1/38 Sheet:Introduction

Introduction
This document describes the IP flows involved in the OmniPCX Enterprise (OXE) solution for medium and large enterprises. Its aims is to allow a network
administrator to precisely configure its firewall devices to open the minimal amount of ports required to have a working OXE installation in its specific
deployment.

Every ingress and egress IP flows of each device of the OXE solution is described in a separate table. For each flow, source and destination ports are
mentioned along with the category of the flow: whether it is for user (voice) transport, signalling, management or support. This enables network
administrators to for example block at their firewalls all IP flows related to the activity of support, enabling them through on demand of a technician only.

Document organization

 A first group of tab explains the notions and notations introduced later in the document. Those tabs are: Glossary, Headres, Services, Planes, Port Ranges.
The second group of tabs list the actual ingress and egress IP flows for the various network elements comprising the OXE solution. The elements are
grouped together into a reduced number of tabs: CS for the Call Server, MG for all types of media gateways, UA phones for all kinds of UA phone whether
hard phones (IP Phone and IP touch) or soft, OTUC, OTCC.

This document has been updated for OXE R7.1

Differences with the previous edition are marked in column 1

Synthesis of IP flows in OmniPCX Enterprise solution

 

2/38 Sheet:Glossary

Glossary
 
Only terms and acronyms used in a way different than standard or specific to the OXE solution are listed here.

Some terms actually represent functions found on one or the other element of the OXE solution. In that case the third column specifies where this
function is located.

Term Meaning Function usually assumed by

4760 OmniVista console for the configuration, maintenance, accounting, and handling of
alarms of one or more OXE systems. OmniVista consists of 4760 clients connecting to
a 4760 server. The 4760 server in turn controls the OXE CS.
4059 Operator station on Windows PC
4635 Voice mail on A4400 hardware
4645 Voice mail on Alize hardware
4760i E-config: light version of OmniVista Application
A AS Alcatel Audio Station: a Windows application to record voice guides for the automated Some WindowsPC
attendant or voice mail system later transfered to the PBX.
 ACAPI Alcatel Configuration API: an API offered on Windows systems to enable applications
to remotely configure the OXE.
 ACD Advanced Call Distribution
 AHL Alcatel Hospitality Link to interface OXE with applications specifics to the
Hotel/Hospital business.
 ATAPI Alcatel Telephony API
 Audiocode Analog fax interface over IP, using the H.323 protocol suite.
B ASE_PORT Configurable value giving the lower bound of the range of port used on the LAN to BP = 32000 for OXE <= R5.0Lx
carry voice conversations. The range width is 256 ports. BP = 32512 for OXE >= R5.1
CCD Contact Center Distribution: calls distribution to agents or other resources
CMIP Common Management Information Protocol
CMIS Common Management Information System
CS Communication Server  
CSTA Computer Supported Telephony Applications
DHCP server   Assigns IP addresses on a subnet + gives other subnet configuration information and The Call Server 
TFTP server address
G A MediaGateway applicative
GD MediaGateway driver  
HSL High Speed Link used between a GD and additionnal Alizé chassis.
INTIP-A INTerconnecting on IP network: Internode or H323 gateway and IP devices
INTIP-B INTerconnecting on IP network :only IP devices
IP link Alcatel proprietary protocol used to control a Media Gateway. Also called UA when
targeting a phone set (IP phone or IP touch).
Synthesis of IP flows in OmniPCX Enterprise solution
 

3/38 Sheet:Glossary
Term Meaning Function usually assumed by
IP phone V1 (4098RE), V1S (4098FRE), V2 (embedded box) models
IP touch Also called NOE phone. IP phone sets have references: 4018, 4028, 4038, 4068
IPP Abreviation for IP phone
LDAP server   Any LDAP server containing Phonebook information.
LIOE Link Optimizer board Ethernet: Inter-nodal and H.323 gateway
M AO OXE central configuration database.
MG Media Gateway. GD, GA, INT_IP A or B.
MIB browser SNMP manager collecting information from the various network elements using the Customer's network supervision
SNMP protocol to browse the elements' internal databases (MIBs). application (e.g. HP OpenView, IBM's
Tivoli)
MIPT Mobile IP Telephony handset
MOXA box V24 port extension device
MSM Server Security Module used to encrypt/decrypt the voice and fax flows. This module
is used in front of the Call Server (potentialy with embedded 4645).
NMD Network Management Department (for example they produce the 4760).
NOE Abreviation for IP touch & NOE IP.
NOE IP Also called IPTouch: 4018, 4028, 4038, 4068 models
NTP server NTP is a standard (IETF) peer to peer protocol used to maintain a consistent view of The Call Server 
time amongst a set of cooperating systems.
O AW OmniAccess Wireless LAN switch
OTS Open Telephony Server: a server enabling feature-rich communication-oriented  A Windows PC
applications to be developped around the OXE solution.
OTUC OmniTouch Unified Communication.
PC admin The workstations used by the various system administrators to configure, collect  An administrator PC or workstation
statistics or billling information.
PC support The PC used by the Business Partner technician or a system administrator to pursue  A Windows PC
an investigation in the various systems constituting the installation.
PRS Pr esentation Server. Runs 3d party applications displaying on the various NOE phone
sets.
R ADIUS Remote Authentication Dial-In User Service  An authentication server provided by
the customer.
rGD Remote GD over an HSL link (not over IP)
STAP Simple Telephony Application Protocol
SSM Server Security Module used to encrypt/decrypt the voice and fax flows. This module
is used in front of the Call Server (potentialy with embedded 4645).
SVP Spectralink Voice Protocol SVP server 

Synthesis of IP flows in OmniPCX Enterprise solution

 

4/38 Sheet:Glossary
Term Meaning Function usually assumed by
Syslog A Linux framework enabling application to add entries to an event journal with The Call Server 
indication of the emitting facility indication, severity level, system name, date and time,
and free format text. The framework offers a rich dispatch mechanism, even allowing
records to be offloaded to a remote system.
TFTP server  Download boot image voice guides, phone configuration information, binaries The Call Server 
download (VoIP boards/setc), etc…
Trap supervisor System receiving the various events sent by all the network elements connected to the Customer's network supervision
customer's network. application (e.g. HP OpenView, IBM's
Tivoli)
Trusted router Customer's router from which IP routing information (through RIP protocol) is
received.
TSCLIOE Only the IP devices are considered here.
U A Universal Alcatel: proprietary signaling protocol. Also called IPlink when targeting a
media-gateway.
UA phone set Any of the hardware or software phone set that supports the UA signaling protocol. IP phone, IP touch, Softphone

UPS Uninterruptible Poser Supply

 

Synthesis of IP flows in OmniPCX Enterprise solution

 

5/38 Sheet:Headers

Column headers
The meaning of the various column headers used in the product tabs (CS, 4645, UA phones, ...) is given here.

Not all headers are present in every tab.

Header name Meaning Example For more

information see
tab
Purpose Function fulfilled by this flow. File transfert for what purpose. Services
Plane Function group to which belongs this flow. User plane, control plane. Planes
Protocol Layer 7 protocol carried by this flow. Telnet, HTTP. Services
Initiator  System emitting the first packet. This is important for CS, OTUC server 
connection tracking security functions like firewall or
NAT.
Source port Port number or range or port from which this first 427/tcp, Dyn_Voice/udp Port ranges
packet is emitted, if applicable.
Note that some protocols (e.g. TFTP) switch after
connection to a different port, this is specified in the
corresponding RFP.
Responder  The system toward which the packets are sent. NOE, GD
Service port The specific port on the Responding system listening 23/tcp, 12345/udp
to the incoming connection requests.
For some specific protocols not used in the LEV
solution this can be a range of port (e.g. Sun RPC).
Condition of activation Certain conditions are sometime required for this flow Licence XX purchased, presence of server YY
to appear on a LAN.
Admission control  Access to some services are subject to possession of IP address, certificate
the proper credential.
OXE version Some flow have disappeared (< or <=) during the OXE <R5.1.1, >=R6.2
OTUC version or OTUC product lifetime, or some new flows have
been introduced (> or >=) since the given version.

Parent process (on CS) Information useful for R&D

Process image (on CS) Information useful for R&D
Authentication Tells whether some form of authentication is login/password, cookie
performed on the requesting end-user and if this
authentication is carried over the wire to the server
(responder).

Synthesis of IP flows in OmniPCX Enterprise solution

 

6/38 Sheet:Headers
Header name Meaning Example For more
information see
tab
Confidentiality Tells whether confidentiality of the information Partial or total encryption, challenge/response
crossing the network is preserved.
Integrity Tells whether integrity of the information sent over the CRC32, MD5, SHA1
wire is controlled against accidental or malicious
tampering.
Notes  Additional information deemed relevant.

Synthesis of IP flows in OmniPCX Enterprise solution

 

7/38 Sheet:Services

Services
Important: The list below includes all IP services known to be used by Alcatel past and future products.
In no way this list implies that those ports shall be opened for the CSBU solution to deliver its expected service.

