- Contents (DO NOT PUBLISH)
- Preface
- IP Communications Required by Cisco Unity Connection 10.x
- Preventing Toll Fraud in Cisco Unity Connection 10.x
- Securing the Connection Between Cisco Unity Connection 10.x, Cisco Unified Communications Manager, and IP Phones
- Securing Administration and Services Accounts in Cisco Unity Connection 10.x
- FIPS Compliance in Cisco Unity Connection 10.x
- Passwords, PINs, and Authentication Rule Management in Cisco Unity Connection 10.x
- Single Sign-on in Cisco Unity Connection
- The Cisco Unity Connection 10.x Security Password
- Using SSL to Secure Client/Server Connections in Cisco Unity Connection 10.x
- Securing User Messages in Cisco Unity Connection 10.x
- Cisco Unity Connection - Restricted and Unrestricted Version (Applicable for 10.5(2) SU6 and later)
- Index
IP Communications Required by Cisco Unity Connection
Cisco Unity Connection Service Ports
Table 1-1 lists the TCP and UDP ports that are used for inbound connections to the Cisco Unity Connection server, and ports that are used internally by Unity Connection.
|
|
|
|
|
---|---|---|---|---|
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
IP phones must be able to connect to this range of ports on the Unity Connection server for some phone client applications. |
||||
Opened for port-status monitoring read-only connections. Monitoring must be configured in Connection Administration before any data can be seen on this port (Monitoring is off by default). |
||||
TCP and UDP ports allocated by administrator for SIP traffic. |
Unity Connection SIP Control Traffic handled by conversation manager. |
|||
Restricted to localhost only (no remote connections to this service are needed). |
||||
Servers in a Unity Connection cluster must be able to connect to each other on these database ports. |
||||
Client workstations must be able to connect to ports 143 and 993 for IMAP inbox access, and IMAP over SSL inbox access. |
||||
Servers delivering SMTP to Unity Connection port 25, such as other servers in a UC Digital Network. |
||||
Restricted to localhost only (no remote connections to this service are needed). |
||||
Restricted to localhost only (no remote connections to this service are needed). |
||||
VoIP devices (phones and gateways) must be able to send traffic to these UDP ports to deliver inbound audio streams. |
||||
Restricted to localhost only (no remote connections to this service are needed). |
||||
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Heartbeat event traffic is not encrypted but is MAC secured. Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
If this service is enabled it allows administrative read/write database connections for off-box clients. For example, some of the ciscounitytools.com tools use this port. |
||||
Firewall must be open for TCP 22 connections for remote CLI access and serving SFTP in a Unity Connection cluster. Administrative workstations must be able to connect to a Unity Connection server on this port. Servers in a Unity Connection cluster must be able to connect to each other on this port. |
||||
Using ipsec is optional, and off by default. If the service is enabled, servers in a Unity Connection cluster must be able to connect to each other on this port. |
||||
The cluster manager service is part of the Voice Operating System. Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Network time service is enabled to keep time synchronized between servers in a Unity Connection cluster. The publisher server can use either the operating system time on the publisher server or the time on a separate NTP server for time synchronization. Subscriber servers always use the publisher server for time synchronization. Servers in a Unity Connection cluster must be able to connect to each other on this port. |
||||
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
These database instances contain information for LDAP integrated users, and serviceability data. Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Performs back-end serviceability data exchanges 1090: AMC RMI Object Port 1099: AMC RMI Registry Port Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Both client and administrative workstations need to connect to these ports. Servers in a Unity Connection cluster must be able to connect to each other on these ports for communications that use HTTP-based interactions like REST. ![]() Note ![]() Note |
||||
Servers in HTTPS Networking must be able to connect to each other on these ports for communications. Unity Connection HTTPS Directory Feeder service uses these ports for directory synchronization. ![]() Note |
||||
Ephemeral port ranges, used by anything with a dynamically allocated client port. |
||||
Exchange 2007,2010, and 2013 only: EWS notifications of changes to Unity Connection voice messages. This port is also available for clients to request comet notifications from Cisco Unity Connection for a voicemail subscriber. |
||||
Starting with release 10.5.2 and later, the comet notification client needs to connect to this port to receive comet notifications over SSL. |
||||
Video server must be able to connect to Unity Connection on this port for communications. |
1.Bold port numbers are open for direct connections from off-box clients. |
Outbound Connections Made by Unity Connection
Table 1-2 lists the TCP and UDP ports that Cisco Unity Connection uses to connect with other servers in the network.