IP Protocols and Ports
Standard Protocols
Apart from standard TCP/IP network protocols like ICMP, TCP, the following protocols are used by the MX-ONE.
The table of ports and protocols is not complete or definitive, but covers voice connectivity. Additional optional applications or service may add other ports and protocols. See the particular application’s documentation for details.
The column marked Firewall indicates that the port should be open if a firewall and NAT is used. Y = port should be open, (Y) = port should be open if the involved entities are at different sides of the firewall.
|
Service |
Direction |
Usage |
Protocols and Ports |
Firewall |
Notes |
|---|---|---|---|---|---|
|
ARP |
MX-ONE Server> Network |
Gratuitous ARP used by standby-server to update IP address ownership. |
- |
- |
Address Resolution Protocol (for IPv4), defined by RFC 826 |
|
CLDAP |
MX-ONE Server> Domain Controller |
Used to connect, search, and modify shared information |
UDP 389 |
Y |
Used in AD authentication |
|
CSTA Phase-III (without TLS) |
XML client> MX-ONE Server or WebService client> MX-ONE Server |
Third-party call control via the CSTA Phase-III interface |
Configurable. Defaults are TCP 8080/80 for Web Service based client and TCP port 8882 for XML based client. TCP port 5062 for TR87. |
Y |
A standard version of the CSTA protocol is used between the MX-ONE XML or Web Service application suite for third party call control. ASN.1 is no longer supported. TR87 = CSTA III transported on SIP. Both IPv4 and IPv6 are supported. |
|
CSTA Phase-III (with TLS) |
XML client> MX-ONE Server or Web Service client> MX-ONE Server |
Third-party call control via the CSTA Phase-III interface |
Configurable. Defaults are TCP 8080/80 for Web Service based client and TCP port 8883 for XML based client. |
Y |
A standard version of the CSTA protocol is used between the MX-ONE XML or Web Service application suite for third party call control. ASN.1 is no longer supported. TR87 = CSTA III transported on SIP. Both IPv4 and IPv6 are supported. Web Service only supports TLS 1.0. |
|
DCERPC |
MX-ONE Server> Domain Controller |
Provides a way for a program running on one host to call procedures in a program running on another host. |
TCP 445 |
Y |
Used in AD authentication |
|
DHCP |
IP phones> DHCP Server |
To provide the IP address to the telephone, but also the IP address to the HTTP server that holds the configuration data and the firmware files used in the terminals. (Client Side) |
- |
Y |
- |
|
DNS |
SIP phones> DNS Server SIP clients> DNS Server MX-ONE Server> DNS Server |
To find a registrar and zone information |
TCP/UDP 53 |
Y |
The SRVREC file is stored in the DNS server. MX-ONE: fetching zone information from DNS MX-ONE: The DNS forwarder server(s) must support DNSSEC. |
|
H.225.0 RAS |
MX-ONE> VoIP Clients |
Registration and Admission to make/receive calls. To send Status and Quality Reports to the MX-ONE. IPv4 is supported. |
UDP 1718 (GK discovery) UDP 1719 TCP/TLS 3727 |
Y |
H.225.0 RAS is not used in the IP trunking service. |
|
H.225.0 Q.931 |
All H.323 based devices> MX-ONE Server |
To set up and tear down different media sessions (voice calls) between all H.323-based communication devices. It is also used in IP trunking service to transfer QSIG data. IPv4 is supported. |
TCP 1720 (IP trunk, listening mode) TCP 1722 (IP extension, listening mode) TCP 32768-60999 (gateway client mode)*1 TCP 1024-5000 (IP extension client mode)*2 TCP/TLS 1300 TLS 1300 (IP extension, listening mode). TLS 1301 (IP trunk, listening mode). |
Y |
*1) The range is defined by the operating system (Linux) and can be changed by command. Note the change in SLES12. *2) The range is defined by the operating system (VxWorks in the phones). |
|
H.245 Media |
All H.323 based devices/end-points> MX-ONE MGW |
To exchange data about possible media configurations for a particular call. IPv4 is supported. |
Dynamically allocated TCP 17002-19492 (IP extension, listening mode) TCP 24002-26492 (IP trunk, listening mode) TCP 32768-60999 (gateway, client mode)*1 TCP 1390-1396 (IP phone) |
Y |
*1) The range is defined by the operating system (Linux) and can be changed by command. Note the change in SLES12. |
|
HTTP / HTTPS |
IP phones> Mitel IP Phone SW Server MGU> Mitel IP Phone SW Server |
HTTP is used to upload the configuration data and the firmware files to IP phones and IP clients. HTTPS is used for Web-based management. (Client and Server side). |
80 443 |
Y |
The ports used by the Web interface of the MX-ONE Service Node Manager can be configured to be different from the standard ones for this kind of services (80/443). This has to be considered when configuring the application and the network devices. In the latter case, NAT-boxes, firewalls and other similar devices must be configured to allow traffic flowing through the configured ports. |
|
HTTP/HTTPS |
MX-ONE Provisioning Manager |
The new modernized end user portal runs on Tomcat Server and uses microservices. |
8088, 8761,9000,9010, 9011, 9012,9013, 9100 and 9101 |
- |
The new modernized PM end user portal is designed to have microservices and Docker is used for containerization. Every service is running on a different port. Swagger spec is accessed on an individual port. HTTP and HTTPS are accessed on different ports. |
|
HTTPS |
Mitel Mobile Client> MX-ONE Service Node Manager |
Mitel Mobile Client signals it's extension number and called B-number to MX-ONE Service Node Manager. |
9443 |
Y |
- |
|
ICMPv6 |
MX-ONE Server<> MX-ONE Server |
Used by SLAAC to obtain IPv6 addresses for the servers. Also used by standby-server to update IP address ownership. Multicast addresses: FF02::1 and FF02::2 |
- |
- |
Internet Control Message Protocol version 6, according to RFC 4443. Not used for auto-configuration. Used initially by MX-ONE to find network addresses, but then turned off. |
|
IPsec |
MX-ONE Server <> MX-ONE Server MX-ONE Server <> MGU |
Encapsulate SCTP packets |
UDP/500 ESP |
Y |
Using IPsec to encapsulate SCTP packets between SN/SN and SN/MGU communications. |
|
KRB5 |
MX-ONE Server> Domain Controller |
Protocol for authenticating service requests between trusted hosts across an untrusted network. |
TCP/UDP 88 |
Y |
Used in AD authentication |
|
LDAP |
MX-ONE Server> Domain Controller |
Used to connect, search, and modify shared information. |
TCP 389 |
Y |
Used in AD authentication |
|
LSARPC |
MX-ONE Server> Domain Controller |
A set of calls, transmitted with RPC, to a system. |
TCP 445 |
Y |
Used in AD authentication |
|
MSCML |
MX-ONE Server> MX-ONE Media Server |
- |
- |
- |
See SIP (MSCML). |
|
mxone_ db.service |
MX-ONE Server> mxone_db.service |
Communication between servers. |
TCP 9042 and 7001 |
Y |
Cassandra database |
|
NDP |
MX-ONE Server> Network |
Used by SLAAC to obtain IPv6 addresses for the servers. |
- |
Y |
Neighbor Discovery Protocol (replaces and enhances ARP). |
|
NTP |
MX-ONE Server> Network |
To update the system time in a controlled manner (Client side). |
TCP/UDP 123 |
Y |
Network Time Protocol. For information on improving NTP performance, refer to the high-accuracy timing guidelines in RFC 4594, Configuration Guidelines for DiffServ Service Classes. |
|
Postgres |
MX-ONE Server<> MX-ONE Server |
For internal use. Blocked for incoming connections. |
TCP/UDP 5432 |
- |
- |
|
RPC_ NETLOGON |
MX-ONE Server> Domain Controller |
Used primarily to maintain the relationship between a machine and its domain. |
TCP 445 |
Y |
Used in AD authentication |
|
RTP/ RTCP |
MX-ONE Media Gateways> VoIP clients |
