP Perfect ρ,5 Channel 3.2.40 49013 TCP/TLS No N/A MS Server Logs (Perfect Channel) ρ Logs (Perfect Channel) and associated 3.2.41 49013 UDP No N/A MS Server ρ,6 heartbeat to TCP Perfect Channel 3.2.42 49015 TCP/TLS No N/A MS Server OMs (perfect channel) ρ OMs (Perfect Channel) and associated 3.2.43 49015 UDP No N/A MS Server ρ,7 heartbeat to TCP Perfect Channel INTRA-DEVICE CONNECTIONS 3.3.1 514 UDP No Open N/A EM Service to local syslog 8

Notes:

1. Source port is External Device Network Element Base Port + NE Config. Maintenance Perfect Channel Offset. Refer to Table 28, Table 29. 2. Source port is External Device Network Element Base Port + Log Port Offset. Refer to Table 28, Table 29. 3. Source port is External Device Network Element Base Port + OM Port Offset. Refer to Table 28, Table 29. 4. Source port is External Device Network Element Base Port + Alarm Port Offset. Refer to Table 28, Table 29. 5. Source port is 12101, 49152 – 65535 6. Source port is 12112, 49152 – 65535 7. Source port is 12114, 49152 – 65535 8. Source port is 12191

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 15 2.2.4 Accounting Manager

Table 4: Ports for Accounting Manager (AM) Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 4.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System Management requiring shell access 4.1.2 161 UDP No Open EM Server SNMP (GET) 4.1.3 4891 TCP/TLS No Open EM Server NED 4.1.4 12302 TCP/TLS No Open EM Service Config. Mtce (perfect channel) Config. Mtce (perfect channel) and 4.1.5 12302 UDP No Open EM Service associated heartbeat to the TCP Perfect 1 Channel. 4.1.6 12313 TCP No Open EM Service Logs (perfect channel) Logs (perfect channel), Associated 4.1.7 12313 UDP No Open EM Service 2 Heartbeat to TCP Perfect Channel 4.1.8 12315 TCP No Open EM Service OMs (perfect channel) OMs (perfect channel), Associated 4.1.9 12315 UDP No Open EM Service 3 Heartbeat to TCP Perfect Channel 4.1.10 12350 UDP No Open Redundant AM Server FT heartbeat 4,5 4.1.11 12353 TCP No Open Redundant AM Server FT Sync Channel 4 4.1.12 49152 – 65535 UDP No Open Redundant AM Server FT Sync Channel 4 EGRESS CONNECTIONS 4.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 4.2.2 123 UDP No N/A NTP source NTP 4.2.3 514 UDP Yes N/A Syslog Server Remote Syslog Server 4.2.4 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 6 4.2.5 2101 – 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 6 4.2.6 5432 TCP/TLS No N/A DB Server Database SQL 4.2.7 12112 UDP No N/A EM Service Logs (perfect channel) 4.2.8 12114 UDP No N/A EM Service OMs (perfect channel) 4.2.9 12125 TCP/TLS No N/A EM Service Alarm Sync 7 4.2.10 12350 UDP No N/A Redundant AM Server FT Heartbeat 4,5 4.2.11 12353 TCP No N/A Redundant AM Server FT Sync Channel 4 4.2.12 49152 – 65535 UDP No N/A Redundant AM Server FT Sync Channel 4 Back office billing processing 4.2.11 >1023 TCP Yes N/A Billing Stream system 4.2.12 49152 – 65535 UDP No N/A EM Service Alarm Sync 7 INTRA-DEVICE CONNECTIONS Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

16 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) 4.3.1 NONE

Notes:

1. Source port is 12101, 49152 – 65535 2. Source port is 12112, 49152 – 65535 3. Source port is 12114, 49152 – 65535 4. Sync between active and standby 5. Source port is 12350 6. Uses SSL FTP (RFC 4217) 7. Source port is 12304

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 17 Table 5: Ports for Accounting Manager (AM) Service IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 5.1.1 12318 TCP/TLS No Open AS Server Billing Stream (perfect channel) 5.1.2 12318 UDP No Open AS Server Billing Stream (perfect channel) 1 EGRESS CONNECTIONS 5.2.1 15019 TCP/TLS No N/A AS Server Billing Stream (perfect channel) 5.2.2 15019 UDP No N/A AS Server Billing Stream (perfect channel) 2 INTRA-DEVICE CONNECTIONS 5.3.1 NONE

Notes:

1. Source port is 15019 2. Source port is 12318

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

18 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 2.2.5 Provisioning Manager Table 6: Ports for Provisioning Manager Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 6.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System Management requiring shell access 6.1.2 161 UDP No Open EM Server SNMP (GET) 6.1.3 443 TCP/HTTPS No Open Intranet Web Client Client access to the Collaboration Agent 1,2 6.1.4 4891 TCP/TLS No Open EM Server NED 6.1.5 8043 TCP/HTTPS No Open WCMS Server SIP Bridge δ’,3 Admin subnet, Avaya Aura® Administrative access for System 6.1.6 8443 TCP/HTTPS No Open System Manager Provisioning 6.1.7 24002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) Config. Mtce (perfect channel), Associated 6.1.8 24002 UDP No Open EM Service 4 Heartbeat to TCP Perfect Channel 6.1.9 24013 TCP/TLS No Open EM Service Logs (perfect channel) Logs (perfect channel), Associated 6.1.10 24013 UDP No Open EM Service 5 Heartbeat to TCP Perfect Channel 6.1.11 24015 TCP/TLS No Open EM Service OMs (perfect channel) OMs (perfect channel), Associated 6.1.12 24015 UDP No Open EM Service 6 Heartbeat to TCP Perfect Channel AS SIP connection to the Provisioning or 6.1.13 24052 TCP/SIP Yes Closed AS Service Personal Agent Manager Server AS SIP connection to the Provisioning or 6.1.14 24053 TCP/TLS/SIP(S) Yes Open AS Service Personal Agent Manager Server EGRESS CONNECTIONS 6.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 6.2.2 123 UDP No N/A NTP source NTP 7 Used to sync/authenticate with a Directory 6.2.3 389 TCP/LDAP Yes N/A LDAP Servers Server 6.2.4 514 UDP Yes N/A Syslog server Remote Syslog Server Used to sync/authenticate with a Directory 6.2.5 636 TCP/TLS/LDAPS Yes N/A LDAPS Servers Server over TLS 6.2.6 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 8 6.2.7 2101 – 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 8 6.2.8 5060 TCP/SIP Yes N/A AS Service SIP to AS Service 6.2.9 5061 TCP/TLS/SIP(S) Yes N/A AS Service SIP(S)/TLS to AS Service 6.2.10 5432 TCP/TLS No N/A DB Server Database SQL 6.2.11 12112 UDP No N/A EM Service Logs (perfect channel) 9 6.2.12 12114 UDP No N/A EM Service OMs (perfect channel) 10

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 19 Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) 6.2.13 12125 TCP/TLS No N/A EM Service Alarm Sync 11 6.2.14 49152 – 65535 UDP No N/A EM Service Alarm Sync 12 INTRA-DEVICE CONNECTIONS 6.3.1 NONE

Notes:

1. Server redirects to port 8043 2. The Provisioning Manager also includes the Collaboration Agent (CA). 3. SIP Bridge between the Web Conferencing Management Server and either the Provisioning Manager or CA Manager that is configured to be the Meeting Event Processor. 4. Source port is 12101, 49152 – 65535 5. Source port is 12112, 49152 – 65535 6. Source port is 12114, 49152 – 65535 7. Source port 123 8. Uses SSL FTP (RFC 4217) 9. Source port is 24013 10. Source port is 24015 11. Source port is 24004

