cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2607
Views
0
Helpful
2
Replies

Which ports need to be open from Cube - ISP

monasir
Level 1
Level 1

Hi all,

 

I'm not able to find specific information like , which ports needs to be open from the Cube to the ISP. ( outside)

At the moment the cube is configured and the customer is able to make incoming and outgoing  calls.

However the cube connection is open in the internet and not secure.

 

And the ISP is receiving several server attacks from anonymous calls/strange calls which do not exsist in the DDI range.

So the  service provider blocked everything and we are not able to make outgoing or incoming calls.

Their advise was to fine tune security so that not everything is  open

 

The client is using a Fortigate 1000 Firewall.
Which things do i need to consider or the security engineer?

2 Replies 2

Chris Deren
Hall of Fame
Hall of Fame

You need to get that information from he ITSP as different ITSPs use different ports for media.  SIP signaling port is usually 5060 or 5061 if using encryption  either UDP or TCP, but some providers use different ports for SIP as well.

Hi all,

 

We are already in a middle of a workaround.
Hopefully this will work:

 

These ports needs to be open:

 

  • SIP, UDP & TCP on source and  destination port 5060.
  • RTP, UDP on source port 16384-32767
  • ICMP Echo, Echo-Reply, TTL-Exceeded, Packet-Too-Big (unreachable)

On the cube create access-lists to permit udp hosts to allow specific traffic coming .
To keep eveything resticted.

And apply the acces-lists to for an example port-channels.

 

 

How ever thanks all for the help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: