Connecting to CMS through a Firewall

[inkfid]

Does anyone have a list of definitive ports that the CMS uses to communicate to the C-Lans?
Within our organisation, as i imagine many others are, we have remote sites connecting back to a central CMS server.
We are trying to build firewall rules to the CMS so that we only allow what we need.
There is no documentation anywhere that I can find that describes what ports are used and the directin of the traffic.

If anyone has anything it would help loads.
We even tried through our direct Avaya contacts and have had no luck?!

 

[phoneguy55]

I think it is just telenet port 23 to the ip address of your cms server. I think that is it.

 

[nohuhu]

inkfid,

23/tcp (telnet) for cms r12 and lower, r13 can optionally use 22/tcp (ssh).

 

[inkfid]

HI Thanks for this. But what I am actually looking for are the ports/servioces that it uses to transfer the data across. Telnet port is used for the supervisor access. The data tranfers goes over on whatever port you configure i.e 5199 then i'm told anything random up to 60,000?!
It's these and the services - TCP/UDP/RPC etc that i'm looking for.

 

[nohuhu]

inkfid,

do a 'disp comm proc' and see the line with 'mis' application type. take a look at 'port' field and you'll get the port number that definity uses to connect to cms. it's a plain tcp link, nothing special and no additional ports are used.

 

[dandi1]

I would like to know, did you manage OK behind the firewall?

 

[d3finity]

Port Name Description
TCP/20 ftp-data Ftp data channels
TCP/21 ftp FTP daemon
TCP/22 ssh Secure Shell daemon
TCP/23 telnet Telnet daemon
TCP/25 smtp SMTP mail forbackups/notifications
TCP/53 dns DNS server
TCP/80 http HTTP Web Server
TCP/513 login Remote login daemon (used during b
TCP/1956 IPSI commands telnetenable, resetipsi, loadipsi
TCP/5005 def-bo Definity Border API
TCP/5010 pcd Packet Control Driver for PKT-INT
TCP/5011 ipsivsn IPSI version port
TCP/5012 ipsilic IPSI license port
TCP/5023 def-sat Definity SAT telnet daemon
TCP/5100 ecs-gmm GMM management requests
TCP/6010 ecs-watchd Platform Watchdog requests
TCP/6011 ecs-watchdp Platform Watchdog requests
TCP/9000 ecs-ddb Definity debugger daemon
TCP/12080 dupmgr Duplication Manager
UDP/161 snmpd SNMP MIB sets/gets
UDP/1332 ecs-arb Arbitration requests

 

[multibus2]

For the MIS link yes you define a port on the both the CMS and in the com pro form on the Definity. This port is really just a listening port, after the port is connected data traffic is then routed via any of the ephemral port range. Now as you cannot define a port range which the MIS traffic will go over, if a firewall is used to block ports and the Definity/CMS trys to send data over a blocked port on the firewall, Definity/CMS will just balk and try to restart the link.
I suspect that it was never conceived that the Definity or CMS would have a firewall between them rather they would both be the same side of the firewall.

"Been there, done that and got the teeshirt