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

20 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 2.2.6 Collaboration Agent Manager

Table 7: Ports for Collaboration Agent (CA) Manager Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 7.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System Management requiring shell access δ 7.1.2 161 UDP No Open EM Server SNMP (GET) δ 7.1.3 443 TCP/HTTPS No Open Internet/Intranet Web Client Client access to the Collaboration Agent ε, 1 7.1.4 4891 TCP/TLS No Open EM Server NED δ 7.1.5 8043 TCP/HTTPS No Open WCMS Server SIP Bridge δ’, 2 7.1.6 24002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) δ Config. Mtce (perfect channel), Associated 7.1.7 24002 UDP No Open EM Service δ, 3 Heartbeat to TCP Perfect Channel 7.1.8 24013 TCP/TLS No Open EM Service Logs (perfect channel) δ Logs (perfect channel), Associated 7.1.9 24013 UDP No Open EM Service δ, 4 Heartbeat to TCP Perfect Channel 7.1.10 24015 TCP/TLS No Open EM Service OMs (perfect channel) δ OMs (perfect channel), Associated 7.1.11 24015 UDP No Open EM Service δ, 5 Heartbeat to TCP Perfect Channel AS SIP connection to the Provisioning or 7.1.12 24052 TCP/SIP Yes Closed AS Service δ, 6 Personal Agent Manager Server AS SIP/TLS connection to the Provisioning 7.1.13 24053 TCP/TLS/SIP(S) Yes Open AS Service δ, 6 or Personal Agent Manager Server Avaya SBC SIP connection to the 7.1.14 24052 TCP/SIP Yes Closed SBC Provisioning or Collaboration Agent δ,6,13 Manager Server for the Mobile App. Avaya SBC SIP/TLS connection to the 7.1.15 24053 TCP/TLS/SIP(S) Yes Open SBC Provisioning or Collaboration Agent δ,6,13 Manager Server for the Mobile App. EGRESS CONNECTIONS 7.2.1 53 UDP/TCP Yes N/A DNS Servers DNS δ, ε, 7 7.2.2 123 UDP No N/A NTP source NTP δ, 8 7.2.3 389 TCP/LDAP Yes N/A LDAP Servers Used to authenticate with a Directory Server δ 7.2.4 514 UDP Yes N/A Syslog server Remote Syslog Server δ Used to authenticate with a Directory Server 7.2.5 636 TCP/TLS/LDAPS Yes N/A LDAPS Servers δ over TLS 7.2.6 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) δ, 9 7.2.7 2101 – 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) δ, 9

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 21 Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) 7.2.8 5060 TCP/SIP Yes N/A AS Service SIP to AS Service δ 7.2.9 5060 TCP/SIP Yes N/A SBC SIP to SBC δ 7.2.10 5061 TCP/TLS/SIP(S) Yes N/A AS Service SIP(S)/TLS to AS Service δ 7.2.11 5061 TCP/TLS/SIP(S) Yes N/A SBC SIP(S)/TLS to SBC δ 7.2.12 5432 TCP/TLS No N/A DB Server Database SQL δ 7.2.13 12112 TCP/TLS No N/A EM Service Log (perfect channel) δ 7.2.14 12112 UDP No N/A EM Service Logs (perfect channel) δ,10 7.2.15 12114 TCP/TLS No N/A EM Service OMs (perfect channel) δ 7.2.16 12114 UDP No N/A EM Service OMs (perfect channel) δ, 11 7.2.17 12125 TCP/TLS No N/A EM Service Alarm Sync δ,12 7.2.18 49152 – 65535 UDP No N/A EM Service Alarm Sync δ INTRA-DEVICE CONNECTIONS 7.3.1 NONE

1. Server redirects to port 8043 2. SIP Bridge between the Web Conferencing Management Server and either the Provisioning Manager or CA Manager that is configured to be the Meeting Event Processor. 3. Source port is 12101, 49152 – 65535 4. Source port is 12112, 49152 – 65535 5. Source port is 12114, 49152 – 65535 6. The use of SIP and SIP/TLS is mutually exclusive. 7. Depending on if Split-Horizon DNS is used will dictate if a firewall rule to the Enterprise DNS is required. If not using Split-Horizon DNS it is recommended that /etc/hosts is used instead on any servers in the DMZ such that external access to internal DNS is restricted. 8. Source port 123 9. Uses SSL FTP (RFC 4217) 10. Source port is 24013 11. Source port is 24015 12. Source port is 24004 13. For the Enhanced Audio/Video in Collaboration Agent feature, make sure that SIP trunk traffic flows between the SBC and Avaya Session Manager is configured in both directions. They are either SIP TLS 5061 or SIP TCP 5060 in both directions.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

22 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 23 2.2.7 Application Server

Table 8: Ports for Application Server (AS) Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 8.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System Management requiring shell access 8.1.2 161 UDP No Open EM Server SNMP (GET) 8.1.3 4891 TCP/TLS No Open EM Server NED 8.1.4 15002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) Config. Mtce (perfect channel) and 8.1.5 15002 UDP No Open EM Service associated heartbeat to TCP Perfect 1 Channel 8.1.6 15013 TCP/TLS No Open EM Service Logs (perfect channel) Logs (perfect channel) and associated 8.1.7 15013 UDP No Open EM Service 2 heartbeat to TCP Perfect Channel 8.1.8 15015 TCP/TLS No Open EM Service OMs (perfect channel) OMs (perfect channel) and associated 8.1.9 15015 UDP No Open EM Service 3 heartbeat to TCP Perfect Channel 8.1.10 15019 TCP/TLS No Open AM Service Billing Stream (perfect channel) 8.1.11 15019 UDP No Open AM Service Billing Stream (perfect channel) 4 8.1.12 15050 TCP No Open Redundant AS Server FT heartbeat 5,6 8.1.13 15053 TCP Yes Open Redundant AS Server FT Sync Channel 5 8.1.14 49152 – 65535 UDP No Open Redundant AS Server FT Sync Channel 5 8.1.15 15054 TCP/TLS No Open Redundant AS Server FT Secure Sync Channel 12 EGRESS CONNECTIONS 8.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 8.2.2 123 UDP No N/A NTP source NTP 7 8.2.3 389 TCP/LDAP Yes N/A LDAP Server Used to authenticate with a Directory Server 8.2.4 443 TCP/HTTPS No N/A Avaya Aura® System Manager WebLM Licensing Application Server REST service call to 8.2.5 443 TCP/HTTPS No N/A WCS Service δ control start/stop of recordings 8.2.6 514 UDP No N/A Syslog Server Remote Syslog Server Used to authenticate with a Directory Server 8.2.7 636 TCP/LDAPS Yes N/A LDAPS Server over TLS. 8.2.8 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 8 8.2.9 2101 – 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 8 8.2.10 5432 TCP/TLS No N/A DB Server Database SQL

