QOS Network Planning - TCP/UDP Ports used in CWMS 2.5 MDC deployment

Similar Messages

• TCP/UDP Ports and site used by FEP to download updates - needed to allow on perimeter firewall

  Can some one point me with information like what TCP/UDP ports are utilized by FEP and what DNS / site Name it uses to download FEP Updates. This is needed to tighten perimeter FireWall policies
  Thank you

  It should be the same as the documentation for all Software Updates:
  https://technet.microsoft.com/en-us/library/bcf8ed65-3bea-4bec-8bc5-22d9e54f5a6d#BKMK_ConfigureFirewalls
  Make sure to expand the "restrict access to specific domains" section to see the update related URLs.

• CTC TCP/UDP Ports numbers

  Does anyone know the TCP/UDP Port numbers that have to be opened up when using NAT, this is what I have:
  CTC PC >>>>>>>>>>> ROUTER >>>>>>>>>>>ONS15454
  The CTC PC and the ONS are on different IP Networks so I'm the router to translate from one to the other with NAT, configured the ONS15454 to use Socks.
  I used to have a document that explained this but I've lost it.
  THanks
  Chris

  Hi Chris.
  I see you already have provisioned the node for SOCKS Proxy.  If you want to be able to still have IP connectivity (for ping or telnet) to the ENE's, then enable the SOCKS Proxy Only option.  The SOCKS Proxy needs to be provisioned on the LAN connected 15454 at the very least.  You can also go to the CTC drop down menu:  Edit -> Preferences -> Firewall and change the port from being variable to static default.  That will further restrict the ports that are used by CTC.  This should resolve any intermittent connectivity issues in CTC if it is being caused by a firewall.
  www.cisco.com/en/US/docs/optical/15000r9_1/15454/sonet/reference/guide/454a91_nwconnectivity.html#wp42216
  "If  you launch CTC against a node through a Network Address Translation  (NAT) or Port Address Translation (PAT) router and that node does not  have proxy enabled, your CTC session starts and initially appears to be  fine. However, CTC never receives alarm updates and disconnects and  reconnects every two minutes. If the proxy is accidentally disabled, it  is still possible to enable the proxy during a reconnect cycle and  recover your ability to manage the node, even through a NAT/PAT  firewall."
  Lastly, to answer your question directly below is a link to the list:
  www.cisco.com/en/US/docs/optical/15000r9_1/15454/sonet/reference/guide/454a91_nwconnectivity.html#wp59962
  Table 14-6 Ports Used by the TCC2/TCC2P
  Thanks,
  Will

• What TCP/UDP ports need to be open for VPN Client version 4.8?

  What TCP/UDP ports need to be open for Cisco VPN Client version 4.8 to work?
  Thanks,

  Normally, you need the following ports and protocol :
  UDP 500
  UDP 4500
  ESP
  In case, you are using IPSec over TCP you have to open, TCP port 10000 or any other port you want to use for IPSec connections (Its configurable).
  -Kanishka

• Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplayer?

  Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplaer to operate properly? This would include updating, linking, and any subset of features.

  The Acrobat Family uses TCP HTTP/HTTPS for all traffic. The following processes and ports may be active on a Windows client machine:
  AdobeARM.exe - automatic updates - port 443
  AcroRd32.exe - brand messages - port 443
  AcroRd32.exe - links in documents - anything specified in the URL
  Acrobat.exe - brand messages - port 443
  Acrobat.exe - links in documents - anything specified in the URL
  AdobeCollabSync.exe - Tracker review data - port 443
  The same ports are used by the  program components on OS X.
  There are no inbound listening ports for any elements of the Acrobat Family. Automatic updates are not pushed and there are no server processes within the software.

• TCP/UDP Port Utilization question for CCX 8.5

  Greetings,
  I have gone through the CCX 8.5 TCP/UDP port utilization guide.
  http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_8_5/configuration/guide/uccx851pug.pdf
  I always do this as a matter of practice and I had a question concerning Java RMI ports. In the guide there is an ephemeral range TCP:32768-61000 that is used for Java RMI. Based on the context clues in the footnote this is an intra-cluster communication between processes running on CCX. This jives with ACLs I have built for previous versions.
  The hang up I have is that Table 1 (page 6) of the guide shows that one of the remote devices is "Editor". I take this to mean CRS Editor, which can run on a desktop in the environment. I want to keep the ACL as trim as possible, so I don't want to open up the TCP ephemeral range unnecessarily. So, I guess my question is:
  When that document refers to "Editor" do they mean that the CRS Editor is communicating using the referenced ports? Or is there a server-side process called Editor listening on those ports. The shift in how I apparently have to account for RMI is causing me to question.
  Thanks in advance,
  Bill

  I followed the port guide, but am still having issues connecting to the editor from my workstation with my access-list in place.
  When I remove the ACL the editor connects and I can do reactive debugging. The ACL breaks this.
  Followed this
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_9_02/configuration/guide/UCCX_BK_P89325D5_00_port-utilization-guide-uccx-902.pdf
  Does anyone have a sample acl that works?

• Should I block TCP/UDP ports 135 to 139 on my router?

  For the sake of Internet and Desktop security should I block TCP/UDP ports 135 to 139 both ways at all times on my router?  This seems to be recommended for Windows environments. Does Mavericks need these ports for its proper operation?  When tested, ports 135, 137,18 show as closed whereas all other ports are Stealth.  Ideally, they should all be Stealth.

  Have a read here: http://securityspread.com/2013/07/26/firewall/
  Stealth is just as good as closed, some would argue that stealth is just as much of a giveaway of the port being present as it being closed.
  The specific ports you mention pose no risk to OS X as far as I am aware.

• Special QoS config on the witch port used for unity ?

  Hi, I'm actually tunning my qos config and I want to know if you apply a special Qos Config on the sowth port used by unity.
  Thanks

  The following document talks about QoS config for Unity Express. You can use the same appropriately for Unity too.
  http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_installation_guide_chapter09186a0080527151.html

• TCP/UDP ports between Cisco PI 2.0 and WLC5508

  Hello,
  I will install Cisco PI 2.0 behind a firewall for security reason. The WLC5508 is before a firewall. Can anybody let me know which TCP/UDP ports need to be open specifically between the Cisco PI and WLC? I don't see that from the below link.
  Cisco Prime Infrastructure 2.0 Quick Start Guide
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/quickstart/guide/cpi_qsg.html#wp46865
  Thanks,
  Robert

  Firewall Between the WCS and Controller or WCS and the WCS User Interface
  When a PI server and a PI user interface are on different sides of a firewall, they cannot communicate unless these ports on the firewall are open to two-way traffic:
  80 (for initial http)
  69 (tftp)
  162 (trap port)
  443 (https)
  Open these ports in order to configure your firewall to allow communications between a PI server and a PI user interface.
  Regards
  Dont forget to rate helpful posts

• TS1629 Apple destination ip addresses for well known TCP and UDP ports used by Apple software products

  I work for a large enterprise organisation with dual layer firewalls. The Apple article titled "allowing well known ports through the firewall "does not provide enough information on what the destination ip addresses of Apple servers are which host Apple ICloud services.
  Does anyone have information on the destination Apple Ip addresses? So that I can lock down my firewall rules, just so that Apple devices, access Apple services on the Internet.
  Many thanks

  One option is to use "connection-reuse" cli under sip-ua configuration mode.
  sip-ua
    connection-reuse
  This will enable the 7200 to create a connection with source and destination udp port number set to 5060. This feature is available in IOS 12.4(25d) which requires minimum of 256 / 512MB DRAM (depends on the feature set) and flash of 48 MB.

• Checking TCP/UDP ports!

  What's up everybody,
  Does anyobody know how to check if a port is open? (tcp/udp)
  thanks!
  matio,

  Welcome to the forums.
  Common Mac OS X tools used here include Network Utility, lsof, and telnet and ping, and dns-sd and ping for Bonjour and mDNS, depending on details are sought.
  (With the Windows entries from your footer, various of these tools and equivalents are what can be obtained by loading Cygwin or by loading Microsoft's SUA/SFU tools, and with some add-ons. PowerShell might or does have analogs here, but the old MS-DOS shell was pretty limited in what diagnostics were available without additions. There was telnet and ping, but some other bits were missing.)
  Add-on tools include nmap. (nmap is a fairly gonzo-useful tool for this sort of thing.)
  telnet works nicely for brute-force port tests on the LAN.
  And FWIW, if those public web site tools do work and if you're on your own LAN, then definitely also consider checking the settings of and consider upgrading the LAN security. Those tools and those web sites should be blocked by default by the firewall or the gateway device found on most any LAN; whether that's a low-end NAT device, a server-grade firewall, or otherwise.

• Does adding tcp udp ports on the nat exempt accesslist which is binded to nat 0 statement remove the entire nat 0 statement itself?

  Hi Experts,
  Is the above statement true?. I learnt later that adding tcp and udp ports on the nat 0 statements are supported . But does it take away the entire nat statement? Please answer my question at the earliest.
  Regards
  Krishna

  Krishna,
  "NAT exemption (nat 0 access-list command)—NAT exemption allows both translated and remote hosts to initiate connections. Like identity NAT, you do not limit translation for a host on specific interfaces; you must use NAT exemption for connections through all interfaces. However, NAT exemption does enable you to specify the real and destination addresses when determining the real addresses to translate (similar to policy NAT), so you have greater control using NAT exemption. However unlike policy NAT, NAT exemption does not consider the ports in the access list. NAT exemption also does not support connection settings, such as maximum TCP connections."
  Reference
  So, since the documentation clearly says that this rule does not consider any ports in the ACL, then one should not be testing unsupported configurations.
  If one adds an ACL with specific ports, then unexpected results may be expected.
  My suggestion, dont add any ACL entry with specific ports to your NAT exempt statement.
  Thanks.
  Portu.
  Please rate any helpful posts

• Change UDP ports used by SVE

  Hello all,
  I have recently installed a piece of hardware which transmits information to UDP port 6001 on my computer. Some software then runs on the computer listens to this port in order to detect the hardware.
  However, LabVIEW shared variable engine seems to use the same port. On the computer in question the port is used by NITaggerService (National Instruments Variable Engine).
  One solution is to stop this service - this works and allows the software to detect the hardware. However, eventually, I want to run this hardware alongside LabVIEW (indeed, LabVIEW will communicate with the hardware), so this is not a desirable solution.
  http://www.ni.com/white-paper/12402/en suggestst that UDP ports 6000-6010 are used by Shared Variables and Network Streams, which is consistant with the service identified above. It suggests that these ports are fixed, however, I have noticed that on different computers, port 6001 is used by a different NI Service (e.g. on another computer, it is used by lkTimeSync (National Instruements Time Synchronization) ), suggesting that there is /some/ flexibility. In addition, not all the ports from 6000-6010 are used in practice, suggesting that it might be possible to use another port in the range 6000-6010 rather than 6001.
  Does anyone know how to force NI SVE to use a different range of UDP port, or at least to not use 6001?
  All the best
  James Polyblank

  Hi James,
  It is not possible to pre-define which ports the NI services should use. One way to get around this would be to have these services not auto start on windows launch and manually start it once your other software has established communication with the hardware through UDP port 6001.
  You have taken the first step in this direction by stopping the service. After the hardware has been detected (on port 6001), restart the NITaggerService that you stopped. This will automatically start the service on a port that is free and available.
  Try this and see if it works. You can also try starting the service automatically from your labview application using 'System Exec.vi' .
  Thanks and Regards,
  Supreeth.K
  Applications Engineer
  NIUK

• 10.6.5 firewall blocking udp ports used by ethernet MFC printer

  Hi All, is there any way to apply a custom rule to allow access through the 10.6.5 firewall for a couple of UDP ports? I am trying to enable scanning from the front panel on a Brother MFC990CW with static IP on our local net (adsl router) and the printer docs specify up to 3 ports to be opened. Have played with IPFW via term but my rule attempts are not having any impact. Also unable to find log location where firewall activity is logged.
  Would appreciate any tips.
  Happy New Year

  HI Michalien,
  happy new years eve
  have you tried adding the Image Capture Utility to the firewall? It Should open the port for you.
  system preferences, security, advanced button, + button
  navigate to Macintosh HD, Applications, Image Capture (witch handles most scanning in 10.6)
  You may also need to add the cannon scan utility as well.

• Measuring performance tcp udp connection using java

  ho
  find t answers for these questions ..
  1. Is it possible to set some upper cut off for the data rate or transmission rate in TCP or UDP ?
  2. IF true, get t source code for t same ?
  3. is it possible to measure t data rate of a TCP or UDP connection ?
  4. get t compl source code for broadcasting using java ?
  sry im learning to use java sry if my questions are rookie and absurd . .
  pl bear wit me . .
  thank u in advance . .
  bye bye

  hi ebj and kayaman ,
  thanks for the reply for my first question . .
  "No, but you can limit the receive window which can have a similar effect."
  my second question was ...
  can help me out by giving the java code for the first question`s solution ?
  and my third question ...
  Is it possible to measure the throughput / transmission rate in which the udp or tcp transfer is taking place ??
  i think i ve made myself clear to you guys ..