|
Operating System Firewall Setting
|
Executable/Service or Application
|
|
|
TCP: 20500, 20501, 20502, 19003, 1935 |
Open only between servers in a Unity Connection cluster |
CuCsMgr/Unity Connection Conversation Manager |
cucsmgr |
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
TCP: 21000–21512 |
Open |
CuCsMgr/Unity Connection Conversation Manager |
cucsmgr |
IP phones must be able to connect to this range of ports on the Unity Connection server for some phone client applications. |
TCP: 5000 |
Open |
CuCsMgr/Unity Connection Conversation Manager |
cucsmgr |
Opened for port-status monitoring read-only connections. Monitoring must be configured in Connection Administration before any data can be seen on this port (Monitoring is off by default). Administration workstations connect to this port. |
TCP and UDP ports allocated by administrator for SIP traffic. TCP ports 5001, 5002, 5003 and 5004 are open. Possible ports are 5060–5199 |
Open |
CuCsMgr/Unity Connection Conversation Manager |
cucsmgr |
Unity Connection SIP Control Traffic handled by conversation manager. SIP devices must be able to connect to these ports. |
TCP: 20055 |
Open only between servers in a Unity Connection cluster |
CuLicSvr/Unity Connection License Server |
culic |
Restricted to localhost only (no remote connections to this service are needed). |
TCP: 1502, 1503 (“ciscounity_tcp” in /etc/services) |
Open only between servers in a Unity Connection cluster |
unityoninit/Unity Connection DB |
root |
Servers in a Unity Connection cluster must be able to connect to each other on these database ports. For external access to the database, use CuDBProxy. |
TCP: 143, 993, 7993, 8143, 8993 |
Open |
CuImapSvr/Unity Connection IMAP Server |
cuimapsvr |
Client workstations must be able to connect to ports 143 and 993 for IMAP inbox access, and IMAP over SSL inbox access. |
TCP: 25, 8025 |
Open |
CuSmtpSvr/Unity Connection SMTP Server |
cusmtpsvr |
Servers delivering SMTP to Unity Connection port 25, such as other servers in a UC Digital Network. |
TCP: 4904 |
Blocked; internal use only |
SWIsvcMon (Nuance SpeechWorks Service Monitor) |
openspeech |
Restricted to localhost only (no remote connections to this service are needed). |
TCP: 4900:4904 |
Blocked; internal use only |
OSServer/Unity Connection Voice Recognizer |
openspeech |
Restricted to localhost only (no remote connections to this service are needed). |
UDP: 16384–21511 |
Open |
CuMixer/Unity Connection Mixer |
cumixer |
VoIP devices (phones and gateways) must be able to send traffic to these UDP ports to deliver inbound audio streams. |
UDP: 7774–7900 |
Blocked; internal use only |
CuMixer/ Speech recognition RTP |
cumixer |
Restricted to localhost only (no remote connections to this service are needed). |
TCP: 22000 UDP: 22000 |
Open only between servers in a Unity Connection cluster |
CuSrm/ Unity Connection Server Role Manager |
cusrm |
Cluster SRM RPC. Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
TCP: 22001 UDP: 22001 |
Open only between servers in a Unity Connection cluster |
CuSrm/ Unity Connection Server Role Manager |
cusrm |
Cluster SRM heartbeat. Heartbeat event traffic is not encrypted but is MAC secured. Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
TCP: 20532 |
Open |
CuDbProxy/ Unity Connection Database Proxy |
cudbproxy |
If this service is enabled it allows administrative read/write database connections for off-box clients. For example, some of the ciscounitytools.com tools use this port. Administrative workstations would connect to this port. |
TCP: 22 |
Open |
Sshd |
root |
Firewall must be open for TCP 22 connections for remote CLI access and serving SFTP in a Unity Connection cluster. Administrative workstations must be able to connect to a Unity Connection server on this port. Servers in a Unity Connection cluster must be able to connect to each other on this port. |
UDP: 161 |
Open |
Snmpd Platform SNMP Service |
root |
— |
UDP: 500 |
Open |
Raccoon ipsec isakmp (key management) service |
root |