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

24 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) Application Server ping of the SIP Bridge 8.2.11 8444 TCP/TLS No N/A WCMS Server δ’ through the WCMS 8.2.12 12112 TCP/TLS No N/A EM Service Logs (perfect channel) 8.2.13 12112 UDP No N/A EM Service Logs (perfect channel) 9 8.2.14 12114 TCP/TLS No N/A EM Service OMs (perfect channel) 8.2.15 12114 UDP No N/A EM Service OMs (perfect channel) 10 8.2.16 12125 TCP/TLS No N/A EM Service Alarm Sync 11 8.2.17 15050 UDP No N/A Redundant AS Server FT heartbeat 5,6 8.2.18 15053 TCP Yes N/A Redundant AS Server FT Sync Channel 5 8.2.19 49152 – 65535 UDP No N/A Redundant AS Server FT Sync Channel 5 8.2.20 49152 – 65535 UDP No N/A EM Service Alarm Sync 11 8.2.21 15054 TCP/TLS No N/A Redundant AS Server FT Secure Sync Channel 12 INTRA-DEVICE CONNECTIONS 8.3.1 NONE

Notes:

1. Source port is 12101, 49152 – 65535 2. Source port is 12112, 49152 – 65535 3. Source port is 12114, 49152 – 65535 4. Source port is 12318 5. Sync between active and standby, may be disabled after upgrade to AAC 8.0 SP2 6. Source port is 15050 7. Source port is 123 8. Uses SSL FTP (RFC 4217) 9. Source port is 15013 10. Source port is 15015 11. Source port is 15004 12. As of AAC 8.0 SP2

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 25 Table 9: Ports for Application Server (AS) Service IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 9.1.1 5060 TCP/SIP Yes Closed MS Server SIP ρ,3 Avaya Aura® Session Manager 9.1.2 5060 TCP/SIP Yes Closed SIP 3 (SM100) Provisioning or CA Manager 9.1.3 5060 TCP/SIP Yes Closed SIP δ,3 Server AAC Mobile App Client (iOS 9.1.4 5060 TCP/SIP Yes Closed SIP within Enterprise from Client 2,3 and Android) 9.1.5 5060 TCP/SIP Yes Closed SBC SIP trunk from SBC δ,3 9.1.6 5061 TCP/TLS/SIP(S) Yes Open MS Server SIP or SIPS over TLS ρ,3 Provisioning or CA Manager 9.1.7 5061 TCP/TLS/SIP(S) Yes Open SIP or SIPS over TLS δ,3 Server Avaya Aura® Session Manager 9.1.8 5061 TCP/TLS/SIP(S) Yes Open SIP or SIPS over TLS 3 (SM100) AAC Mobile App Client (iOS SIP or SIPS over TLS within Enterprise from 9.1.9 5061 TCP/TLS/SIP(S) Yes Open 2,3 and Android) Client 9.1.10 5061 TCP/TLS/SIP(S) Yes Open SBC SIP or SIPS trunk from SBC over TLS δ,3 EGRESS CONNECTIONS 9.2.1 5060 TCP/SIP Yes N/A MS Server SIP ρ,3 Avaya Aura® Session Manager 9.2.2 5060 TCP/SIP Yes N/A SIP 3 (SM100) 5060 TCP/SIP Yes N/A SBC SIP Trunk to SBC δ,3 9.2.3 5061 TCP/TLS/SIP(S) Yes N/A MS Server SIP or SIPS over TLS ρ,3 Avaya Aura® Session Manager 9.2.4 5061 TCP/TLS/SIP(S) Yes N/A SIP or SIPS over TLS 3 (SM100) 5061 TCP/TLS/SIP(S) Yes N/A SBC SIP or SIPS Trunk to SBC over TLS δ,3 9.2.5 5062 TCP/SIP Yes N/A Co-Res MS Server SIP 3 9.2.6 5063 TCP/TLS/SIP(S) Yes N/A Co-Res MS Server SIP or SIPS over TLS 3 Provisioning or CA Manager Application Server SIP connection to the 9.2.7 24052 TCP/SIP Yes N/A δ,1,3 Server Provisioning or CA Manager Provisioning or CA Manager Application Server SIP(S)/TLS connection to 9.2.8 24053 TCP/TLS/SIP(S) Yes N/A δ,1,3 Server the Provisioning or CA Manager INTRA-DEVICE CONNECTIONS 9.3.1 NONE

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

26 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Notes:

1. Dependent on Meeting Event Processor configuration. 2. Client supports Connection Reuse such that additional outbound connection is not required. 3. The use of SIP and SIP/TLS is mutually exclusive.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 27 2.2.8 Media Server

Table 10: Ports for Media Server (MS) Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 10.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access ρ 10.1.2 161 UDP No Open EM Server SNMP(GET) ρ 10.1.3 3306 TCP/TLS No Open MS Servers in the same cluster Media Server Configuration DB External Session API (ESA) – UComm 10.1.4 4005 TCP No Open Provisioning Manager ρ service only. 10.1.5 4891 TCP/TLS No Open EM Server NED ρ Application Server SIP connection to the 10.1.6 5060 TCP/SIP Yes Closed AS Service ρ Media Server Application Server SIP(S)/TLS connection to 10.1.7 5061 TCP/TLS/SIP(S) Yes Open AS Service ρ the Media Server Application Server SIP connection to the Co- 10.1.8 5062 TCP/SIP Yes Closed AS Service Res Media Server Application Server SIP(S)/TLS connection to 10.1.9 5063 TCP/TLS/SIP(S) No Open AS Service the Co-Res Media Server 10.1.10 5997 – 5999 TCP No Open MS Servers in the same cluster Cluster AMS Management Also used for KPI Monitoring via 10.1.11 7410 TCP/HTTP Yes Closed Admin subnet 1 Administrator Web Client access. Web Conferencing Server and Web Conferencing Management Server signaling δ, 10.1.12 7410 TCP/HTTP Yes Closed WCS Server, WCMS Server to the Media Server for recording media ρ,1,12 storage/retrieval. Web Conferencing Server and Web Conferencing Management Server signaling to the Media Server for recording media 10.1.13 7411 TCP/HTTPS Yes Open Admin subnet 2 storage/retrieval. Also used for KPI Monitoring via Administrator Web Client access Web Conferencing Server and Web Conferencing Management Server signaling δ, ρ, 10.1.14 7411 TCP/HTTPS Yes Open WCS Server, WCMS Server to the Media Server for recording media 2,12 storage/retrieval. SOAP request from Admin client, defaults to 10.1.15 8082 TCP/HTTP/S No Open EM KPI/SDR Browser Client ρ over TLS. 10.1.16 19899 TCP No Open MS Servers in the same cluster Cluster Inter-SC Communication Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