Name Port Standard Condition of Description

version?
ICMP N/A RFC 777 Only ping function is used by the voice applications: IPMP echo request and ICMP
echo reply. The IP stack may use other ICMP services as well (example: path MTU
discovery).
FTP data 20/tcp RFC 959 Only data is sent or received through this port. In FTP active mode the FTP server
opens the data connection towards the FTP client using this as the source port. In
passive mode the FTP client opens the FTP data connection towards the FTP
server usin this ort as the service ort.
FTP control 21/tcp RFC 959 FTP standard service port. Used by client to establish the control connection.
SSH 22/tcp pending RFC Provides a robust, proven and extensible solution for secure connections
(WG=secsh)

telnet 23/tcp RFC 854 Used for remote connection for maintenance purpose and for management tool
(4760)
SMTP 25/tcp RFC 2821 Alarms towards 4760 (no listening on)
Domain Name Server (DNS) 53/udp RFC 1034 Only used by SIP devices in case of spatial redundancy
Bootps/DHCP Client 67/udp RFC 2131 Dynamic IP address management request to PC installer for CPU installation (no
listening on)
Bootpc/DHCP Server 68/udp RFC 2131 DHCP server for IP-Phones, GD, GA, INT-IP B boards, PCs,….
TFTP 69/udp RFC 1350 TFTP server used for binaries downloading for IP-Phones, GD, GA, INT-IP B
boards; for voice guides downloading to GD, GA boards
HTTP 80/tcp RFC 1945, Browser for 4760i
2068, 2616
NTP 123/udp RFC 1305 Synchronization of Ccview clients (ACD V2) and Call Server  
IMAP 143/tcp RFC 3501 Internet Message Access Protocol
SNMP trap 162/udp RFC 1157 Call Server incidents (SNMP traps) notification to a Network Management Platform

LDAP 389/tcp RFC 2251 LDAP client access in case of phonebook overflow
HTTPS 443/tcp RFC 2818 Secured Web Server by SSL protocol
shell 514/tcp RFC 1282 Remote Shell for command execution
syslog 514/udp RFC 3164 >=R6.2
RIP 520/udp RFC 2453 Routing Information Protocol
moxatty 1028/udp prop. NAOS Nport product from MOXA company to have multiple V24 accesses
Synthesis of IP flows in OmniPCX Enterprise solution
 

8/38 Sheet:Services
Name Port Standard Condition of Description
version?
H.323 Gateway discovery 1718/udp ITU-T H.323 H.323 Internal Gatekeeper 
H.323 Gateway stats and RAS 1719/udp ITU-T H.323
H.323 RAS signalling 1720/udp ITU-T H.323
H.323 H.225 signalling 1720/tcp ITU-T H.323
RADIUS 1812/udp RFC 2865 >=R7.0
H.323 H.245 signalling (Alcatel) 1961/tcp prop. ALA H.323 Internal Gatekeeper. Closed by default after F1.602.3m
H.323 Registration Authentication 9090/tcp ITU-T H.323 H.323 Internal Gatekeeper  
and Signalling (RAS)

BTlink 2048/udp prop. ALA Receive incidents from IPT Security box (SSM)
BTlink 10000/udp prop. ALA Sending of start_srtp to IPT Security box (SSM)
dynamic port
netaccess 2533/tcp prop. ALA Network access for Alcatel configuration applications based on ACAPI v1.x (CMISD,
 ABC-A and TSE applications) and sending of Accounting tickets over IP

pad (packet 2534/tcp ITU-T X.29 PAD X.25

assembly/disassembly)
cmisd 2535/tcp ITU-T CMIP? Cmis server for Call Server configuration
saverest 2536/tcp prop. ALA Used by network management application 4740 for save/restore operations
(obsolete).
acd 2538/tcp prop. ALA ACDV2 applications (CCM, CCS, ASM). This port gives access to many different
services at the same time: Advanced Call Distribution protocol, telnet protocol (for
support only).
builddistant 2539/tcp prop. ALA Audit/Broadcast between Call Servers
loaddistant 2540/tcp prop. ALA Audit/Broadcast between Call Servers
auditres1 2541/tcp prop. ALA Audit/Broadcast: reserved for future use
auditres2 2542/tcp prop. ALA Audit/Broadcast: reserved for future use
acdccs 2543/tcp prop. ALA ACD terminal server  
acdpcag 2544/tcp prop. ALA ACD PC agent
suprout 2545/tcp prop. ALA Suproutage: supervision X25
alb 2546/tcp prop. ALA ACD Agent List Builder  
rtest 2554/tcp prop. ALA Remote testing
rcsta 2555/tcp prop. ALA ASN-1 CSTA access server. This port gives access to many different services at the
same time: CSTA protocol, telnet protocol (for support only), HTTP protocol (for
configuration).
STAP, hybrid-vpn 2556/udp prop. ALA ABC-F signalling over IP for IP hybrid links
notif-gsm 2557/udp prop. ALA GSM notification server (obsolete)
redundancy 2558/tcp prop. ALA Call Server duplication over Ethernet

Synthesis of IP flows in OmniPCX Enterprise solution

 

9/38 Sheet:Services
Name Port Standard Condition of Description
version?
rsl 2559/udp prop. ALA RSL socket port
rlis 2560/tcp prop. ALA lis server for SOSM
ahltcp 2561/tcp prop. ALA AHL link over IP for Hotel/Hospital with external management
dhcdupli 2562/tcp prop. ALA DHCP duplication over Ethernet in case of Call Server duplication
dhcdupli_m 2563/udp prop. ALA DHCP duplication on main Call Server in case of Call Server duplication
dhcdupli_s 2564/udp prop. ALA DHCP duplication on standbye Call Server in case of Call Server duplication
servobs 2565/tcp prop. ALA Server for service observation
servobs_c 2566/tcp prop. ALA Client for service observation
dhcdupli_c 2567/udp prop. ALA DHCP dupli command
tftpd_dow 2568/udp ? Use has been related TFTP download (obsolete).
netadmin 2569/tcp prop. ALA Network configuration daemon. This port is used locally to the system the daemon is
running on. Not accessible from the LAN.
prslink 2570/udp prop. ALA >=R6.0 DLink between Prs and CS
nut 3305/udp prop. NUT <R6.2 UPS monitoring for OXE version before R6.2 (excluded)
3305/tcp
nut 3493/udp prop. NUT >=R6.2 UPS monitoring for OXE versions since R6.2 (inclusive)
3493/tcp
 ATAPI 3595/tcp prop. ALA Alcatel Telephony API used by CTI applications to drive the Call Server for example
to dial outgoing phone calls.
VPIM 4020/tcp RFC 3804 Voice Profile for Internet Mail
4021/tcp
VIMAP 4033/tcp RFC 3501 Virtual domain IMAP
H.323 monitoring (Alcatel) 4560/udp prop. ALA
SIP proxy 5060/udp RFC 3261 Session Initiation Protocol proxy servier 
5060/tcp
securid 5500/udp prop. RSA Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
securidprop 5510/tcp prop. RSA Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
sdlog 5520/tcp prop. RSA Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
sdserv 5530/tcp prop. RSA Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
nmccs 5540/tcp prop. ALA NMD supervision (4760i)
SIP gateway (Alcatel) 6060/udp RFC 3261 SIP gateway service port when the SIP proxy is active on CS (SIP gateway is
available on port 5060 when SIP proxy is not active).
incid2trap 12300/udp ? <=R5.1 Call Server incidents: resynchronization port for Network Management Platform
13200/udp >=R5.1.1

Synthesis of IP flows in OmniPCX Enterprise solution

 

10/38 Sheet:Services
Name Port Standard Condition of Description
version?
alzbootps 23400/udp RFC 2131 Non standard ports used by OmniPCX Office (OXO) to implement the DHCP service
alzbootpc 23401/udp
RTP/RTCP 32000- RFC 3550 <R5.1 Standard RTP protocol used to carry voice over IP. Ports from this range are used
32255/udp by installations made while releases prior to R5.1 where current or by installations
having migrated from those older releases .
Dyn_Voice/udp The range width is not configurable. The range base port number is configurable
through MAO.
32512- >=R5.1 Standard RTP protocol used to carry voice over IP. Ports from this range are used
32767/udp by every new installations since R5.1.
The range width is not configurable. The range base port number is configurable
Dyn_Voice/udp through MAO.
UA 32128/udp prop. ALA <R5.1  Alcatel proprietary signalling protocol, used on this port by installations having
migrated from releases older than R5.1
32640/udp >=R5.1  Alcatel proprietary signalling protocol, used on this port by every new installation
since R5.1
UA lite 32641/udp prop. ALA >=R6.2 Only the START_RTP and START_FAX messages from the Alcatel proprietary
signalling protocol are sent in this protocol: i.e. no Dlink is maintained.

Synthesis of IP flows in OmniPCX Enterprise solution

 

11/38 Sheet:Planes

Planes
IP flows can be grouped by the broad purpose they fullfil. One possible grouping is into groups called 'planes'. One
group -or plane- is used to identify flows carrying data directly useful to the user (e.g. voice), another group carries for
example information required to establish the flows seen by the user (e.g. signalling).

The following 4 planes are identified in the OmniPCX for Enterprise solution:

Plane name Plane description

user  This plane contains all the flows directly useful to the end user, other flows that may look like user
flaows whose content is like email exchanges or file transfert belong to the user plane only if
resulting directly from a user request.

Example of a flow belonging to this plane is: voice (RTP) flows for the OXE.

Example of a flow that do not belong to this plane but to the control plane is: email exchanges
between two voice mail systems to synchronize the states of the various user voice mailboxes.

control all IP flows used to enable transport of information in the user plane belong to this plane. This is
phone signalling, but also the FTP data transfer when used to synchronize for instance the
configuration between 2 cooperating systems.

