Port Utilization in Unified CCX

Port Utilization Table Columns

The columns in the port utilization tables in this document describe the following:

Listener (Process or Application Protocol)

A value representing the server or application and where applicable, the open or proprietary application protocol.

Listener Protocol and Port

An identifier for the TCP or UDP port that the server or application is listening on, along with the IP address for incoming connection requests when acting as a server.

Remote Device (Process or Application Protocol)

The remote application or device making a connection to the server or service specified by the protocol; or listening on the remote protocol and port.

Remote Protocol and Port

The identifier for the TCP or UDP port that the remote service or application is listening on, along with the IP address for incoming connection requests when acting as the server.

Traffic Direction

The direction that traffic flows through the port: Inbound, Bidirectional, Outbound.


Note

  • The operating system dynamically assigns the source port that the local application or service uses to connect to the destination port of a remote device. In most cases, this port is assigned randomly above TCP/UDP 1024.

  • For security reasons, keep open only the ports mentioned in this guide and those required by your application. Keep the rest of the ports blocked.

System Services Port Utilization

Table 1. System Services Port Utilization

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Protocol and Port

Traffic direction

Purpose

System Service

TCP 7

Editor

Bidirectional

- Echo for Editor

- ICM Controller

System Service

TCP 22

Bidirectional

SFTP and SSH access

Tomcat (HTTP)

TCP 80

Bidirectional

- Web access

System Service

UDP 123

Bidirectional

NTP, network time sync

SNMP Agent

UDP 161

Bidirectional

Provide services for SNMP-based management applications

Tomcat

TCP 443

Client Browser

Bidirectional

Web access

AON Management Console (AMC) Service

TCP 1090

Intracluster communication

Bidirectional

Provide RTMT data collecting, logging and alerting functionalities (AMC RMI Object Port)

AON Management Console (AMC) Service

TCP 1099

Intracluster communication

Bidirectional

Provide RTMT data collecting, logging and alerting functionalities (AMC RMI Registry Port)

DBMON

TCP 1500

Bidirectional

This is the port where the IDS engine listens for DB clients

DBMON

TCP 1501

Bidirectional

- This is an alternate port to bring up a second instance of IDS during upgrade.

- Localhost traffic only

DBL RPC

TCP 1515

Intracluster communication

Bidirectional

DBL RPC, this is used during installation to set up IDS replication between nodes

Real-Time Information Server (RIS) Data Collector service (RISDC)

TCP 2555

Intracluster communication

Bidirectional

Used by the RISDC platform service. The Real-time Information Server (RIS) maintains real-time Cisco Unified CM information such as device registration status, performance counter statistics, critical alarms generated, and so on. The Cisco RISDC service provides an interface for applications, such as RTMT, SOAP applications, Cisco Unified CM Administration and AMC to retrieve the information that is stored in all RIS nodes in the cluster.

RISDC

TCP 2556

Intracluster communication

Bidirectional

Allowed RIS client connection to retrieve real-time information

Disaster Recovery System (DRS)

TCP 4040

Bidirectional

Real-time service

Real-time service

TCP 5001

Bidirectional

SOAP Monitor

Used by SOAP to monitor the Real Time Monitoring Service and fetch the Server information for selection of specific CM devices and other such activities.

Perfmon service

TCP 5002

Bidirectional

SOAP Monitor

Used by SOAP to monitor the Performance Monitor Service for opening and closing sessions, collecting session data and fetching various other data.

Control center service

TCP 5003

Bidirectional

SOAP Monitor

Used by SOAP to monitor the Control Center Service for activities like getting the Service Status and performing service deployment.

Log Collection Service

TCP 5004

Bidirectional

SOAP Monitor

System Service

TCP 5007

Bidirectional

SOAP Monitor - a troubleshooting tool for SOAP infrastructure

DBMON (CN)

TCP 8001

Intracluster communication

Bidirectional

DB change notification port.

Tomcat (HTTP)

TCP 8080

Client Browser

Bidirectional

- Client browser trying to access any of the Administration interfaces or User Options interface.

- Web services client using RTMT, configuration APIs, and mobile supervisor applications.

Tomcat (HTTPS)

TCP 8443

Client Browser

Bidirectional

- Client browser trying to access any of the Administration interfaces or User Options interface

- Web services client using RTMT, configuration APIs, and mobile supervisor applications

- DB access via SOAP; Tomcat forwards the SOAP request to AXL

IPSec Manager daemon

TCP 8500

Bidirectional

Connectivity testing. Uses a proprietary protocol.

IPSec Manager daemon

UDP 8500

Bidirectional

Cluster replication of platform data (hosts) certificates etc. Uses a proprietary protocol.

Cisco Identity Service ( Cisco IdS)

TCP 8553

HTTPS for Cisco IdS

Unified CCX and IP IVR Port Utilization

Table 2. Unified CCX Port Utilization

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Protocol and Port

Traffic direction

Purpose

FIPPA Server

TCP 80

Intracluster communication (see table note)

Bidirectional

Used for page push to phone from the FIPPA Service

Cisco Unified CCX Socket.IO Service

TCP 12014

Bidirectional

This is the port where live-data reporting clients can connect to socket.IO server.

Cisco Unified CCX Socket.IO Service

TCP 12015

Bidirectional

This is the secure port where live-data reporting clients can connect to socket.IO server.

Informix Dynamic Server (IDS)

TCP 1504

External process like CUIC, WallBoard Client, External DB clients (like Squirrel or others for custom reporting) can connect

Bidirectional

Unified CCX database port

JTAPI Client (QBE)

TCP 2789

Unified CM

2748

Bidirectional

Provide services to CTI applications

Engine

UDP 5065

SIP gateway

Bidirectional

Communicate with SIP gateway

Notification Service

TCP 5222

Openfire/SMAC

BOSH

Bidirectional

OpenFire socket based client connection

Notification Service

TCP 5223

Finesse Server of other node in cluster

XMPP

Bidirectional

Socket based client connection between Finesse and Notification Service to pull presence information.

Cisco Identity Service Data Grid

TCP 5701

Intracluster communication

Bidirectional

Data or Service grid to manage Cisco IdS cluster nodes.

CVD

TCP 5900

CVD of other node in cluster

Bidirectional

Heartbeats between CVDs in the cluster

CVD

ActiveMQ

TCP 6161

Internal

6161

Bidirectional

Publish JMS events across JMS network connectors in the cluster

CVD

TCP 6999

Engine, Tomcat, CVD, and Editor

Bidirectional

RMI Port

Notification Service

TCP 7071

Web Browser

Bidirectional

HTTP bind

Notification Service

TCP 7443

Web Browser

Bidirectional

Secure HTTP bind

Cisco Unified Intelligence Center Tomcat (HTTP)

TCP 8081

Client Browsers

Bidirectional

Client browser trying to access the Cisco Unified Intelligence Center web interface

Cisco Finesse Tomcat (HTTP)

TCP 8082

Cisco Finesse Agent/Supervisor Desktop, Cisco Finesse Administration Console, and REST APIs

Bidirectional

HTTP port to access Cisco Finesse Tomcat web applications.
Note 
Cisco Finesse Agent/Supervisor Desktop and Cisco Finesse Administration Console accessed using port 8082 is automatically redirected to port 8445.

Cisco Unified Intelligence Center Tomcat (HTTPS)

TCP 8444

Client Browsers

Bidirectional

Client browser trying to access the Cisco Unified Intelligence Center web interface

Cisco Finesse Tomcat (HTTPS)

TCP 8445

Cisco Finesse Agent/Supervisor Desktop, Cisco Finesse Administration Console, and REST APIs

Bidirectional

Secured HTTP port to access Cisco Finesse Tomcat web applications.

Cisco Identity Service Tomcat (HTTPS)

TCP 8553

Bidirectional

Client browser trying to access the Cisco Identity Service Management web interface.

Single Sign-On (SSO) components access this interface to know the operating status of Cisco IdS.

Engine

TCP 9080

Bidirectional

- Tomcat instance used by Unified CCX engine

- Clients trying to access HTTP triggers or documents / prompts / grammars / live data

Engine

TCP 9443

Bidirectional

Secure port used by the Unified CCX engine to:

- Respond to clients trying to access HTTPS triggers

- Authenticate the live data clients

Unified CCX Engine, Cisco Mobile Supervisor

TCP 12028

Bidirectional

CTI Server

Cisco IP Voice Media Streaming application (RTP RTCP)

UDP 24576 ~ 32767

Bidirectional

- Audio media streaming

- Kernel streaming device driver

TCP 32768 ~ 61000

Bidirectional

Generic ephemeral TCP ports (see table note)