28 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) 10.1.17 19999 TCP No Open MS Servers in the same cluster Cluster IVR Management 10.1.18 49002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) ρ Config. Mtce (perfect channel), and the 10.1.19 49002 UDP No Open EM Service associated heartbeat to TCP Perfect ρ, 3 Channel 10.1.20 49013 TCP/TLS No Open EM Service Logs (perfect channel) ρ Logs (perfect channel), and the associated 10.1.21 49013 UDP No Open EM Service ρ, 4 heartbeat to TCP Perfect Channel 10.1.22 49015 TCP/TLS No Open EM Service OMs (perfect channel) ρ OMs (perfect channel), and the associated 10.1.23 49015 UDP No Open EM Service ρ, 5 heartbeat to TCP Perfect Channel 10.1.24 51000 TCP No Open MS Servers in the same cluster Cluster SC Management 10.1.25 51001 TCP No Open MS Servers in the same cluster Cluster Inter-process alarm monitoring 10.1.26 52005 TCP No Open Provisioning Manager Multimedia Content Store ρ 10.1.27 52007 TCP No Open MS Servers in the same cluster Cluster CStore Management 10.1.28 52009 TCP No Open MS Servers in the same cluster Cluster IVR Management 10.1.29 6000 – 13998 UDP/RTP No Open Intranet Client RTP Media (IVR) 6 10.1.30 14000 – 42599 UDP/RTP No Open Intranet Client RTP Media (Conf) 6 EGRESS CONNECTIONS 10.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 10.2.2 123 UDP No N/A NTP source NTP 7 10.2.3 443 TCP/HTTPS No N/A Avaya Aura® System Manager WebLM Licensing ρ Media Server download of encoded 10.2.4 443 TCP/HTTPS No N/A WCS Service δ, ρ, 12 recording media for storage 10.2.5 514 UDP Yes N/A Syslog server Remote Syslog Server ρ 10.2.6 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) ρ, 8 10.2.7 2101 – 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) ρ, 8 10.2.8 5432 TCP/TLS No N/A DB Server Database SQL ρ 10.2.9 5060 TCP/SIP Yes N/A AS Service SIP to AS Service ρ 10.2.10 5061 TCP/TLS/SIP Yes N/A AS Service SIP(S)/TLS to AS Service ρ 10.2.11 12112 TCP/TLS No N/A EM Service Logs (perfect channel) ρ 10.2.12 12112 UDP No N/A EM Service Logs (perfect channel) ρ, 9 10.2.13 12114 TCP/TLS No N/A EM Service OMs (perfect channel) ρ 10.2.14 12114 UDP No N/A EM Service OMs (perfect channel) ρ, 10 10.2.15 12125 TCP/TLS No N/A EM Service Alarm Sync ρ, 11 10.2.16 6000 – 13998 UDP/RTP No N/A Intranet Client RTP Media (IVR) 6,13 10.2.17 14000 – 42599 UDP/RTP No N/A Intranet Client RTP Media (Conf) 6,13 10.2.18 49152 – 65535 UDP No N/A EM Service Alarms (sync channel) ρ INTRA-DEVICE CONNECTIONS

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 29 Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) 10.3.1 3306 TCP No Open N/A Media Server Configuration DB

Notes:

1. SOAP interface 2. SOAP over TLS interface, when enabled non TLS interface is disabled. 3. Source port is 12101, 49152 – 65535 4. Source port is 12112, 49152 – 65535 5. Source port is 12114, 49152 – 65535 6. Not used in Co-Res deployment. Separate IP address used instead for media streams, refer to Table 11. 7. Source port is 123 8. Uses SSL FTP (RFC 4217) 9. Source port is 49013 10. Source port is 49015 11. Source port is 49004 12. Only required for Media Servers configured for Recording 13. If the Client is the eAViCA plugin, the client’s source port is restricted to the range configured in the EM Console. The default range is 51,000 – 53,000. If the client is connecting through the SBC, refer to the SBC port matrix for the source port range for media.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

30 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Table 11: Ports for Media Server Media IP Address for Co-Res Media Server deployment

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 11.1.1 6000 – 13998 UDP/RTP No Open Intranet Client RTP Media (IVR) 1 11.1.2 14000 – 42599 UDP/RTP No Open Intranet Client RTP Media (Conf) 1 EGRESS CONNECTIONS 11.2.1 6000 – 13998 UDP/RTP No N/A Intranet Client RTP Media (IVR) 1 11.2.2 14000 – 42599 UDP/RTP No N/A Intranet Client RTP Media (Conf) 1 INTRA-DEVICE CONNECTIONS 11.3.1 NONE

Notes:

1. If the Client is the eAViCA plugin, the client’s source port is restricted to the range configured in the EM Console. The default range is 51,000 – 53,000. If the client is connecting through the SBC, refer to the SBC port matrix for the source port range for media.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 31 2.2.9 Web Conferencing Management

Table 12: Ports for Web Conferencing Management Server (WCMS) Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 12.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access rsync of document library between WCMS 12.1.2 22 TCP/SSH No Open Redundant WCMS Server servers 12.1.3 161 UDP No Open EM Server SNMP (GET) 12.1.4 4891 TCP/TLS No Open EM Server NED 12.1.5 8444 TCP/HTTPS No Open WCS Server Reverse Proxy (HTTPS) δ Application Server REST server call to the WCMS Server for recordings and 12.1.6 8444 TCP/TLS No Open AS Server Application Server ping of the SIP Bridge through the WCMS 12.1.7 17002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) Config. Mtce (perfect channel), and 12.1.8 17002 UDP No Open EM Service associated heartbeat to TCP Perfect 1 Channel. 12.1.9 17013 TCP/TLS No Open EM Service Logs (perfect channel) Logs (perfect channel), and associated 12.1.10 17013 UDP No Open EM Service 2 heartbeat to TCP Perfect Channel 12.1.11 17015 TCP/TLS No Open EM Service OMs (perfect channel) OMs (perfect channel), and associated 12.1.12 17015 UDP No Open EM Service 3 heartbeat to TCP Perfect Channel EGRESS CONNECTIONS rsync of document library between WCMS 12.2.1 22 TCP/SSH No N/A Redundant WCMS Server servers 12.2.2 53 UDP/TCP Yes N/A DNS Servers DNS 12.2.3 123 UDP No N/A NTP source NTP 4 12.2.4 514 UDP Yes N/A Syslog Server Remote Syslog Server 12.2.5 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 5 12.2.6 2101 – 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 5 12.2.7 5432 TCP/TLS No N/A DB Server Database SQL WCMS communication with the SIP Bridge Provisioning or CA Manager dependent on whether or not the 12.2.8 8043 TCP/HTTPS No N/A δ Server Provisioning or PA Manager is configured to be the SIP Bridge.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

32 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) 12.2.9 46021 TCP/HTTPS Yes N/A DCS Document Conversion via TLS 12.2.10 12112 TCP/TLS No N/A EM Service Logs (perfect channel) 12.2.11 12112 UDP No N/A EM Service Logs (perfect channel) 6 12.2.12 12114 TCP/TLS No N/A EM Service OMs (perfect channel) 12.2.13 12114 UDP No N/A EM Service OMs (perfect channel) 7 12.2.14 12125 TCP/TLS No N/A EM Service Alarm Sync 8 12.2.15 49152 – 65535 UDP No N/A EM Service Alarm Sync (sync channel) 8 INTRA-DEVICE CONNECTIONS 12.3.1 NONE

Notes:

1. Source port is 12101, 49152 – 65535 2. Source port is 12112, 49152 – 65535 3. Source port is 12114, 49152 – 65535 4. Source port is 123 5. Uses SSL FTP (RFC 4217) 6. Source port is 17013 7. Source port is 17015 8. Source port is 17004

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 33 2.2.10 Web Conferencing Server