Flows in this plane are mandatory to go through a firewall unless condition of activation proves
that they are not used in a given deployment.
management In this plane we find all flows used to manage the system, for example to configure, establish
statistics, perform user billing.

Flows between the Call Server and the 4760 server fall mostly into this plane.
support  All IP flows occuring in this plane are not needed for the day to day operation of the system (all
the 3 planes above are mandatory). Flows in this plane appear on a network for example during
maintenance operation (e.g. system software upgrade) or support operation (e.g. when
debugging voice quality problems).

Synthesis of IP flows in OmniPCX Enterprise solution

 

12/38 Sheet:Port ranges

Dynamic Port Ranges

Whenever an client application opens a TCP connection to a server (or a pseudo connection over UDP) and doesn't explicitely binds it to a specific port number, the
Operating System dynamically allocates one TCP (or UDP) port within a certain range of numbers: this is the dynamic port range.

On a system more than one dynamic port ranges may coexist. The ports within those ranges are used differently: the dynamic port range is used for the client side of TCP and
UDP connection, another port range may be defined to group together ports used by RTP connections, and a third one may be used for H.245 connections.

Port range Port range Network element Operating System Range lower Range upper Notes
usage name and bound bound
Release
Dyn_CS CS OXE R5.OUx and 1024 4999 Range depends on TFTP answering server: Chorus (1st range
before ou ou or TEL (2nd range).
(Chorus-based 40000 44999
operating system) Not configurable.
OXE R5.0Lx, R5.1, 10000 20000 See doc [3] for exact information. The range lower bound is
R5.1.x configurable above 3000. The range width is configurable not
(old Linux based smaller than 128. Any port value within the range shall be lower
operating system) than 32767.
OXE >= R6.0 10000 10499 Dyn_IPP/udp
(Linux based Dyn_NOE/udp
operating system) Dyn_Win/udp

Dyn_MG GD Linux 1024 4999

GA
Client side of Dyn_INT_IP INT_IP boards ? 32512 32767 Used by INT_IP boards to download their binaries using TFTP.
TCP and UDP Note: the values listed here are not related to the actual value of
connections BASE_PORT.
Dyn_IPP IPphone ? 2048 65535
Dyn_NOE IPtouch VxWorks 1024 65535
Dyn_xSM SSM, MSM ? ? ? Used by the Security Modules used to encrypt/decrypt the
signaling, voice and fax flows in transit over the LAN.
Dyn_WLAN VoWLAN solution ? 1024 65535

Dyn_Win 4760 server and Microsoft Windows 1024 4999 Configurable through creation in the registry of the key
clients, MaxUserPort (REG_DWORD) with a minimum value of 0x1388
Contact center (default = 5000) under the key
servers HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\Tcpip\Parameters
Dyn_Lnx Linux (OTUC Linux RH 7.3 32768 60999 Configurable through /proc/sys/net/ipv4/ip_local_port_range
servers)
Dyn_? ? ? ? ? Nothing is known about that range besides its existence.
Dyn_H225_CLT GD 21000/tcp 21999/tcp H323 Outgoing call establishment signalisation H225 (Q931)
INT_IP A

Synthesis of IP flows in OmniPCX Enterprise solution

 

13/38 Sheet:Port ranges

Port range Port rangeNetwork element Operating System Range lower Range upper Notes
usage name and bound bound
Release
Dyn_H245_CLT GD 25000/tcp 25999/tcp H323 Media Channel establishment
H.323 INT_IP A signalization H245 (outgoing call)
connections Dyn_H245_SRV GD 31000/tcp 31059/tcp H323 Media Channel establishment
INT_IP A signalization H245 (incoming call)
Dyn_H245_GA GA 7918/tcp 7953/tcp H323 GW: H323 signalling with H323
Gateways/Terminals or ABC-F links
Dyn_Voice GD OXE <= R5.0Lx 32000/udp 32255/udp
GA OXE >= R5.1 32512/udp 32767/udp This port range is only used over UDP/IP to transport voice
INT-IP A using RTP protocol (RFC 3550) and fax using the T.38 protocol.
INT-IP B
46x5 Ports are grouped by 4 with a specific use for each port:
- port #0 is used for voice transport (RTP)
- port #1 is used for RTCP
- port #2 is not used
- port #3 is used for Fax.

The range lower bound is called BASE_PORT in the

documentation. Its value can be configured through MAO on the
CS at once for all the related network elements (Media
Gateways, IP phones, ...).

Voice The range width is constant and contains 256 ports.

connections
Dyn_MS OTUC Media 12000/udp 12079/udp This range consists of 40 groups of sets of 2 consecutive ports.
Server  This conforms to the RFC 3550 for RTP: ports are 2 used this
way:

- port #0 is used for voice (RTP)

- port #1 is used for voice quality control (RTCP)
Dyn_Audiocode Audiocode 4000/udp 4072/udp System ports use a bundle of 10 UDP port allocated this way:
ch 0 : 4000 (RTP), 4001 (RTCP), 4002 (fax)
ch 1 : 4010 (RTP), 4011 (RTCP), 4012 (fax)
...
ch i : 4000+(i*10), 4000+(i*10)+1, 4000+(i*10)+2

i <= i < n where n = number of physical ports offered by the box.

Can be 2, 4 or 8.

Synthesis of IP flows in OmniPCX Enterprise solution

 

14/38 Sheet:CS

OXE CS, 4760, eConfig, ACAPI 2.x

Client Server  
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of Admission OXE Authenticati Confident Notes
Activation control? version? on iality
Router redirection command control ICMP router N/A CS N/A Configure in ICMP redirect
netadmin since
R5.1
Software downloading (rload) support FTP CS Dyn_CS/tcp CS 21/tcp If CS not in TCP password for Active FTP mode
securized wrappers mtcl
mode.
Remote command execution control SHELL CS Dyn_CS/tcp CS 514/tcp If CS not in TCP
securized wrappers
mode.
Remote command execution control SSH CS Dyn_CS/tcp CS 22/tcp If CS in TCP >=R6.0
securized wrappers
mode.
Dynamic IP configuration control DHCP GD, GA 68/udp CS 67/udp Always on none DHCP reply sent in unicast (not RFC
INT_IP B compliant)
IPP, NOE
VoWLAN
Firmware and configuration download control TFTP GD, GA Dyn_MG/udp CS 69/udp Always on TCP
INT_IP A, B Dyn_INT_IP/udp wrappers
IPP 69/udp
NOE Dyn_NOE/udp

Web server control HTTP 4645 Dyn_?/tcp CS 80/tcp If CS not in none Redirected to HTTPS port if CS is
securized secured.
mode.

control HTTPS 4645 Dyn_?/tcp CS 443/tcp If CS in none >=R6.1 yes

securized
mode.
Time Synchronisation with ACDv2 control NTP CS 123/udp CS 123/udp Peer to peer relationship (non-
clients NTP server  NTP server  predictable transit direction of first
CCD CCD packet).
Network supervision console managem SNMP MIB browser 2048 Trap supervisor 161/udp Configure in community GET only is implemented. No SET
ent netadmin string action possible.
SNMP traps managem SNMP CS 1024 Trap supervisor 162/udp
ent
TEL incidents translated managem ? ? ?/udp CS 12300/udp >=R5.1.1
 into SNMP traps ent
managem ? ? ?/udp CS 13200/udp <=R5.1
ent
Syslog journaling system control SYSLOG CS Dyn_CS/udp Syslog server 514/udp Configure in >=R6.2
netadmin
Routing Information Protocol control RIP CS Dyn_CS/udp CS 520/udp none
trusted router  Dyn_?/udp
RADIUS (Remote Authentication Dial- managem RADIUS CS Dyn_CS/udp RADIUS server 1812/udp By >=R7.0 no System login authorization submitted
In User Service) ent configuration to remote authentication server.

Synthesis of IP flows in OmniPCX Enterprise solution

 

15/38 Sheet:CS
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of Admission OXE Authenticati Confident Notes
Activation control? version? on iality
Network access server  for managem  AOML Remote application Dyn_?/tcp CS 2533/tcp none Configuration applications based on
applications (CMIS, accounting tickets ent (ABC-A,TSE,OTS)  ACAPI V1.x and tax tickets send over
on the fly) IP use this port.
PBX configuration control CMIP OTS Dyn_?/tcp CS 2535/tcp yes no

Remote test support Rtest Remote application Dyn_?/tcp CS 2554/tcp By

configuration
 Audit of CS configuration control Builddistant CCD Dyn_Win/tcp CS 2539/tcp in a network of PBXs

control Loaddistant CCD Dyn_Win/tcp CS 2540/tcp

Routing over Sporadic links control RSL another CS Dyn_CS/udp CS 2559/udp By

configuration
SOSM managem RLIS Remote application Dyn_?/tcp CS 2560/tcp By
ent configuration
Hotel IP Link control prop. ALA Remote application Dyn_?/tcp CS 2561/tcp AHL link over IP for Hotel/Hospital with
external management
Remote observer managem prop. ALA Remote application 2566/tcp CS 2565/tcp
ent
DECT observation support prop. ALA Remote application Dyn_?/udp CS 9743/udp