For media transmission. (Both Client and Server side) |
UDP Define a suitable port range for security and capacity reasons for sending rtp/rtcp packets over a network with proxies and firewalls. |
Y |
See the media_gateway_ interface command. Minimum 200 consecutive media ports are required, and they must of course not collide with ports used by other applications. The number of media ports shall be twice the number of RTP resources supported by the gateway type. |
|
RTP/ RTCP |
H.323 VoIP Client> H.323 VoIP Client H.323 VoIP Client> MX-ONE Media Gateway |
For media transmission. (Both Client and Server side) |
UDP 16986-17012 (RTP, IP phones) UDP 16987-17013 (RTCP, IP phones) |
Y |
- |
|
RTP/ RTCP |
MX-ONE Server> SIP phones |
Protocol for media streaming on idle SIP terminal. |
UDP 60000 |
Y |
Only Mitel SIP 6800 and later phones models. Default is port 60000, but can be configured. See streaming_ data command. |
|
For media transmission. (Both Client and Server side) |
UDP 3000 |
- |
- |
||
|
SAMR |
MX-ONE Server> Domain Controller |
Specifies the Security Account Manager (SAM) Remote Protocol (Client-to- Server), which supports printing and spooling operations. |
TCP 445 |
Y |
Used in AD authentication |
|
SIP |
MX-ONE Server<> Voip clients/phones |
Signaling protocol for Internet conferencing, telephony, presence, CSTA via SIP (TR87), events notification and instant messaging. Both IPv4 and IPv6 are supported. |
TCP/UDP 5060 TCP/TLS 5061 TR87: 5062 The source port ranges vary depending on type of SIP end-point. So, see the Administrator Guide for the used SIP end-points. For example, Mitel 6800/6900 SIP phones, TCP source ports vary if TLS is used (49152...65535). |
Y |
See also CSTA Ph. III regarding TR87 Regarding XML, see Proprietary protocols. |
|
SIP |
SIP phones/clients<> MX-ONE Server MX-ONE SIP trunks<> Network |
Signaling protocol for Internet conferencing, telephony, presence, CSTA via SIP (TR87), events notification and instant messaging. Both IPv4 and IPv6 can be supported. |
TCP/UDP 5060 TCP/TLS 5061 TR87:5062 The source port ranges vary depending on type of SIP end-point. So, see the Administrator Guide for the used SIP end-points. For example, Mitel 6800/6900 SIP phones, TCP source ports vary if TLS is used (49152...65535). |
Y |
See also CSTA Ph. III regarding TR87 Regarding XML, see Proprietary protocols. |
|
SIP (MSCML) |
MX-ONE Server> MX-ONE Media Server |
Signaling protocol for Media Streaming Control Markup Language and Protocol. Used for media streaming functions via Media Server. Both IPv4 and IPv6 are supported. |
UDP 5090 |
Y |
See RFC 5022 for MSCML. See the media_server command for details. |
|
SMB |
MX-ONE Server> Domain Controller |
Protocol that enables users to communicate with remote computers and servers. |
TCP 445 |
Y |
Used in AD authentication |
|
SMB2 |
MX-ONE Server> Domain Controller |
Protocol that enables users to communicate with remote computers and servers. |
TCP 445 |
Y |
Used in AD authentication. Re-design of SMB protocol. |
|
SMTP |
MX-ONE Server> Network |
Feature based license usage reporting |
TCP 25 |
Y |
- |
|
SNMP |
MX-ONE Server> Network MitelMiCollab AdvancedMessaging> Network |
For exchange of management information between network devices |
UDP 161 |
Y |
- |
|
SNMP Trap |
MX-ONE Server> Network MitelMiCollab AdvancedMessaging> Network |
For exchange of management information between network devices |
UDP 162 |
Y |
- |
|
SSH |
MX-ONE server<> Network |
Can be used to run a remote session on a computer, over a network and perform common management operations. |
TCP 22 |
Y |
- |
|
WAP |
MX-ONE Server> VoIP Client/phone |
For display feature services and state information handling. (Server Side) |
UDP 9200 ESSP |
Y |
For H.323 and DECT extensions. |