Table 13: Ports for Web Conferencing Server (WCS) Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 13.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access δ 13.1.2 161 UDP No Open EM Server SNMP (GET) δ 13.1.3 4891 TCP/TLS No Open EM Server NED δ 13.1.4 48902 TCP/TLS No Open EM Service Config. Mtce (perfect channel) δ Config. Mtce (perfect channel), and 13.1.5 48902 UDP No Open EM Service associated heartbeat to TCP Perfect δ, 1 Channel. 13.1.6 48913 TCP/TLS No Open EM Service Logs (perfect channel) δ Logs (perfect channel), and associated 13.1.7 48913 UDP No Open EM Service δ, 2 heartbeat to TCP Perfect Channel 13.1.8 48915 TCP/TLS No Open EM Service OMs (perfect channel) δ OMs (perfect channel), and associated 13.1.9 48915 UDP No Open EM Service δ, 3 heartbeat to TCP Perfect Channel EGRESS CONNECTIONS 13.2.1 53 UDP/TCP Yes N/A DNS Servers DNS δ, ε, 4 13.2.2 123 UDP No N/A NTP source NTP δ, 5 13.2.3 514 UDP Yes N/A Syslog Server Remote Syslog Server δ 13.2.4 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) δ, 6 13.2.5 2101 – 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) δ, 6 13.2.6 5432 TCP/TLS No N/A DB Server Database SQL δ 13.2.7 8444 TCP/HTTPS No N/A WCMS Server Reverse Proxy from WCS to WCMS δ, δ’ 13.2.8 12112 TCP/TLS No N/A EM Service Logs (perfect channel) δ 13.2.9 12112 UDP No N/A EM Service Logs (perfect channel) δ, 7 13.2.10 12114 TCP/TLS No N/A EM Service OMs (perfect channel) δ 13.2.11 12114 UDP No N/A EM Service OMs (perfect channel) δ, 8 13.2.12 12125 TCP/TLS No N/A EM Service Alarm Sync δ, 9 13.2.13 49152 – 65535 UDP No N/A EM Service Alarm Sync δ 13.2.14 46021 TCP/HTTPS No N/A DCS Server Reverse Proxy from WCS to DCS δ INTRA-DEVICE CONNECTIONS 13.3.1 NONE

Notes: Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

34 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 1. Source port is 12101, 49152 – 65535 2. Source port is 12112, 49152 – 65535 3. Source port is 12114, 49152 – 65535 4. Depending on if Split-Horizon DNS is used will dictate if a firewall rule to the Enterprise DNS is required. If not using Split-Horizon DNS it is recommended that /etc/hosts is used instead on any servers in the DMZ such that external access to internal DNS is restricted. 5. Source port is 123 6. Uses SSL FTP (RFC 4217) 7. Source port is 48913 8. Source port is 48915 9. Source port is 48904

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 35 Table 14: Ports for Web Conferencing Server (WCS) Service IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 14.1.1 443 TCP/HTTPS Yes Open Internet/Intranet Web Client Client access to web conferencing sessions ε Application Server REST service call to 14.1.2 443 TCP/HTTPS Yes Open AS Server δ control start/stop of recordings Document Conversion Server access 14.1.3 443 TCP/HTTPS Yes Open Document Conversion Server δ through the WCS 14.1.4 443 TCP/HTTPS Yes Open WCMS Server REST API (HTTPS) δ, δ’ Media Server downloads of encoded 14.1.5 443 TCP/HTTPS Yes Open Recording MS Server δ, 1 recording media for storage. Flash Policy Server for Web Client Web 14.1.6 843 TCP No Open Internet/Intranet Web Client ε socket access. EGRESS CONNECTIONS 14.2.1 NONE INTRA-DEVICE CONNECTIONS Used for internal communication 2 14.3.1 8143 TCP/HTTPS No Open N/A between the WCS Tomcat and Apache processes. Internal port for the WCS Tomcat 2 14.3.2 48920 TCP/HTTP Yes Closed N/A Server when HTTP is enabled. Internal port for the WCS Tomcat 2 14.3.3 48921 TCP/HTTPS No Open N/A Server. 14.3.4 48943 TCP No Open N/A Internal port for the Flash Policy Server. 2

Notes:

1. Only required for Media Servers that are part of a Recording Media Server Cluster. 2. Server ACL rules must allow these ports as trusted ports due to the pre-routing from the public ports.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

36 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 2.2.11 Document Conversion Server

Table 15: Ports for Document Conversion Server (DCS) Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 15.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access 15.1.2 161 UDP No Open EM Server SNMP (GET) 15.1.3 4891 TCP/TLS No Open EM Server NED 15.1.4 46002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) Config. Mtce (perfect channel) , and 15.1.5 46002 UDP No Open EM Service associated heartbeat to TCP Perfect 1 Channel 15.1.6 46013 TCP/TLS No Open EM Service Logs (perfect channel) Logs (perfect channel), and associated 15.1.7 46013 UDP No Open EM Service 2 heartbeat to TCP Perfect Channel 15.1.8 46015 TCP/TLS No Open EM Service OMs (perfect channel) OMs (perfect channel), and associated 15.1.9 46015 UDP No Open EM Service 3 heartbeat to TCP Perfect Channel Document Conversion Service via WCS 15.1.10 46021 TCP/HTTPS No Open WCS Server δ reverse proxy for document conversions EGRESS CONNECTIONS 15.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 15.2.2 123 UDP No N/A NTP Servers NTP Upload of converted documents through 15.2.3 443 TCP/HTTPS Yes N/A WCS Service δ WCS Reverse Proxy to the WCMS 15.2.4 514 UDP Yes N/A Syslog Server Remote Syslog Server 15.2.5 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 4 15.2.6 2101 – 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 4 15.2.7 5432 TCP/TLS No N/A DB Server Database SQL 15.2.8 12112 TCP/TLS No N/A EM Service Logs (perfect channel) 15.2.9 12112 UDP No N/A EM Service Logs (perfect channel) 5 15.2.10 12114 TCP/TLS No N/A EM Service OMs (perfect channel) 15.2.11 12114 UDP No N/A EM Service OMs (perfect channel) 5 15.2.12 12125 TCP/TLS No N/A EM Service Alarm Sync 15.2.13 49152 – 65535 UDP No N/A EM Service Alarm Sync INTRA-DEVICE CONNECTIONS 15.3.1 NONE

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 37 Notes:

1. Source port is 12101, 49152 – 65535 2. Source port is 12112, 49152 – 65535 3. Source Port is 12114, 49152 – 65535 4. Uses SSL FTP (RFC 4217) 5. Source port is 46004

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

38 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 2.2.12 Audio/Video in Collaboration Agent

Table 16: Ports for Flash Media Management Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 16.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access δ 16.1.2 161 UDP No Open EM Server SNMP (GET) δ Admin subnet, Web 16.1.3 9443 TCP/RTMPS No Open Management of Flash Media Gateways δ Administration EGRESS CONNECTIONS 16.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 16.2.2 123 UDP No N/A NTP Source NTP δ, 1 16.2.3 514 UDP Yes N/A Syslog Server Remote Syslog Server δ 16.2.4 9444 TCP/JMX No N/A Flash Media Gateway Server JMX-RMI for clustering 16.2.5 9445 TCP/JMX Yes N/A Flash Media Gateway Server JMX-RMI for load balancer INTRA-DEVICE CONNECTIONS 16.3.1 NONE

Notes:

1. Source port is 123

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 39

Table 17: Ports for Flash Media Gateway Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 17.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access δ Internet/Intranet A/V in 17.1.2 80 TCP/RTMPT Yes Open RTMPT Streams δ, ε Collaboration Agent Client 17.1.3 161 UDP No Open EM Server SNMP (GET) δ Internet/Intranet A/V in 17.1.4 443 TCP/RTMPS Yes Closed RTMPS Streams δ, ε Collaboration Agent Client Internet/Intranet A/V in 17.1.5 1935 TCP/RTMP Yes Closed RTMP Streams δ, ε Collaboration Agent Client Avaya Aura® Session Manager SIP signaling from the Avaya Aura® Session 17.1.6 5060 TCP/SIP Yes Open δ (SM100) Manager to the Flash Media Gateway SIP/TLS signaling from the Avaya Aura® Avaya Aura® Session Manager 17.1.7 5061 TCP/TLS/SIP Yes Closed Session Manager to the Flash Media δ (SM100) Gateway Flash Media Gateway 17.1.8 9444 TCP/JMX No Open JMX-RMI for clustering Management Server Flash Media Gateway 17.1.9 9445 TCP/JMX Yes Closed JMX-RMI for load balancer Management Server 17.1.10 49152 – 65535 UDP/RTP/RTCP No Open Media Server Media Streams δ 17.1.11 49152 – 65535 UDP/RTP/RTCP No Open Media Server Media IP Media Streams from Co-Res Media Server δ,1 EGRESS CONNECTIONS 17.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 17.2.2 123 UDP No N/A NTP Source NTP δ, 2 17.2.3 514 UDP Yes N/A Syslog Server Remote Syslog Server δ 17.2.4 6000 – 42598 UDP No N/A Media Server Media Streams δ 17.2.5 6000 – 42598 UDP No N/A Media Server Media IP Media Streams from Co-Res Media Server δ, 1 INTRA-DEVICE CONNECTIONS Internal Flash Media Gateway 17.3.1 5080 TCP/JMX No Open N/A Communication Internal Flash Media Gateway 17.3.2 9999 TCP/JMX No Open N/A Communication

Notes:

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

40 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 1. For Co-Res, the Media Server uses a secondary IP address dedicated for Media Streams 2. Source port is 123

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 41 2.3 Port Table Changes

Table 18: Port Changes from AAC 7.0 to 7.2 for all Server IP Addresses

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 18.1.1 None EGRESS CONNECTIONS 18.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 1 EGRESS CONNECTIONS REMOVED 18.3.1 NONE

Notes:

1. Only required for servers that enable DNS resolution, and is only required for the default server address and not for any service addresses that may also be enabled on the server.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

42 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Table 19: Port Changes from AAC 7.0 to 7.2 for the Provisioning and Collaboration Agent (CA) Manager Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 19.1.1 NONE EGRESS CONNECTIONS Used to sync/authenticate with a Directory 19.2.1 389 TCP/LDAP Yes N/A LDAP Servers δ Server. Used to sync/authenticate with a Directory 19.2.2 636 TCP/LDAPS Yes N/A LDAPS Servers δ Server over TLS. EGRESS CONNECTIONS REMOVED Aura® Session Manager Authentication using PPM service on the 19.3.1 80 TCP/HTTP Yes N/A (SM100) Avaya Aura® Session Manager. Aura® Session Manager Authentication using PPM service on the 19.3.2 443 TCP/HTTPS Yes N/A (SM100) Avaya Aura® Session Manager via TLS.

Notes:

N/A

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 43 Table 20: Port Changes from AAC 7.0 to 7.2 for the Application Server (AS) Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 20.1.1 NONE EGRESS CONNECTIONS Used to sync/authenticate with a Directory 20.2.1 389 TCP/LDAP Yes N/A LDAP Servers Server. Application Server REST service call to 20.2.2 443 TCP/HTTPS No N/A WCS Service δ control start/stop of recordings Used to sync/authenticate with a Directory 20.2.3 636 TCP/LDAPS Yes N/A LDAPS Servers Server over TLS. Application Server REST service call to 20.2.4 8444 TCP/HTTPS No N/A WCMS Server δ’ control start/stop of recordings EGRESS CONNECTIONS REMOVED 20.3.1 NONE

Notes:

N/A

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

44 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Table 21: Port Changes from AAC 7.0 to 7.2 (Web Conferencing Server IP Address)

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 21.1.1 NONE EGRESS CONNECTIONS Web Conferencing Server Signaling to the δ, ρ, 1, 21.2.1 7410 TCP/HTTP Yes N/A Media Server Media Server for recording media 2 storage/retrieval. Web Conferencing Server Signaling to the δ, ρ, 1, 21.2.2 7411 TCP/HTTPS Yes N/A Media Server Media Server for recording media 2 storage/retrieval. EGRESS CONNECTIONS REMOVED 21.3.1 NONE

Notes:

1. The use of port 7410 and 7411 is mutually exclusive. By default port 7410 for non-secure HTTP access is enabled, but when disabled, port 7411 is used for secure HTTPS access. 2. Only required for Media Servers that are in a Recording Media Server Cluster

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 45 Table 22: Port Changes from AAC 7.0 to 7.2 (Web Conferencing Service Addresses)

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS Application Server REST services call to 22.1.1 443 TCP/HTTPS No Open AS Server δ control start/stop of recordings. Media Server downloads of encoded 22.1.2 443 TCP/HTTPS No Open Media Server δ, ρ recording media for storage. EGRESS CONNECTIONS 22.2.1 NONE EGRESS CONNECTIONS REMOVED 22.3.1 NONE

Notes:

N/A

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

46 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Table 23: Port Changes from AAC 7.0 to 7.2 (Web Conferencing Manager Server Addresses)

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS Application Server REST server call for 23.1.1 8444 TCP/HTTPS No Open AS Server δ’ recordings EGRESS CONNECTIONS Web Conferencing Server Signaling to the 23.2.1 7410 TCP/HTTP Yes Open Media Server Media Server for recording media ρ, 1 storage/retrieval. Web Conferencing Server Signaling to the 23.2.2 7411 TCP/HTTPS Yes Closed Media Server Media Server for recording media ρ, 1 storage/retrieval. EGRESS CONNECTIONS REMOVED 23.3.1 NONE

Notes:

1. The use of port 7410 and 7411 is mutually exclusive. By default port 7410 for non-secure HTTP access is enabled, but when disabled, port 7411 is used for secure HTTPS access.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 47

Table 24: Port Changes from AAC 7.0 to 7.2 (Media Server (MS) Server Addresses)

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS Web Conferencing Server and Web Web Conferencing Server, Web Conferencing Management Server Signaling δ, δ’, ρ, 24.1.1 7410 TCP/HTTP Yes Open Conferencing Manager Server to the Media Server for recording media 1, 2 storage/retrieval. Web Conferencing Server and Web Web Conferencing Server, Web Conferencing Management Server signaling δ, δ’, 24.1.2 7411 TCP/HTTPS Yes Closed Conferencing Manager Server to the Media Server for recording media ρ,1, 2 storage/retrieval. EGRESS CONNECTIONS Media Server downloads of encoded 24.2.1 443 TCP/HTTPS No N/A Web Conferencing Service δ, ρ, 1 recording media for storage. Media Streams to the Flash Media 24.2.2 49152 – 65535 UDP/RTP/RTCP No N/A FMG δ Gateways EGRESS CONNECTIONS REMOVED 24.3.1 NONE

Notes:

1. Only required for Media Servers designated for recording. 2. The use of port 7410 and 7411 is mutually exclusive. By default port 7410 for non-secure HTTP access is enabled, but when disabled, port 7411 is used for secure HTTPS access.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

48 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016

Table 25: Port Changes from AAC 7.0 to 7.2 (Document Conversion Server)

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 25.1.1 161 UDP No Open EM Server SNMP (GET) EGRESS CONNECTIONS 25.2.1 NONE

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 49 Table 26: Port Changes from AAC 7.2 to 8. (Web Conferencing Server (WCS) Service Addresses)