Network Uninterruptible Power Supply control NUT UPS device Dyn_?/tcp CS 3305/tcp <R6.2
control NUT UPS device Dyn_?/udp CS 3305/udp <R6.2
control NUT UPS device Dyn_?/tcp CS 3493/tcp >=R6.2
control NUT UPS device Dyn_?/udp CS 3493/udp >=R6.2
Inter-node (inter CS) exchanges
Hybrid VPN control STAP CS Dyn_CS/udp CS 2556/udp no no This service is also used by
hybrid-vpn Softphone Dyn_?/udp softphones and 4760 web clients
Redundancy control prop. ALA CS Dyn_CS/tcp CS 2558/tcp Only when CS
is duplicated.
dhcdupli control prop. ALA CS Dyn_CS/udp CS 2562/udp Only when CS
is duplicated.
DHCP dupli master control prop. ALA CS Dyn_CS/udp CS 2563/udp Only when CS
is duplicated.
DHCP dupli slave control prop. ALA CS Dyn_CS/udp CS 2564/udp Only when CS
is duplicated.
DHCP dupli command control prop. ALA CS Dyn_CS/udp CS 2567/udp Only when CS
is duplicated.
Proprietary signaling from CS
Remote dialin access (integrated control UA CS BP+128/udp GD BP+130/udp survivability  A remote GD lost its signaling link to
gateway modem) mode only CS and opened a PSTN connection to
its rescuing GD.
support ASCII CS Dyn_CS/udp GD BP+130/udp Activation in Remote maintenance access through
MAO PSTN
Signaling link control UA CS, INT_IP A BP+128/udp GD BP+128/udp
INT_IP B
control UA CS, INT_IP A BP+128/udp IPP, NOE BP/udp

Synthesis of IP flows in OmniPCX Enterprise solution

 

16/38 Sheet:CS
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of Admission OXE Authenticati Confident Notes
Activation control? version? on iality
X.25
PAD X25 (packet control X.29 CS Dyn_CS/tcp CS 2534/tcp If PBX belongs
assembly/disassembly) to a X.25
network of
PBXs
X.25 route supervision control Suprout CCD Dyn_Win/tcp CS 2545/tcp Always on CS could be the client here. To be
confirmed.
H.323 Internal Gatekeeper 
Discovery control H225 RAS GD, GA Dyn_MG/udp CS 1718/udp none
INT_IP A Dyn_MG/udp
H323 end_point Dyn_MG/udp
Dyn_?/udp
Registration, Admission and status control H225 RAS GD, GA Dyn_MG/udp CS 1719/udp none
INT_IP A Dyn_MG/udp
H323 end_point Dyn_MG/udp
Dyn_?/udp
Call setup control H225 Q.931 GD, GA Dyn_MG/udp CS 1720/udp none
INT_IP A Dyn_MG/udp
H323 end_point Dyn_MG/udp
Dyn_?/udp
Registration, Admission and status control RAS GD, GA Dyn_MG/tcp CS 9090/tcp none
INT_IP A Dyn_MG/tcp
Dyn_MG/tcp
SIP
Domain Name Server control DNS SIP end-point Dyn_? CS 53/udp Configured in none >=R6.1 Only used by SIP devices in case of
MAO spatial redundancy
SIP proxy control SIP SIP end-point Dyn_?/tcp CS 5060 (*)/tcp External SIP service port. Used since
R7.0 by SIP proxy when active.

control SIP SIP end-point Dyn_?/udp CS 5060 (*)/udp External SIP service port
Sip gateway control SIP SIP proxy Dyn_?/tcp CS 6060 (*)/tcp When SIP <R7.0 Internal SIP gateway service port used
proxy is by the SIP proxy.
activated
control SIP SIP proxy Dyn_?/udp CS 6060 (*)/udp <R6.0

Synthesis of IP flows in OmniPCX Enterprise solution

 

17/38 Sheet:CS
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of Admission OXE Authenticati Confident Notes
Activation control? version? on iality
4645 (eVA)
Mail Transfer  control SMTP OTUC server Dyn_?/tcp 4645 25/tcp eVA configured

control SMTP ? ?/tcp 4645 587/tcp eVA configured

IMAP server  control IMAP OTUC server   Dyn_?/tcp 4645 143/tcp eVA configured OTUC myMessaging
4645 Dyn_CS/tcp
control IMAPS OTUC server Dyn_?/tcp 4645 993/tcp eVA configured ? idem
+ unknown
configuration

Retrieve voice messages in mail control VIMAP OTUC server Dyn_?/tcp 4645 4033/tcp eVA configured
account and commands for UC
Web server  control HTTP OTUC server Dyn_?/tcp 4645 80/tcp If CS not in OTUC myMessaging
securized mode
+ eVA
configured
control HTTPS OTUC server Dyn_?/tcp 4645 443/tcp If CS in >=R6.1 yes OTUC myMessaging
securized
mode + eVA
configured
Signalling (abca) control UA CS BP+128/udp 4645 BP+128/udp eVA configured When the 4645 function reside on a
separate CPU than the
Communication Server 
control UA CS BP+128/udp 4645 BP+132/udp eVA configured When the 4645 function reside on the
same CPU as the Communication
Server 
Voice channel user RTP/RTCP 4645 Dyn_Voice/udp IPP, NOE BP+2,3/udp eVA configured Source and destination addresses are
GD, GA Dyn_Voice/udp never modified whether encrypted or
INT_IP A+B Dyn_Voice/udp not.
This flow is always cleartext out of the
4645, possibly encrypted through SSM
(if 4645 is on CS or with CS) or MSM
(if protected by a separate security
module) and continues encrypted to
destination.
user RTP/RTCP IPP, NOE BP+2,3/udp 4645 Dyn_Voice/udp eVA configured Direction of first packet cannot be
GD, GA Dyn_Voice/udp predetermined: both directions shall
INT_IP A+B Dyn_Voice/udp be enabled
VPIM control 4645 Dyn_?/tcp 4645 4020 (*)/tcp eVA configured Between 4645 members of same
4021 (*)/tcp group of Voice mail systems.

Synthesis of IP flows in OmniPCX Enterprise solution

 

18/38 Sheet:CS
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of Admission OXE Authenticati Confident Notes
Activation control? version? on iality
Contact Center solutions
 ACDv2 for Contact Center control ACD CCD Dyn_Win/tcp CS 2538/tcp Always on Needed only with Contact Center
applications: CCM, CCS, ASM applications
 ACDCCS (supervisor) control ACDCCS CCD Dyn_Win/tcp CS 2543/tcp Always on

 ACD PC agent control ACDpcag CCD Dyn_Win/tcp CS 2544/tcp Always on

 ACD Agent List Builder control Alb CCD Dyn_Win/tcp CS 2546/tcp
Remote CSTA control Rcsta CCD Dyn_? CS 2555/tcp password
OTS
IP Touch Security box (SSM/MSM) for signaling and voice encryption
Firmware and configuration download control TFTP SSM, MSM Dyn_xSM/udp CS 69/udp Voice TCP >=R6.2
encryption wrappers
Signaling link to SSM (Server voice control BTlink CS Dyn_CS/tcp SSM 11000 (*)/tcp Voice >=R6.2 Most of the time the dynamic port
encryption box) encryption allocated on CS has value 10000 (first
port in dynamic range).
Key exchange control ? CS 2048 (*)/udp SSM 2049 (*)/udp Voice >=R6.2
encryption
 Alarms sent from SSM and MSM to control ? SSM, MSM 2048 (*)/udp CS 2048 (*)/udp Voice >=R6.2 First packet is MSM or SSM telling it is
CS encryption up and running.
Start/stop Voice for SSM control UA lite CS Dyn_CS/udp SSM 2049 (*)/udp Voice >=R6.2 Reception of START_SRTP messages
encryption
Start/stop Fax for SSM control UA lite CS Dyn_CS/udp SSM 2050 (*)/udp Voice >=R6.2 Reception of START_FAX messages
encryption
Remote connection support TELNET CS Dyn_CS/tcp SSM 23/tcp Voice Only from CS >=R6.2 SSM accepts a single console
encryption connection with priority of V.24 over
telnet connection.
4740 Management Application
Save and Restore control Saverest PC admin Dyn_Win/tcp CS 2536/tcp 4740 only Was used with 4740 management
application. Not used otherwise.

Synthesis of IP flows in OmniPCX Enterprise solution

 

19/38 Sheet:CS
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of Admission OXE Authenticati Confident Notes
Activation control? version? on iality
4760 Network Management server 
Test of CS presence (ping) managem ICMP 4760 server N/A CS N/A 4760 <= no Echo request/reply done when 4760
ent R3.1 initializes the connection to CS.
Critical to correct working of 4760.
Since 4760 >= R3.1 presence test is
done differently by attempting a TCP
connect either on FTP port (21/tcp) or
SSH port (22/tcp) if CS is securized.

File transfert : MIB, accounting managem FTP 4760 server Dyn_Win/tcp CS 21/tcp If CS not in TCP login/pwd no passive FTP mode
information, past time performance, ent securized wrappers
QoS tickets, software.mao, software mode.
downloading, backup

Remote connection managem TELNET 4760 server Dyn_Win/tcp CS 23/tcp If CS not in TCP login/pwd no
ent securized wrappers
mode.
Remote maintenance + managem SSH 4760 server Dyn_Win/tcp CS 22/tcp If CS in TCP OXE>=6.0 password for yes
File transfert : MIB, accounting ent securized wrappers 4760>=4.0 mtcl
information, past time performance, mode.
QoS tickets, software.mao, software
downloading, backup

 Alarm mails managem SMTP 4760 server Dyn_Win/tcp Mail server 25/tcp no
ent
Web directory managem HTTP Web browser Dyn_?/tcp 4760 server 80 (*)/tcp no Access to the phone directory from
ent any Web browser on any PC if
otherwise allowed.
Network supervision console managem SNMP MIB browser Dyn_?/udp 4760 server 161/udp
ent
SNMP traps managem SNMP 4760 server 162/udp Trap supervisor 162/udp no
ent
LDAP server replication managem LDAP LDAP replication Dyn_Win/tcp 4760 server 389/tcp if IPSEC not IPsec shall be enabled only if LDAP
ent configured replication server do support IPsec.