UDP 32768 ~ 61000

Bidirectional

Generic ephemeral UDP ports (see table note)

Notification Service

ActiveMQ

TCP 61616

Chat applications

Bidirectional

Notification Service — ActiveMQ OpenWire transport connector

Unified CCX

TCP 1994

Bidirectional

Unified IP IVR Cluster View Daemon (CVD)

TCP 1994

Bidirectional

Unified IP IVR Engine

TCP 5000

Unified ICM

Bidirectional

Using this port Unified ICM Subsystem listens to GED-125Clients. This port is modifiable

Table Notes

  1. Intracluster communication in the table represents communication between Unified CCX servers in a cluster.

  2. TCP Ephemeral ports are used to accept connections during Java RMI communication. Java RMI clients know which port it need to connect, because RMI first connects to RMI Registry (well-known port - 6999) and get the information which ephemeral port client need to connect to Unified

    CCX Administration page, Engine and CVD use RMI communication in CCX/IP-IVR, so TCP ephemeral port range is opened up for intracluster communication between these processes.

  3. UDP Ephemeral ports are used to receive audio/video RTP streams; so UDP Ephemeral port range is opened for incoming connections for streaming RTP media from CTI ports.

  4. Port 38983 is open only on Unified CCX systems that were upgraded from versions earlier than 9.0(1).

  5. Intracluster communication in the table represents communication between Unified IP IVR servers in a cluster.

  6. TCP Ephemeral ports are used to accept connections during Java RMI communication. Java RMI clients know which port it need to connect, because RMI first connects to RMI Registry (well-known port - 6999) and get the information which ephemeral port client need to connect to. AppAdmin, Engine and CVD use RMI communication in CCX/IP-IVR, so TCP ephemeral port range is opened up for intracluster communication between these processes.

  7. UDP Ephemeral ports are used to receive audio/video RTP streams; so UDP Ephemeral port range is opened for incoming connections for streaming RTP media from CTI ports.

Finesse Port Utilization

Table 3. Cisco Finesse Tomcat

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Protocol and Port

Traffic Direction

Notes

HTTP

TCP 80, 8082

Browser

Bidirectional

Unsecure port used for Finesse administration console, Finesse agent and supervisor desktop, Finesse Web Services, and Finesse Desktop Modules (gadgets) with the Finesse desktop.

HTTPS

TCP 443, 8445

Browser

Bidirectional

Secure port used for Finesse administration console, Finesse agent and supervisor desktop, Finesse Web Services, and Finesse Desktop Modules (gadgets) with the Finesse desktop.

Table 4. Cisco Finesse Notification Service

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Protocol and Port

Traffic Direction

Notes

XMPP

TCP 5223

Browser, agent desktop

Bidirectional

Secure XMPP connection between the Finesse server and custom third party applications.

BOSH (HTTP)

TCP 7071

Browser, agent desktop

Bidirectional

Unsecure BOSH connection between the Finesse server and agent and supervisor desktops for communication over HTTP.

BOSH (HTTPS)

TCP 7443

Browser, agent desktop

Bidirectional

Secure BOSH connection between the Finesse server and agent and supervisor desktops for communication over HTTPS.

Table 5. Primary and Secondary Node Communication

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Protocol and Port

Traffic Direction

Notes

XMPP

TCP 5222

Bidirectional

The primary and secondary Finesse servers use this XMPP connection to communicate with each other to monitor connectivity.

Third-Party (External) Web Server

Note

Gadgets hosted on a third-party (external) web server are fetched through the Finesse server on the port exposed by said web server.

Unified Intelligence Center Port Utilization

Table 6. Web Requests to Cisco Unified Intelligence Center and Operation Administration Maintenance and Provisioning (OAMP)

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Protocol and Port

Traffic Direction

Notes

Unified Intelligence Center

TCP 8081

Browser

HTTP - Unified Intelligence Center

TCP 8444

Browser

HTTPS - Unified Intelligence Center

Table 7. Intracluster Ports Between Cisco Unified Intelligence Center

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Protocol and Port

Traffic Direction

Notes

CUIC Reporting Process

UDP 54327 (Multicast)

Unified Intelligence Center node

Hazelcast Discovery

CUIC Reporting Process

TCP 57011

Unified Intelligence Center Node

Hazelcast

For more information on other port usages, see: http://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-callmanager/products-maintenance-guides-list.html