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS Only change here is that the HTTPS session 26.1.1 443 TCP/HTTPS/WSS No Open Internet/Intranet Web Client ε,1 is upgraded to a secure web socket connect. Clients must access the Flash Policy Server 26.1.2 843 TCP No Open Internet/Intranet Web Client component of the WCS for Web ε,2 Collaboration. EGRESS CONNECTIONS 26.2.1 NONE EGRESS CONNECTIONS REMOVED 26.3.1 NONE INTRA-DEVICE CONNECTIONS Used for internal communication between 26.4.1 8143 TCP/HTTPS No Open N/A 3 the WCS sub-components. Internal port for the WCS Tomcat Server 26.4.2 48920 TCP/HTTP Yes Closed N/A 4 when HTTP is enabled. Used for internal communication between 5 26.4.3 48921 TCP/HTTPS No Open N/A the WCS sub-components. 26.4.4 48943 TCP No Open N/A Internal port for the Flash Policy Server. 6

Notes:

1. References rule 14.1.1 in Table 14. 2. References rule 14.1.6 in Table 14. 3. References rule 14.3.1 in Table 14. 4. References rule 14.3.2 in Table 14. 5. References rule 14.3.3 in Table 14. 6. References rule 14.3.4 in Table 14.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

50 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Table 27: Port Changes from AAC 7.2 to 8.0 (Document Conversion Server)

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 27.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access 1 27.1.2 161 UDP No Open EM Server SNMP (GET) 2 27.1.3 4891 TCP/TLS No Open EM Server NED 3 27.1.4 46002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) 4 Config. Mtce (perfect channel) , and 27.1.5 46002 UDP No Open EM Service associated heartbeat to TCP Perfect 5,6 Channel 27.1.6 46013 TCP/TLS No Open EM Service Logs (perfect channel) 7 Logs (perfect channel), and associated 27.1.7 46013 UDP No Open EM Service 8,9 heartbeat to TCP Perfect Channel 27.1.8 46015 TCP/TLS No Open EM Service OMs (perfect channel) 10 OMs (perfect channel), and associated 27.1.9 46015 UDP No Open EM Service 11,12 heartbeat to TCP Perfect Channel Document Conversion Service via WCS 27.1.10 46021 TCP/HTTPS No Open WCS Server 13,δ reverse proxy for document conversions EGRESS CONNECTIONS 27.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 14 27.2.2 123 UDP No N/A NTP Servers NTP 15 Upload of converted documents through 27.2.3 443 TCP/HTTPS Yes N/A WCS Service 16,δ WCS Reverse Proxy to the WCMS 27.2.4 514 UDP Yes N/A Syslog Server Remote Syslog Server 17 27.2.5 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 18,19 27.2.6 2101 – 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 20,19 27.2.7 5432 TCP/TLS No N/A DB Server Database SQL 21 27.2.8 12112 TCP/TLS No N/A EM Service Logs (perfect channel) 22 27.2.9 12112 UDP No N/A EM Service Logs (perfect channel) 23,24 27.2.10 12114 TCP/TLS No N/A EM Service OMs (perfect channel) 25 27.2.11 12114 UDP No N/A EM Service OMs (perfect channel) 23,26 27.2.12 12125 TCP/TLS No N/A EM Service Alarm Sync 27 27.2.13 49152 – 65535 UDP No N/A EM Service Alarm Sync 28 INGRESS CONNECTIONS REMOVED 27.3.1 8080 TCP/HTTP Yes N/A WCS Server HTTP no longer supported. HTTPS replaced by TCP/HTTPS Port 29 27.3.2 8443 TCP/HTTPS Yes N/A WCS Server 46021

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 51

Notes:

1. References rule 15.1.1 in Table 15. 2. References rule 15.1.2 in Table 15. 3. References rule 15.1.3 in Table 15. 4. References rule 15.1.4 in Table 15. 5. References rule 15.1.5 in Table 15. 6. Source port is 12101, 49152 – 65535. 7. References rule 15.1.6 in Table 15. 8. References rule 15.1.7 in Table 15. 9. Source port is 12112, 49152 – 65535. 10. References rule 15.1.8 in Table 15. 11. References rule 15.1.9 in Table 15. 12. Source Port is 12114, 49152 – 65535. 13. References rule 15.1.10 in Table 15. 14. References rule 15.2.1 in Table 15. 15. References rule 15.2.2 in Table 15. 16. References rule 15.2.3 in Table 15. 17. References rule 15.2.4 in Table 15. 18. References rule 15.2.5 in Table 15. 19. Uses SSL FTP (RFC 4217). 20. References rule 15.2.6 in Table 15. 21. References rule 15.2.7 in Table 15. 22. References rule 15.2.8 in Table 15. 23. Source port is 46004. 24. References rule 15.2.9 in Table 15. 25. References rule 15.2.10 in Table 15. 26. References rule 15.2.11 in Table 15. 27. References rule 15.2.12 in Table 15. 28. References rule 15.2.13 in Table 15. 29. Port change required in order to support Co-Res deployments.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

52 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Table 28: Port Changes from AAC 7.2 to 8. (Application Server (AS) Service IP Address)

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS AAC Mobile App Client (iOS 28.1.1 5060 TCP/SIP Yes Closed SIP within Enterprise from Client 1,2,3 and Android) AAC Mobile App Client (iOS SIP or SIPS over TLS within Enterprise from 28.1.2 5061 TCP/TLS/SIP(S) Yes Open 1,2,4 and Android) Client EGRESS CONNECTIONS 28.2.1 NONE EGRESS CONNECTIONS REMOVED 28.3.1 NONE

Notes:

1. Client supports Connection Reuse such that additional outbound connection is not required. 2. The use of SIP and SIP/TLS is mutually exclusive. 3. References rule 9.1.4 in Table 9. 4. References rule 9.1.9 in Table 9.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 53 Table 29: Port Changes from AAC 7.2 to 8.0 for the Provisioning and Collaboration Agent (CA) Manager Server IP Address

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS Avaya SBC SIP connection to the Provisioning or Collaboration Agent 29.1.1 24052 TCP/SIP Yes Closed SBC δ,1,2,6 Manager Server for Enhanced Audio/Video in Collaboration Agent client. Avaya SBC SIP/TLS connection to the Provisioning or Collaboration Agent 29.1.2 24053 TCP/TLS/SIP(S) Yes Open SBC δ,1,3,6 Manager Server for Enhanced Audio/Video in Collaboration Agent client. EGRESS CONNECTIONS 29.2.1 5060 TCP/SIP Yes N/A SBC SIP to SBC δ,1,4 29.2.2 5061 TCP/TLS/SIP Yes N/A SBC SIP(S)/TLS to SBC δ,1,5 EGRESS CONNECTIONS REMOVED 28.3.1 NONE

Notes:

1. The use of SIP and SIP/TLS is mutually exclusive. 2. References rule 7.1.14 in Table 7. 3. References rule 7.1.15 in Table 7. 4. References rule 7.2.9 in Table 7. 5. References rule 7.2.11 in Table 7. 6. For the Enhanced Audio/Video in Collaboration Agent feature, make sure that SIP trunk traffic flows between the SBC and Avaya Session Manager is configured in both directions. They are either SIP TLS 5061 or SIP TCP 5060 in both directions.

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

54 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Table 30: Port Changes from AAC 8.0 to 8.0 SP2 for the (Application Server (AS) Server IP Address)

Default Network / Optionally Default Destination Port No. Application Enabled / Port External Device Description Notes (Configurable Protocol Disabled? State Range) INGRESS CONNECTIONS 30.1.1 15054 TCP/TLS No Open Redundant AS Server FT Secure Sync Channel 1 EGRESS CONNECTIONS 30.2.1 15054 TCP/TLS No N/A Redundant AS Server FT Secure Sync Channel 2 EGRESS CONNECTIONS REMOVED 28.3.1 NONE

Notes:

1. Reference rule 8.1.15 in Table 8. 2. Reference rule 8.2.21 in Table 8. .

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 55 Appendix A: Base Ports and Port Offsets

Network Elements that are managed by the Avaya Aura® Conferencing Element Manager use a base port + offset for different types of communication between each other and the Element Manager. The typical defaults for the base ports are shown in Table 28, but they can be changed as required. Base port offsets are not configurable on the system and are shown in Table 29.