PBX phonebook overflow control LDAP CS Dyn_CS/tcp 4760 server 389/tcp Configure anonymous Port can be configured in 4760 server 
LDAP overflow access
server in MAO

PBX configuration managem CMIP 4760 server Dyn_Win/tcp CS 2535/tcp if IPSEC not yes no
ent configured
Directory call by name managem STAP 4760 server Dyn_Win/udp CS 2556/udp if IPSEC not no Issued upon request by a 4760 client
ent configured as if a callback was in progress

Synthesis of IP flows in OmniPCX Enterprise solution

 

20/38 Sheet:CS
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of Admission OXE Authenticati Confident Notes
Activation control? version? on iality
CMISD server managem CMIP 4760 server Dyn_Win/tcp 4760 server 30001/tcp IPsec Not configurable (difference with other
ent 4760 server service ports in the 300xx
range).
LDAP administration server managem HTTP 4760 server Dyn_Win/tcp 4760 server 30010 (*)/tcp if IPSEC not login/pwd IPsec
ent configured
CMISD server managem GIOP 4760 server Dyn_Win/tcp 4760 server 30013 (*)/tcp if IPSEC not IPsec
ent configured
Loader server managem GIOP 4760 server Dyn_Win/tcp 4760 server 30020 (*)/tcp if IPSEC not IPsec
ent configured
LDAP PBX synchronization server managem GIOP 4760 server Dyn_Win/tcp 4760 server 30026 (*)/tcp if IPSEC not IPsec
ent configured
4760 Network Management Client
Web access managem HTTP 4760 client Dyn_Win/tcp 4760 server 80 (*)/tcp
ent
Kerberos managem Kerberos 4760 client 88/udp 4760 server 88/udp if IPSEC yes 4760 >= yes IPsec uses Kerberos as its default
ent configured R3.0 authentication mechanism. Another
mechanism can be defined by the
customer.
Note: Microsoft may use TCP as
transport even though not standard.

Replication avec server LDAP externe managem LDAP 4760 client Dyn_Win/tcp 4760 server 389/tcp if IPSEC not anonymous IPsec IPsec shall be enabled only if potential
ent configured  + clients do support IPsec.
 login/pwd

IPsec key exchange managem IKE 4760 client Dyn_Win/tcp 4760 server 500/udp if IPSEC 4760 >= yes yes
ent configured R3.0

IPsec encrypted flows managem ESP 4760 client N/A 4760 server N/A if IPSEC 4760 >= yes yes IPsec is not configured by default.
ent configured R3.0
Sybase Anywhere database managem TDS 4760 client Dyn_Win/tcp 4760 server 30011 (*)/tcp if IPSEC not login/pwd IPsec
ent configured
 Access to various services: Alarms, managem GIOP 4760 client Dyn_Win/tcp 4760 server 30012 (*)/tcp, if IPSEC not no IPsec
Extractor, License, Notification, ent 30014 (*)/tcp à configured
SaveRestore, Scheduler, Security, 30019 (*)/tcp,
etc... 30022 (*)/tcp à
30025 (*)/tcp
MindTerm (SSH client) on 4760 client support SSH 4760 client Dyn_Win/tcp 4760 server 30028 (*)/tcp if IPSEC not IPsec and
configured SSH
Telnet proxy managem TELNET 4760 client Dyn_Win/tcp 4760 server 30100 (*)/tcp à if IPSEC not IPsec
ent 30149 (*)/tcp configured
Notification of CORBA events managem GIOP 4760 server Dyn_Win/tcp 4760 client 30500 (*)/tcp à if IPSEC not IPsec
ent 30509 (*)/tcp configured

Synthesis of IP flows in OmniPCX Enterprise solution

 

21/38 Sheet:CS
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service Port Condition of Admission OXE Authenticati Confident Notes
Activation control? version? on iality
4760i (eConfig)
File transfer: MAO data during managem FTP 4760i Dyn_? CS 21/tcp If CS not in TCP password for passive FTP mode
save/restore operations ent securized wrappers mtcl
mode.
Remote connection managem TELNET 4760i Dyn_? CS 23/tcp If CS not in TCP password for
ent securized wrappers mtcl
mode.
Remote connection and file transfert managem SSH 4760i Dyn_? CS 22/tcp If CS in TCP >=R6.0 password for
(MAO data during save/restore ent securized wrappers mtcl
operations) mode.
 Applet download managem HTTP 4760i Dyn_?/tcp CS 80/tcp If CS not in none none Needed only the first time to download
ent securized the applet.
mode. Redirected to HTTPS port if CS is
secured.
 Applet download managem HTTPS 4760i Dyn_?/tcp CS 443/tcp If CS in none >=R6.1 none yes Needed only the first time to download
ent securized the applet.
mode.
PBX configuration (NMCCS) managem GIOP 4760i Dyn_?/tcp CS 5540/tcp yes no CORBA access
ent
ACAPI 2.x
File transfer: MIB managem FTP ACAPI 2.x Dyn_Win/tcp CS 21/tcp If CS not in TCP password for no passive FTP mode
ent securized wrappers mtcl
mode.
File transferts : MIB managem SSH ACAPI 2.x Dyn_Win/tcp CS 22/tcp If CS in TCP >=R6.0 login/pwd yes
ent securized wrappers
mode.
PBX configuration managem CMIP ACAPI 2.x Dyn_Win/tcp CS 2535/tcp yes no
ent
Support PC
Remote maintenance support TELNET PC support Dyn_?/tcp CS 23/tcp If CS not in TCP
securized wrappers
mode.
Maintenance access support SSH PC support Dyn_?/tcp CS 22/tcp If CS in TCP >=R6.0
securized wrappers
mode.
Webtools support HTTP PC support Dyn_?/tcp CS 80/tcp If CS not in none Redirected to HTTPS port if CS is
securized secured.
mode.
Webtools support HTTPS PC support Dyn_?/tcp CS 443/tcp If CS in none >=R6.1 yes yes
securized
mode.

(*) Port number is configurable

Synthesis of IP flows in OmniPCX Enterprise solution

 

22/38 Sheet:MG

GD, GA, INT_IP A & B

Client Server  
Purpose Plane Protocol Initiator Source port Responder Service port Condition Admission Notes
of control?
Activation
Router redirection command control ICMP router N/A GD, GA N/A ICMP redirect
INT_IP B
Autodiagnostic support ICMP INT_IP A+B N/A router   N/A ICMP echo request sent to
CS router and then CS when
signaling link to CS is lost to
determine where the link is
broken and issue incident to
help auto-diagnostic.

Diagnosis of white support ICMP GD, GA N/A CS N/A ICMP destination unreachable
communications GD,GA emitted when packet received
INT_IP A+B on closed fastsocket. Emitting
GD/CS then logs an incident
helping diagnose broken
communications (white or
half).

Network supervision console manage SNMP MIB browser Dyn_?/udp GD, GA 161/udp community
ment string
Dynamic IP configuration control DHCP GD 68/udp DHCP server 67/udp Request sent in broadcast (as
INT_IP B per RFC)
GD configuration and software control TFTP GD, GA Dyn_MG/udp CS 69/udp
upgrade (file download: binaries INT_IP A+B Dyn_INT_IP/udp
(binmg)+config (lanpbx.cfg,
startmgd)+voice guides
UA phone sets initialization control TFTP Dyn_IPP/udp 69/udp GD 69/udp Survivability GD while in survivability mode
downloads lanpbx.cfg, starttscip, Dyn_NOE/udp Dyn_NOE/udp mode only will serve configuration files to
startnoe, … Dyn_Win/udp the UA phone sets.