Using ipsec is optional, and off by default. If the service is enabled, servers in a Unity Connection cluster must be able to connect to each other on this port. |
TCP: 8500 UDP: 8500 |
Open |
clm/cluster management service |
root |
The cluster manager service is part of the Voice Operating System. Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
UDP: 123 |
Open |
Ntpd Network Time Service |
ntp |
Network time service is enabled to keep time synchronized between servers in a Unity Connection cluster. The publisher server can use either the operating system time on the publisher server or the time on a separate NTP server for time synchronization. Subscriber servers always use the publisher server for time synchronization. Servers in a Unity Connection cluster must be able to connect to each other on this port. |
TCP: 5007 |
Open |
Tomcat/Cisco Tomcat (SOAP Service) |
tomcat |
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
TCP: 1500, 1501 |
Open only between servers in a Unity Connection cluster |
cmoninit/Cisco DB |
informix |
These database instances contain information for LDAP integrated users, and serviceability data. Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
TCP: 1515 |
Open only between servers in a Unity Connection cluster |
dblrpm/Cisco DB Replication Service |
root |
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
TCP: 8001 |
Open only between servers in a Unity Connection cluster |
dbmon/Cisco DB Change Notification Port |
database |
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
TCP: 2555, 2556 |
Open only between servers in a Unity Connection cluster |
RisDC/Cisco RIS Data Collector |
ccmservice |
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
TCP: 1090, 1099 |
Open only between servers in a Unity Connection cluster |
Amc/Cisco AMC Service (Alert Manager Collector) |
ccmservice |
Performs back-end serviceability data exchanges 1090: AMC RMI Object Port 1099: AMC RMI Registry Port Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
TCP: 80, 443, 8080, 8443 |
Open |
tomcat/Cisco Tomcat |
tomcat |
Both client and administrative workstations need to connect to these ports. Servers in a Unity Connection cluster must be able to connect to each other on these ports for communications that use HTTP-based interactions like REST.
Note These ports support both the IPv4 and IPv6 addresses. However, the IPv6 address works only when Connection platform is configured in Dual (IPv4/IPv6) mode. For more information on Configuring IPv6 settings, see Adding or Changing the IPv6 Addresses of Cisco Unity Connection chapter of Install, Upgrade, and Maintenance Guide for Cisco Unity Connection guide at http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/10x/install_upgrade/guide/10xcuciumgx.html.
Note Cisco Unity Connection Survivable Remote Site Voicemail SRSV supports these ports for IP communication.
|
TCP: 8081, 8444 |
Open only between servers in HTTPS Networking |
tomcat/Cisco Tomcat |
tomcat |
Servers in HTTPS Networking must be able to connect to each other on these ports for communications. Unity Connection HTTPS Directory Feeder service uses these ports for directory synchronization.
Note Unity Connection HTTPS Directory Feeder service supports only IPv4 mode.
|
TCP: 5001, 8005 |
Blocked; internal use only |
tomcat/Cisco Tomcat |
tomcat |
Internal tomcat service control and axis ports. |
TCP: 32768–61000 UDP: 32768–61000 |
Open |
— |
— |
Ephemeral port ranges, used by anything with a dynamically allocated client port. |
TCP: 7080 |
Open |
jetty/Unity Connection Jetty |
jetty |
Exchange 2007,2010, and 2013 only: EWS notifications of changes to Unity Connection voice messages. This port is also available for clients to request comet notifications from Cisco Unity Connection for a voicemail subscriber. |
TCP: 7443 |
Open |
jetty/Unity Connection Jetty |
jetty |
Starting with release 10.5.2 and later, the comet notification client needs to connect to this port to receive comet notifications over SSL. |
TCP: 6080 |
Open |
CuCsMgr/Unity Connection Conversation Manager |
cucsmgr |
Video server must be able to connect to Unity Connection on this port for communications. |