Table 28: Default Base Ports

Network Element Base Port Element Manager 12100 Accounting Manager 12300 Application Server 15000 Web Conferencing Management Server 17000 Provisioning Manager 24000 Collaboration Agent Manager 24000 Web Conferencing Server 48900 Document Conversion Server 46000 Media Server 49000

Table 29: Network Element Port Offset Definitions

Offset Name Offset Value Element Manager Perfect Channel Config Maintenance 1 NE Perfect Channel Config Maintenance 2 NE Alarms 4 ADR Element Manager Service Heartbeat 6 Element Manager Logs 12 NE Log Port 13 Element Manager OMs 14 NE OM Port 15 Accounting Manager Billing Stream 18 Application Server Billing Stream 19 Element Manager OMI 21 Element Manager SNMP Traps 24 Element Manager Alarms 25 Element Manager Log Browser 26 Fault-Tolerance Heartbeat 50 Fault-Tolerance Sync 53 SIP Listening Port 52 SIP TLS Listening Port 53 Fault-Tolerance Secure Sync 54

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

56 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Appendix B: Overview of TCP/IP Ports

What are ports and how are they used?

TCP and UDP use ports (defined at http://www.iana.org/assignments/port-numbers) to route traffic arriving at a particular IP device to the correct upper layer application. These ports are logical descriptors (numbers) that help devices multiplex and de-multiplex information streams. Consider your desktop PC. Multiple applications may be simultaneously receiving information. In this example, email may use destination TCP port 25, a browser may use destination TCP port 80 and a telnet session may use destination TCP port 23. These logical ports allow the PC to de-multiplex a single incoming serial data packet stream into three mini-streams inside the PC. Furthermore, each of the mini-streams is directed to the correct high-level application because the port numbers identify which application each data mini- stream belongs. Every IP device has incoming (Ingress) and outgoing (Egress) data streams. Ports are used in TCP and UDP to name the ends of logical connections which carry data flows. TCP and UDP streams have an IP address and port number for both source and destination IP devices. The pairing of an IP address and a port number is called a socket (discussed later). Therefore, each data stream is uniquely identified with two sockets. Source and destination sockets must be known by the source before a data stream can be sent to the destination. Some destination ports are “open” to receive data streams and are called “listening” ports. Listening ports actively wait for a source (client) to make contact to a destination (server) using a specific port that has a known protocol associate with that port number. HTTPS, as an example, is assigned port number 443. When a destination IP device is contacted by a source device using port 443, the destination uses the HTTPS protocol for that data stream conversation.

Port Type Ranges

Port numbers are divided into three ranges: Well Known Ports, Registered Ports, and Dynamic Ports (sometimes called Private Ports). Well Known Ports are those numbered from 0 through 1023. Registered Ports are those numbered from 1024 through 49151 Dynamic Ports are those numbered from 49152 through 65535 The Well Known and Registered ports are assigned by IANA (Internet Assigned Numbers Authority) and are found here: http://www.iana.org/assignments/port-numbers.

Well Known Ports

For the purpose of providing services to unknown clients, a service listen port is defined. This port is used by the server process as its listen port. Common services often use listen ports in the well-known port range. A well-known port is normally active meaning that it is “listening” for any traffic destined for a specific application. For example, well known port 23 on a server is actively waiting for a data source to contact the server IP address using this port number to establish a Telnet session. Well known port 25 is waiting for an email session, etc. These ports are tied to a well understood application and range from 0 to 1023.

In UNIX and Linux operating systems, only root may open or close a well-known port. Well Known ports are also commonly referred to as “privileged ports”.

Registered Ports

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 57 Unlike well-known ports, these ports are not restricted to the root user. Less common services register ports in this range. Avaya uses ports in this range for call control. Some, but not all, ports used by Avaya in this range include: 1719/1720 for H.323, 5060/5061 for SIP, 2944 for H.248 and others. The registered port range is 1024 – 49151. Even though a port is registered with an application name, industry often uses these ports for different applications. Conflicts can occur in an enterprise when a port with one meaning is used by two servers with different meanings.

Dynamic Ports

Dynamic ports, sometimes called “private ports”, are available to use for any general purpose. This means there are no meanings associated with these ports (similar to RFC 1918 IP Address Usage). These are the safest ports to use because no application types are linked to these ports. The dynamic port range is 49152 – 65535.

Sockets

A socket is the pairing of an IP address with a port number. An example would be 192.168.5.17:3009, where 3009 is the socket number associated with the IP address. A data flow, or conversation, requires two sockets – one at the source device and one at the destination device. The data flow then has two sockets with a total of four logical elements. Each data flow must be unique. If one of the four elements is unique, the data flow is unique. The following three data flows are uniquely identified by socket number and/or IP address.

Data Flow 1: 172.16.16.14:1234 - 10.1.2.3:2345

Data Flow 2: 172.16.16.14.123 - 10.1.2.3:2345

Data Flow 3: 172.16.16.14:1234 - 10.1.2.4:2345

Data flow 1 has two different port numbers and two different IP addresses and is a valid and typical socket pair.

Data flow 2 has the same IP addresses and the same port number on the second IP address as data flow 1, but since the port number on the first socket differs, the data flow is unique.

Therefore, if one IP address octet changes, or one port number changes, the data flow is unique.

Figure 1, below, is an example showing ingress and egress data flows from a PC to a web server.

Socket Example Diagram

Client HTTP-Get Source 192.168.1.10:1369 Destination 10.10.10.47:80 Web Server

TCP-info Destination 192.168.1.10:1369 Source 10.10.10.47:80

`

Figure 2: Socket Example

Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

58 Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 Notice the client egress stream includes the client’s source IP and socket (1369) and the destination IP and socket (80). The ingress stream has the source and destination information reversed because the ingress is coming from the server.

Understanding Firewall Types and Policy Creation

Firewall Types

There are three basic firewall types:

 Packet Filtering  Application Level Gateways (Proxy Servers)  Hybrid (Stateful Inspection)

Packet Filtering is the most basic form of the firewalls. Each packet that arrives or leaves the network has its header fields examined against criterion to either drop the packet or let it through. Routers configured with Access Control Lists (ACL) use packet filtering. An example of packet filtering is preventing any source device on the Engineering subnet to telnet into any device in the Accounting subnet.

Application level gateways (ALG) act as a proxy, preventing a direct connection between the foreign device and the internal destination device. ALGs filter each individual packet rather than blindly copying bytes. ALGs can also send alerts via email, alarms or other methods and keep log files to track significant events.

Hybrid firewalls are dynamic systems, tracking each connection traversing all interfaces of the firewall and making sure they are valid. In addition to looking at headers, the content of the packet, up through the application layer, is examined. A stateful inspection firewall also monitors the state of the connection and compiles the information in a state table. Stateful inspection firewalls close off ports until the connection to the specific port is requested. This is an enhancement to security against port scanning.1

1 Port scanning is the act of systematically scanning a computer’s ports. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks, but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer. Avaya – Proprietary Use pursuant to terms of your signed agreement or Avaya policy.

Avaya Port Matrix: Avaya Aura® Conferencing 8.0 April 2016 59