Synthesis of IP flows in OmniPCX Enterprise solution

 

23/38 Sheet:MG
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service port Condition Admission Notes
of control?
Activation
Proprietary signaling
CS controlling the MG control UA CS, INT_IP A BP+128/udp GD, INT_IP B BP+128/udp
MG controlling the GA control UA GD BP+128/udp GA BP+128/udp

Survivability against CS
connectivity loss
Rescuing side control UA CS BP+128/udp GD BP+130/udp Survivability Trafic goes over the PSTN.
mode only This port is only used on
rescuing GD (close to the CS)
= the one called through
PSTN by the GD to be
rescued.
Rescued side control UA GD BP+128/udp IPP, NOE BP/udp Survivability Rescued side
INT_IP A+B Softphone mode only
Encryption support
Voice commands control UA lite GD, GA BP+130/udp MSM 2049 (*)/udp Voice
INT_IP A+B encryption
Fax commands control UA lite GD, GA BP+131/udp MSM 2050 (*)/udp Voice
INT_IP A+B encryption

Synthesis of IP flows in OmniPCX Enterprise solution

 

24/38 Sheet:MG
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service port Condition Admission Notes
of control?
Activation
H.323 Gateway (GW)
H.323 gatekeeper discovery (bcast control ? GD, GA Dyn_?/udp GD, GA 1718/udp Iff a H.323
or multicast to IP@ 224.0.1.41)) INT_IP A INT_IP A trunk is
H.323 end_point declared
H.323 GK discovery (unicast) and control ? GD, GA Dyn_?/udp GD, GA 1719/udp Iff a H.323
GW RAS signaling INT_IP A INT_IP A trunk is
H.323 end_point declared
H323 RAS signaling control H.323 RAS H.323 end_point Dyn_?/udp INT_IP A 1720/udp Iff a H.323
trunk is
declared
H.323 Call establishment signaling control ? GD, GA Dyn_H225_CLT/tcp GD, GA 1720/tcp
(H.225) with H.323 terminals, othe r INT_IP A INT_IP A
gateways or ABC-F links H.323 extern gw H.323 extern gw
H.323 end_point
H.323 Call establishment control ? GD, GA ?/tcp GD Dyn_H225_CLT/tcp No more needed?
signalisation H.225 INT_IP A
(Q.931) H.323 extern gw
H.323 end_point
H.245 signaling control ? GD, GA Dyn_?/tcp GD, GA 1961/tcp Iff a H.323
INT_IP A INT_IP A trunk is
declared
H.245 media channel establishment control ? GD, INT_IP A Dyn_H245_CLT/tcp GD, INT_IP A Dyn_H245_SRV/tcp Iff a H.323
signalization H.323 extern gw Dyn_?/tcp trunk is
H.323 end_point Dyn_?/tcp declared
H.323 signalling with H.323 control ? ? ?/tcp GA Dyn_H245_GA/tcp
Gateways/Terminals or ABC-F links

H.323 monitor manage ? ? Dyn_?/tcp GD 4560/tcp

ment

Synthesis of IP flows in OmniPCX Enterprise solution

 

25/38 Sheet:MG
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service port Condition Admission Notes
of control?
Activation
Media: voice, fax...
Voice channel, voice quality control user RTP/RTCP GD, GA Dyn_Voice/udp IPP, NOE BP+2,3/udp START_RTP Whether encrypted of not, the
INT_IP A+B Softphone in signaling source and destination
addresses are not changed:
this flow is cleartext out of the
MG. When voice is encrypted,
cleartext flows through MSM
where it is encrypted and
continues encrypted to
destination.

user RTP/RTCP IPP, NOE BP+2,3/udp GD, GA Dyn_Voice/udp START_RTP Direction of first packet cannot
Softphone INT_IP A+B in signaling be predetermined: both
directions shall be enabled

Fax over IP user T.38 GD, GA Dyn_Voice/udp Fax ?/udp START_FAX Whether encrypted of not, the
INT_IP A+B in signaling source and destination
addresses are not changed:
this flow is cleartext out of the
MG. When voice is encrypted,
cleartext flows through MSM
where it is encrypted and
continues encrypted to
destination.

user T.38 Fax ?/udp GD, GA Dyn_Voice/udp START_FAX Direction of first packet cannot
INT_IP A+B in signaling be predetermined: both
directions shall be enabled

Synthesis of IP flows in OmniPCX Enterprise solution

 

26/38 Sheet:MG
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service port Condition Admission Notes
of control?
Activation
Maintenance and Support
Maintenance access support TELNET CS Dyn_CS/tcp GD, GA 23/tcp always on Incoming
INT_IP A+B connection
request
allowed only
from Call
Server 
support TELNET GD, GA Dyn_MG/tcp PC support 23/tcp
Maintenance file transfer  support TFTP PC support Dyn_?/udp INT_IP A+B 69/udp always on Used for support only.
support FTP GD, GA Dyn_MG/tcp PC support 21/tcp FTP transfer in active mode
unless client invoked
differently
External access for remote support ASCII CS Dyn_CS/udp GD BP+130/udp Activation in The CS sends through this
maintenance (eRMA) MAO port ASCII to the modem
embedded on the GD.

Synthesis of IP flows in OmniPCX Enterprise solution

 

27/38 Sheet:Auxiliaries

Various network elements

Client Server  
Purpose Plane Protocol Initiator Source port Responder Service port Condition Admission OXE Notes
of control? version
Activation
Audiocode (Z behind IP)
H.225 listen & dial port control H.225 ? ?/tcp Audiocode 1720/tcp Mandatory
RAS control H.323 ? ?/udp Audiocode 1719/udp Optional
H.245 control H.245 ? Dyn_?/tcp Audiocode Dyn_?/tcp Mandatory
RTP, RTCP, T.38 user RTP/RTCP GD, GA Dyn_Voice/udp Audiocode Dyn_Audiocode/u Direction of first packet
INT_IP A+B dp cannot be predetermined:
both directions shall be
enabled

user RTP/RTCP Audiocode Dyn_Audiocode/u GD, GA Dyn_Voice/udp

dp INT_IP A+B
Web manageme HTTP PC admin Dyn_?/tcp Audiocode 80/tcp Optional
nt
Syslog manageme Syslog ? 2048 Audiocode 514/udp Optional
nt
SNMP manageme SNMP ? 1024 Audiocode 160,161/udp Optional
nt
Moxa (V.24 port extender over IP)
Telnet manageme TELNET PC support Dyn_?/tcp MOXA 23/tcp
nt
Configurator / FW settings manageme CS Dyn_CS/tcp MOXA 4000/tcp
nt
Data port user CS Dyn_CS/tcp MOXA [950,965]/tcp Upper bound depends on
number of ports supported
by the box. Example a 4-port
box range will end at 953.

Command port control CS Dyn_CS/tcp MOXA [966, 981]/tcp Likewise upper bound for a 4-
port box will be 969.
Broacast monitor real com installer manageme ? Dyn_?/udp MOXA 1028/udp
nt

Synthesis of IP flows in OmniPCX Enterprise solution

 

28/38 Sheet:Auxiliaries
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service port Condition Admission OXE Notes
of control? version
Activation
Presentation Server (PRS)
Signaling link control UA CS BP+128/udp PRS 2570/udp OXE >= R6.0
Client API on WIndows system control HTTP PC appli Dyn_Win/tcp PRS 8080/tcp Windows server supported
only in small configuration

Client API on Linux system control HTTP PC appli Dyn_Lnx/tcp PRS 8080/tcp Linux server(s) in large
8083/tcp configurations
Web-based management manageme HTTP PC admin Dyn_?/tcp PRS 2010/tcp
nt
PRS monitoring support ? PC admin Dyn_?/tcp PRS 2009/tcp
NOE applications user HTTP NOE Dyn_NOE PRS or   80/tcp NOE >= v3 The HTTP server is any of
 API servers the API servers. Actual
request port may be any of
80, 8080, 8081, 8083, etc...

Alcatel Audio Station (AAS

Vocal guide file transfert support FTP PC support Dyn_Win/tcp CS 21/tcp If CS not in mtcl pwd Active FTP mode
securized
mode.
support SSH PC support Dyn_Win/tcp CS 22/tcp If CS in mtcl pwd >=R6.0
securized
mode
PC Installer 
File Transfer for software update support FTP CS Dyn_CS/tcp PC Installer 21/tcp Active FTP mode, CS is
client.
DHCP client support DHCP CS 68/udp PC Installer 67/udp Only for complete
reinstallation of system and
call handling software on CS.
CS is the client.

TFTP client support TFTP CS Dyn_CS/udp PC Installer 69/udp Only for complete
reinstallation of system and
call handling software on CS.
CS is the client.

Synthesis of IP flows in OmniPCX Enterprise solution

 

29/38 Sheet:UA terminals

IP phone (IPP), IP touch (NOE), MIPT, Softphone

Client Server  
Purpose Plane Protocol Initiator Source port Responder Service port Condition of Admission Version? Notes
Activation control?

Router presence check control ICMP IPP N/A router N/A ICMP echo request/reply
Was critical for correct
operation
control ICMP NOE N/A router N/A ICMP echo request/reply
NOT critical for correct
operation
Router redirection command control ICMP router N/A IPP, NOE, N/A ICMP redirect
MIPT
Network supervision console manage SNMP MIB browser Dyn_?/udp IPP 161/udp community IP phone only, not NOE.
ment string
Dynamic IP configuration control DHCP IPP, NOE, 68/udp DHCP server 67/udp If dynamic
MIPT configuration
Phone configuration and software control TFTP IPP Dyn_IPP/udp TFTP server 69/udp
upgrade (file download: NOE, MIPT Dyn_NOE/udp
binaries+config information Softphone Dyn_Win/udp
Download lanpbx.cfg, starttscip,
startnoe)
Phone directory control LDAP Softphone Dyn_Win/tcp LDAP server 389/tcp
Proprietary signaling
Signaling link control UA CS, INT_IP A BP+128/udp IPP, NOE, BP/udp When not in encrypted
MIPT mode
control STAP CS, INT_IP A 2556/udp Softphone BP/udp
control UA GD BP+128/udp IPP, NOE, BP/udp When in survivability The phone needs to be
INT_IP A+B MIPT mode statically configured for the
survivability mode to be
effective.
control ATAPI Softphone Dyn_Win/tcp OTS 3595/tcp
Encryption of voice and signaling control IKE SSM Dyn_?/udp NOE 500/udp When in encrypted OXE >=
mode R6.2
control ESP SSM N/A NOE N/A When in encrypted OXE >=
mode R6.2

Synthesis of IP flows in OmniPCX Enterprise solution

 

30/38 Sheet:UA terminals

Client Server  
Purpose Plane Protocol Initiator Source port Responder Service port Condition of Admission Version? Notes
Activation control?

