B Port Matrix
Standard Port Matrix for SBC security hardening.
Refer to this port matrix as part of deploying a secure Oracle SBC.
Ethernet | Ports | Protocol | Service | Optional | Configurable Port | Default Port State | Server or Client | Description |
---|---|---|---|---|---|---|---|---|
Wancom0 | 21 | TCP | FTP | Yes | Yes | Closed | Client | FTP push receiver |
Wancom0 | 22 | TCP | SSH / SFTP | Yes | No | Open | Server | SSH for ACLI admin |
Wancom0 | 49 | TCP | TACACS+ | Yes | Yes | Closed | Client | TACACS+ AAA |
Wancom0 | 80 | TCP | HTTP | Yes | Yes | Closed | Server | HTTP SIP monitoring and tracing or provisioning GUI |
Wancom0 | 123 | UDP | NTP | Yes | No | Closed | Client | NTP time update requests |
Wancom0 | 161 | UDP | SNMP | Yes | No | Closed | Client | SNMP traps |
Wancom0 | 162 | UDP | SNMP | Yes | No | Closed | Server | SNMP MIB retrieval |
Wancom0 | 443 | TCP | TLS/HTTPS | Yes | Yes | Closed | Server | HTTP SIP monitoring and tracing or provisioning GUI |
Wancom0 | 514 | UDP | Syslog | Yes | Yes | Closed | Client | Syslog message feed |
Wancom0 | 1812 | UDP | Radius | Yes | Yes | Closed | Client | RADIUS AAA |
Wancom0 | 1813 | UDP | Radius | Yes | Yes | Closed | Client | RADIUS Accounting |
Wancom0 | 2200 | TCP | SSH/SFTP | Yes | No | Closed | Server | Enable root shell access when boot flag is 0x10 |
Wancom0 | 3000 | TCP | ACP | Yes | No | Open | Server | Acme Control Protocol for GUI |
Wancom0 | 3001 | TCP | ACP | Yes | No | Open | Server | Acme Control Protocol for GUI |
Wancom0 | ANY | UDP | Process Log | Yes | Yes (any) | Closed | Client | Internal process log feed |
Wancom0 | n/a | 1 | ICMP Echo Reply | Yes | No | Open | Server | Echo Request (Ping) used by SIP trunk between ASM and its application server (CM) |
Wancom1 & 2 | 22 | TCP | SSH / SFTP | Yes | No | Closed | Server | |
Wancom1 & 2 | 1987 | UDP | HA CFG | Yes | Yes | Closed | Both | Primary is server, client is secondary |
Wancom1 & 2 | 9090 | UDP | HA BERPD | Yes | Yes | Closed | Both | Primary is server, client is secondary |
Services Ports | n/a | 50 | ESP | Yes | No | Closed | Server | |
Services Ports | n/a | 51 | AH | Yes | No | Closed | Server | |
Services Ports | n/a | 1 | ICMP Echo Reply | Yes | Closed | Server | ||
Services Ports | 21 | TCP | FTP | Yes | No | Closed | Server | |
Services Ports | 22 | TCP | SSH / SFTP | Yes | No | Open | Server | |
Services Ports | 23 | TCP | Telnet | Yes | No | Closed | Server | |
Services Ports | 53 | UDP | DNS | Yes | No | Closed | Client | |
Services Ports | 80 | TCP | OCSP | Yes | Yes | Closed | Client | |
Services Ports | 80 | TCP | COPS, A-COPS, DIAMETER | Yes | Yes | Closed | Client | Policy server |
Services Ports | 161 | UDP | SNMP | Yes | No | Closed | Client | SNMP traps |
Services Ports | 162 | UDP | SNMP | Yes | No | Closed | Server | SNMP MIB retrieval |
Services Ports | 500 | UDP | ISAKMP | Yes | Yes | Closed | Server | |
Services Ports | 1986 | TCP | MCGP HA | Yes | Yes | Closed | Server | |
Services Ports | 1988 | TCP | MCGP SIP Checkpoint | Yes | Yes | Closed | Server | |
Services Ports | 1719 | TCP | H.323 RAS | Yes | Yes | Closed | Server | |
Services Ports | 1720 | TCP | H.323 Q931 | Yes | Yes | Closed | Server | Set, dynamic from 0 up |
Services Ports | 1994 | TCP | IPsec | Yes | Yes | Closed | Server | Ipsec sync messages |
Services Ports | 2200 | TCP | SSH/SFTP | Yes | No | Closed | Server | Enable root shell access when boot flag is 0x10 |
Services Ports | 2427 | TCP/UDP | MGCP | Yes | Yes | Closed | Client | MGCP signaling |
Services Ports | 2727 | TCP/UDP | MGCP | Yes | Yes | Closed | Server | MGCP signaling |
Services Ports | 3478 | TCP/UDP | STUN | Yes | Yes | Closed | Both | |
Services Ports | 3479 | TCP/UDP | STUN | Yes | Yes | Closed | Both | |
Services Ports | 3868 | TCP/SCTP | Diameter | Yes | Yes | Closed | Both | HSS Connection, client port dynamic |
Services | 4500 | UDP | ISAKMP/NAT | Yes | Yes | Closed | Server | |
Services Ports | 5060 | TCP/UDP/SCTP | SIP | Yes | Yes | Closed | Both | SIP, client port dynamic |
Services Ports | 5061 | TCP | SIP TLS | Yes | Yes | Closed | Both | SIP over TLS carried by TCP |
Services Ports | 1025-65535 | TCP/UDP | RTP/SRTP | Yes | Yes | Closed | Both | Media traffic |
Services Ports | 1025-65535 | TCP | IMS AKA | Yes | Yes | Closed | Both | IMS AKA protected server port |
Services Ports | 1025-65535 | TCP | IMS AKA | Yes | Yes | Closed | Client | IMS AKA protected client port |