Media: voice, fax...

Voice channel user RTP/RTCP GD, GA Dyn_Voice/udp IPP, NOE, BP+2,3/udp Whether encrypted of not,
Voice quality control or  INT_ IP A+B MIPT, the source and destination
SRTP/SRTCP Softphone addresses are not
with gateways changed.
user RTP/RTCP IPP, NOE, BP+2,3/udp GD, GA Dyn_Voice/udp Direction of first packet
or  MIPT INT_ IP A+B cannot be predetermined:
SRTP/SRTCP both directions shall be
enabled
user RTP/RTCP Softphone Dyn_Win/udp GD, GA Dyn_Voice/udp Voice packets emitted by
INT_ IP A+B the softphone are sent
from a dynamic UDP port.
Voice channel user RTP/RTCP IPP, NOE, BP+2,3/udp IPP, NOE, BP+2,3/udp Whether encrypted of not,
Voice quality control or  MIPT MIPT, the source and destination
SRTP/SRTCP Softphone addresses are not
between UA phones changed.
user RTP/RTCP IPP, NOE, BP+2,3/udp IPP, NOE, BP+2,3/udp Direction of first packet
or  MIPT MIPT cannot be predetermined:
SRTP/SRTCP both directions shall be
enabled
user RTP/RTCP Softphone Dyn_Win/udp IPP, NOE, BP+2,3/udp Voice packets emitted by
MIPT the softphone are sent
from a dynamic UDP port.
Applications
NOE applications user HTTP NOE Dyn_NOE PRS 80/tcp NOE >= v3 The HTTP server is anyone
 API servers amongst the API servers.
(See tab 'Auxiliaries' for  Actual request port may be
more information on PRS) any from 80, 8080, 8081,
8083, etc...
Maintenance and Support
Maintenance access support TELNET PC support Dyn_?/tcp IPP 23/tcp always on Incoming
connection
request
allowed only
from Call
Server 
support TELNET PC support Dyn_?/tcp NOE 23/tcp SET_PARAM UA none
message with telnetd
timeout

Synthesis of IP flows in OmniPCX Enterprise solution

 

31/38 Sheet:OTUC

OmniTouch Unified Communications

Client Server  
Purpose Plane Protocol Initiator Source port Responder Service Port OTUC Authentication Confidentiality Integrity Notes
version?

myPhone
Proprietary signaling control ATAPI Client Dyn_Win/tcp OTS 3595/tcp (*) YES NO
control LDAP Client Dyn_Win/tcp LDAP server 389/tcp NO NO Not for Websoftphone
control TFTP Client Dyn_Win/udp TFTP server 69/udp NO NO
control STAP CS 2556/udp Client BP/udp ? NO
Voice user RTP/RTCP GD, GA, 46x5 Dyn_Voice/udp Softphone BP+2,3/udp NO NO
INT_IP A+B Dyn_Voice/udp
Media Server  Dyn_MS/udp
IPP, NOE BP+2,3/udp Direction of first packet cannot
be predetermined: both
directions shall be enabled
user RTP/RTCP Softphone Dyn_Win/udp GD, GA, 46x5 Dyn_Voice/udp NO NO Voice packets emitted by the
INT_IP A+B Dyn_Voice/udp softphone are sent from a
Media Server  Dyn_MS/udp dynamic UDP port.
IPP, NOE BP+2,3/udp
Service Infrastructure
CS interfacing control CSTA Service Infra Dyn_?/tcp CS 2555/tcp YES OTS server 
Mngt Interfacing control CMISD Service Infra Dyn_?/tcp CS 2535/tcp YES OTS server 
myMessaging
Web client control HTTP Client Dyn_Win/tcp Service Infra 8080/tcp YES YES (HTTPS) Only if LARGE or
Websoftphone
control SOAP/HTTP Client Dyn_Win/tcp Service Infra 8083/tcp >=R3.x ? ? Not for Websoftphone
control IMAP4 Client Dyn_Win/tcp 46x5 143/tcp (993/tcp) YES YES if IMAP4s Only if integrated voice mail
control FlexLM Client Dyn_Win Service Infra 27000 Not for Websoftphone
Outlook Client control MAPI Client Dyn_Win/tcp Exchange ?/tcp YES
control IMAP4 Client Dyn_Win/tcp 46x5 143/tcp (993/tcp) YES YES if IMAP4s Only if integrated voice mail or
IMAP4 Server  external IMAP server 
control HTTP Client Dyn_Win/tcp Service Infra 8080/tcp YES YES (HTTPS) Only if LARGE
control SOAP/HTTP Client Dyn_Win/tcp Service Infra 8083/tcp >=R3.x ? ?
Lotus Client control NAPI Client Dyn_Win/tcp Domino ?/tcp YES
control IMAP4 Client Dyn_Win/tcp 46x5 143/tcp (993/tcp) YES YES if IMAP4s
IMAP4 Server  Only if external IMAP server 
control HTTP Client Dyn_Win/tcp Service Infra 8080/tcp YES YES (HTTPS) Only if LARGE
control SOAP/HTTP Client Dyn_Win/tcp Service Infra 8083/tcp >=R3.x ? ?
Email server
Store Voice Message control SMTP Service Infra Dyn_?/tcp Email server 25/tcp
IMAP4 server access control IMAP4 Service Infra Dyn_?/tcp Email server 143/tcp Not if Exchange or Domino is
used as eMail server 
Mail box access control HTTP Service Infra Dyn_?/tcp Email server 8000/tcp
PIM mngt control HTTP Service Infra Dyn_?/tcp Email server 8001/tcp
Filter mngt control HTTP Service Infra Dyn_?/tcp Email server 8002/tcp
Notif request control HTTP Email server Dyn_?/tcp Service Infra 8082/tcp

Synthesis of IP flows in OmniPCX Enterprise solution

 

32/38 Sheet:OTUC
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service Port OTUC Authentication Confidentiality Integrity Notes
version?

Voice mail server 

Voice Mail access control IMAP4 Service Infra Dyn_?/tcp 46x5 143/tcp (993/tcp) YES YES if IMAP4s Only if integrated voice mail
Voice Mail Control control VMMC2/HTTP Service Infra Dyn_?/tcp 46x5 80/tcp YES NO Only if integrated voice mail
Media Server (MS)
Voice Signaling control SIP CS 5060 (*)/udp MS 5060 (*)/udp YES but Not used NO

Voice Flow user RTP/RTCP GD, GA, 46x5 Dyn_Voice/udp MS Dyn_MS/udp NO NO

INT_IP A+B Dyn_Voice/udp
IPP, NOE, BP+2,3/udp Direction of first packet cannot
Softphone be predetermined: both
directions shall be enabled
user RTP/RTCP MS Dyn_MS/udp GD, GA, 46x5 Dyn_Voice/udp NO NO
INT_IP A+B Dyn_Voice/udp
IPP, NOE, BP+2,3/udp
Softphone
Voice Application control HTTP/VXML MS Dyn_?/tcp Service Infra 8080/tcp NO NO
control HTTP/PPR Service Infra Dyn_?/tcp MS 8015/tcp NO NO
myAssistant
no specific flow
Common Service Infrastructure
OTUC application control Java RMI another CS Dyn_CS/tcp Service Infra 1099/tcp YES
Licences access control FlexLM Service Infra Dyn_? Licences 27000
Server 
Directories control LDAP Service Infra Dyn_? Directory 389 YES YES LDAP directory internal to
OTUC (not the company's
directory)
SQL Database control Service Infra Dyn_? Database ? Internal to OTUC (only if
LARGE)
 API openness control SOAP/HTTP Third party Dyn_?/tcp Service Infra 8080/tcp YES YES (HTTPS) Home page access. Only in
LARGE.

Notes (*) configurable through command line upon server startup

Synthesis of IP flows in OmniPCX Enterprise solution

 

33/38 Sheet:OTCC

OmniTouch Contact Center 

Client Server  
Purpose Plane Protocol Initiator Source Responder Service Port Condition of Authentication Notes
port Port Location activation

CCD
Stats transfer <==> manage FTP PC admin Dyn_? Afe 21/tcp YES
ment
Mngt interfacing <==> control CMIS Afe Dyn_CS Cmisd 2535/tcp OXE YES
CCD Supervision <==> control ? CCS Dyn_Win Afe 2538/tcp OXE YES
TSS tool for Afe <==> support Text PC support Dyn_? Afe 2538/tcp OXE NO Debug only
(adm_acd)
CCS emulator <==> support TELNET PC support Dyn_? Afe 2538/tcp OXE NO Debug only
(terminal)
CCS Server <==> control ? CCS Server Dyn_Win Afe 2538/tcp OXE NO
TSS tool for CCS Server support Text PC support Dyn_? CCS Server 2543/tcp OXE or NO Debug only
<==> (adm_acd - Windows
servccs)
CCD Supervision <==> control ? CCS Dyn_Win CCS Server 2543/tcp OXE or YES
Windows
pilot_test support UA PC support ? rtest 2554/tcp OXE Manual NO Test only
(pilot_test) configuration
PABX interfacing <==> control CSTA / C Afe ? CSTA server 2555/tcp OXE NO
CSTA Tools <==> support CSTA / ASN1 Pilot/Pilot2a ? CSTA Server 2555/tcp OXE NO Test only

support CSTA / C Pilot2 ? CSTA Server 2555/tcp OXE NO Test only

CSTA web access control HTML Browser ? CSTA Server 2555/tcp OXE NO
CSTA Telnet support TELNET telnet ? CSTA Server 2555/tcp OXE NO Debug only
lis support LIS lis ? rlis 2560/tcp OXE Manual YES Test SOSM
configuration
lisEA manage LIS lisEA ? rlisEA 2561/tcp OXE EAU YES
ment configuration

Synthesis of IP flows in OmniPCX Enterprise solution

 

34/38 Sheet:OTCC
Client Server  
Purpose Plane Protocol Initiator Source Responder Service Port Condition of Authentication Notes
port Port Location activation

Agent Call Routing (ACR)

internal agent selector control ? Alb ? Afe 2538/tcp OXE NO
<==>
external agent selector control ? Asm ? Afe 2538/tcp OXE NO
<==>
TSS tool for asm/alb <==> support Text adm_acd - ? Alb/Asm 2546/tcp OXE or NO Debug only
salb Windows
 ASM Manager <==> control ? Alb/Asm ? ASM Manager 2546/tcp OXE or NO
Windows
Scripting <==> control ? Alb/Asm ? ASM SE 2546/tcp OXE or YES
Windows
Script debugger <==> control ? debugger ? Alb/Asm 2546/tcp OXE or YES
Windows
SQL Interface <==> control ODBC Customer ? Asm ?/tcp YES
Database
Scripting support ? ? 1969/tcp Windows Not used
WFP
Statistics importing <==> ? Wfp ? Afe 2538/tcp OXE NO

Statistics exporting => FTP customer ? WFP ?/tcp YES

host
Contact Center Agent (CCA)
CCA Server <==> control ? CCA Server ? Afe 2538/tcp OXE NO
TSS tool for CCA Server support Text adm_acd - ? CCA Server 2544/tcp Windows NO Debug only
<==> spcag
Manager <==> control ? CCA Server ? Manager 2544/tcp Windows YES
 Agent desktop <==> control ? CCA ? CCA Server 2544/tcp Windows YES
 Agent desktop <==> control ATAPI CCA ? OTS 3595/tcp Windows YES
voice signaling <==> control CSTA / ASN1 OTS ? CSTA Server 2555/tcp OXE YES

Synthesis of IP flows in OmniPCX Enterprise solution

 

35/38 Sheet:OTCC
Client Server  
Purpose Plane Protocol Initiator Source Responder Service Port Condition of Authentication Notes
port Port Location activation

Contact Center Outbound (CCO)

CTI application <==> control CSTA / ASN1 CSTA Server ? Genesys 2555/tcp OXE NO
T-Server 
agent scripting <==> control HTTP WEB Server ? CCA 80/tcp Windows NO
CCO Script Editor <==> control FTP FTP Server ? CCOSE 2121/tcp Windows YES
Data synchronization => control ? Synchro ? Afe 2538/tcp OXE NO
Server 
CCO Script Editor <= control ? Config Server ? CCOSE 2020/tcp Windows YES

CCO Script Editor support ? ? ? CCOSE 1970/tcp Windows Not used

Contact Center Interactive Voice Response (CCIVR)
 ADM <==> control ? ADM ? CSTA server 900/tcp Windows YES
EST <==> control ? EST ? ADM 10000/tcp Windows YES
 APPLICATION <==> control ? appli ? ADM 11000/tcp Windows YES
 ADS control ? ADS ? ADM 901/tcp Windows YES
 ALARM control ? ALARM ? ADM 902/tcp Windows YES
DBS control ? DBS ? ADM 903/tcp Windows YES
RPM control ? RPM ? ADM 904/tcp Windows YES
SMS control ? SMS ? ADM 906/tcp Windows YES
STS control ? STS ? ADM 907/tcp Windows YES
VPRM control ? VPRM ? ADM 908/tcp Windows YES
 AMBX control ? AMBX ? ADM 909/tcp Windows YES
EAS control ? EAS ? ADM 910/tcp Windows YES
SAS control ? SAS ? ADM 911/tcp Windows YES
SASDISP control ? SASDISP ? ADM 913/tcp Windows YES
 ACRS control ? ACRS ? ADM 914/tcp Windows YES
extra1 ? ? extra1 ? ADM 950/tcp Windows YES
extra2 ? ? extra2 ? ADM 951/tcp Windows YES
extra3 ? ? extra3 ? ADM 952/tcp Windows YES
extra4 ? ? extra4 ? ADM 953/tcp Windows YES
extra5 ? ? extra5 ? ADM 954/tcp Windows YES

Synthesis of IP flows in OmniPCX Enterprise solution

 

36/38 Sheet:OTCC
Client Server  
Purpose Plane Protocol Initiator Source Responder Service Port Condition of Authentication Notes
port Port Location activation

myserver support ? myserver ? ADM 850/tcp Windows YES Test only

performTest support ? performTest ? ADM 851/tcp Windows YES Test only
SIM_dataServer support ? SIM_dataSer   ? ADM 852/tcp Windows YES Test only
ver 
SIM_DBS support ? SIM_DBS ? ADM 853/tcp Windows YES Test only
SIM_VPRM support ? SIM_VPRM ? ADM 854/tcp Windows YES Test only
TBBS ? ? TBBS ? 855/tcp Windows YES
TSA ? ? TSA ? ADM 111/tcp Windows YES
? ? TSA ? ADM 708/tcp Windows YES
Genesys
? control ? T-server ?/tcp CS 0/tcp N/A Value is configurable with a default
of 0. Change takes effect after T-
server has reconnected to the link.

? control ? T-server ?/tcp client 0/tcp N/A Value is configurable with a default
of 0. Change takes effect after T-
server is restarted.

Synthesis of IP flows in OmniPCX Enterprise solution

 

37/38 Sheet:VoWLAN

Voice over Wireless LAN: Airespace or Aruba infrastructure

Client Server  
Purpose Plane Protocol Initiator Source port Responder Service Port Condition VoWLAN Notes
of version?
activation

Mobile IP Telephony handset (MIPT)

Dynamic IP configuration control DHCP MIPT 68/udp SVP 67/udp

Download configuration control TFTP MIPT Dyn_WLAN/udp TFTP server 69/udp

files, binary, menu files
Spectralink voice protocol control SRP (119) MIPT N/A SVP N/A This is an IP protocol at same level as
UDP or TCP (no notion or source or
destination port)
H.323 incoming call control H.323/H.225 GD Dyn_H225_CLT/tcp MIPT (NATed) 1720/tcp Traffic to MIPT translated is actually
intercepted by SVP which performs a
pseudo NAT function, redirecting the
traffic through SRP protocol
H.323 outgoing call control H.323/H.225 MIPT (NATed) Dyn_WLAN/tcp GD 1720/tcp

H.245 to GD control H.323/H.245 MIPT (NATed) Dyn_WLAN/tcp GD Dyn_H245_SRV/tcp

H.245 to MIPT control H.323/H.245 GD Dyn_H245_CLT/tcp MIPT (NATed) 41788/tcp

Voice channel, Voice user RTP/RTCP GD, GA, 46x5 Dyn_Voice/udp MIPT (NATed) 19282/udp RTCP may be blocked bu firewall since
quality control INT_IP A+B Dyn_Voice/udp all RTCP traffic to MIPT is ignored and
Media Server  Dyn_MS/udp MIPT doesn't emit any RTCP packet.
IPP, NOE BP+2/udp
Softphone Dyn_?/udp
user RTP/RTCP MIPT (NATed) 19282/udp GD, GA, 46x5 Dyn_Voice/udp Direction of first packet cannot be
INT_IP A+B Dyn_Voice/udp predetermined: both directions shall be
Media Server  Dyn_MS/udp enabled
IPP, NOE BP+2/udp
Softphone Dyn_?/udp

Synthesis of IP flows in OmniPCX Enterprise solution

 

38/38 Sheet:VoWLAN
Client Server  
Purpose Plane Protocol Initiator Source port Responder Service Port Condition VoWLAN Notes
of version?
activation

SVP management
Dynamic IP configuration control DHCP SVP 68/udp DHCP server 67/udp SVP acts as a DHCP proxy relaying
the DHCP request in unicast to the
actual DHCP server.
DHCP can be made mandatory for
every terminal
H.225 RAS to H.323 control H.323/H.225 GD 1719/udp SVP 1719/udp registration or RAS admission
Gatekeeper  message
Maintenance download of support TFTP SVP Dyn_WLAN/udp TFTP server 69/udp
configuration files, binary

Management console manage TELNET PC support Dyn_?/tcp SVP 21/tcp

access ment
OAW management
Maintenance download of support TFTP OAW Dyn_WLAN/udp TFTP server 69/udp
configuration files, binary

Management console manage TELNET PC support Dyn_?/tcp OAW 21/tcp

access ment
manage SSH PC support Dyn_?/tcp OAW 22/tcp
ment
Web-based management manage HTTP PC admin Dyn_?/tcp OAW 80/tcp
ment
manage HTTPS PC admin Dyn_?/tcp OAW 443/tcp
ment
Journaling output manage SYSLOG OAW Dyn_WLAN/udp syslog server 514/udp
ment
SNMP requests manage SNMP Supervision Dyn_?/udp OAW 161/udp
ment console
SNMP traps manage SNMP OAW Dyn_WLAN/udp Supervision 162/udp
ment console

Synthesis of IP flows in OmniPCX Enterprise solution