Port Utilization Table Columns

The columns in the port utilization tables in this document describe the following:

Listener (Process or Application Protocol)

A value representing the server or application and where applicable, the open or proprietary application protocol.

Listener Protocol and Port

An identifier for the TCP or UDP port that the server or application is listening on, along with the IP address for incoming connection requests when acting as a server.

Remote Device (Process or Application Protocol)

The remote application or device making a connection to the server or service specified by the protocol.

Remote Port

The remote port is used to make an outgoing connection to the corresponding listener port.

Traffic Direction

The direction that traffic flows through the port: Inbound, Bidirectional, Outbound.


Note

  • The operating system dynamically assigns the source port that the local application or service uses to connect to the destination port of a remote device. In most cases, this port is assigned randomly from unused ports in the ephemeral port range 1024 - 65535.

  • For security reasons, keep open only the ports mentioned in this guide and those required by your application. Keep the rest of the ports blocked.

Unified CCE and Packaged CCE Port Utilization

This table includes information for Unified CCE and CTI OS.

Some port definitions use a formula. For example:

TCP 40007 + (Instance Number * 40)

In this example, instance 0 uses port 40007, instance 1 uses port 40047, instance 2 uses port 40087, and so on.


Note

In the following table, PG1, PG2, and PG3 are not specific PG numbers or DMP IDs. They are the order in which the PGs get installed.


Note

This document does not include the Enterprise Chat and Email (ECE) port details. For more information on ECE ports, see the ECE documentation at: https://www.cisco.com/c/en/us/support/customer-collaboration/cisco-enterprise-chat-email/tsd-products-support-series-home.html.

Table 1. Unified CCE Port Utilization: Routers, PGs, Administration & Data Servers, and Loggers

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Port

Traffic Direction

Notes

Router (side B) (MDS)

Private low:

  • TCP 41004 + (instance number * 40)

Private medium:

  • TCP 41016 + (instance number * 40)

Private high:

  • TCP 41005 + (instance number * 40)

State Xfer for CIC:

  • TCP 41022 + (instance number * 40)

State Xfer for HLGR:

  • TCP 41021 + (instance number * 40)

  • TCP 41032 + (instance number * 40)

State Xfer for RTR:

  • TCP 41020 + (instance number * 40)

UDP 39500-39999

State Xfer for DBAgent:

  • TCP 41033 + (instance number * 40)

Router (side A) (MDS)


Bi-directional

Private network at the central controller site

Note

 

UDP ports are not used, if QoS is enabled on the router private interface.

Router (side B) (MDS)

MDS process port

TCP 41000

MDS process client


Bi-directional


Router (side B) (MDS)

MDS state transfer port

TCP 41001

MDS process client (synchronized)


Bi-directional


Router (side A and B) (DB Worker)

DB Worker process port

UDP 445

DB Worker process client


Bi-directional


ICM PG1 (side A and B) (pgagent)

TCP 43006 + (instance number * 40)

ICM PG1 (Opposite Side: A or B) (pgagent)


Bi-directional

Public network (test-other-side)

ICM PG2 (side A and B) (pgagent)

TCP 45006 + (instance number * 40)

ICM PG2 (Opposite Side: A or B) (pgagent)


Bi-directional

Public network (test-other-side)

ICM PG3 (side A and B) (pgagent)

TCP 47506 + (instance number * 40)

ICM PG3 (Opposite Side: A or B) (pgagent)


Bi-directional

Public network (test-other-side)

ICM PG1 (side A and B) (MDS)

  • Private low:

    TCP 43004 + (instance number * 40)

  • Private medium:

    TCP 43016 + (instance number * 40)

  • Private high:

    TCP 43005 + (instance number * 40)

  • State Xfer for OPC:

    TCP 43023 + (instance number * 40)

UDP 39500-39999

ICM PG1 (Opposite Side: A or B)


Bi-directional

Private network

Note

 

UDP ports are not used, if QoS is enabled on the ICM PG private interface.

ICM PG2 (side A and B) (MDS)

  • Private low:

    TCP 45004 + (instance number * 40)

  • Private medium:

    TCP 45016 + (instance number * 40)

  • Private high:

    TCP 45005 + (instance number * 40)

  • State Xfer for OPC:

    TCP 45023 + (instance number * 40)

UDP 39500-39999

ICM PG2 (Opposite Side: A or B)


Bi-directional

Private network

Note

 

UDP ports are not used if QoS is enabled on the ICM PG private interface.

ICM PG3 (side A and B) (MDS)

  • Private low:

    TCP 47504 + (instance number * 40)

  • Private medium:

    TCP 47516 + (instance number * 40)

  • Private high:

    TCP 47505 + (instance number * 40)

  • State Xfer for OPC:

    TCP 47523 + (instance number * 40)

UDP 39500-39999

ICM PG3 (Opposite Side: A or B)


Bi-directional

Private network

Note

 

UDP ports are not used if QoS is enabled on the ICM PG private interface.

ICM PG1 (side B) (MDS)

MDS process port

TCP 43000

MDS process client


Bi-directional


ICM PG1 (side B) (MDS)

MDS state transfer port

TCP 43001

MDS process client (synchronized)


Bi-directional


ICM PG2 (side B) (MDS)

MDS process port

TCP 45000

MDS process client


Bi-directional


ICM PG2 (side B) (MDS)

MDS state transfer port

TCP 45001

MDS process client (synchronized)


Bi-directional


ICM PG3 (side B) (MDS)

MDS process port

TCP 47500

MDS process client


Bi-directional


ICM PG3 (side B) (MDS)

MDS state transfer port

TCP 47501

MDS process client (synchronized)


Bi-directional


Router (side A) (MDS)

Private low:

  • TCP 41004 + (instance number * 40)

Private medium:

  • TCP 41016 + (instance number * 40)

Private high:

  • TCP 41005 + (instance number * 40)

State Xfer for CIC:

  • TCP 41022 + (instance number * 40)

State Xfer for HLGR:

  • TCP 41021 + (instance number * 40)

  • TCP 41032 + (instance number * 40)

State Xfer for RTR:

  • TCP 41020 + (instance number * 40)

UDP 39500-39999

State Xfer for DBAgent:

  • TCP 41033 + (instance number * 40)

Router (side B) (MDS)


Bi-directional

Private network at the central controller site

Note

 

UDP ports are not used if QoS is enabled on the router private interface.

Router (side A) (MDS)

MDS process port

TCP 40000

MDS process client


Bi-directional


Router (side A) (MDS)

MDS state transfer port

TCP 40001

MDS process client (synchronized)


Bi-directional


ICM PG1 (side A) (MDS)

MDS process port

TCP 42000

MDS process client


Bi-directional


ICM PG1 (side A) (MDS)

MDS state transfer port

TCP 42001

MDS process client (synchronized)


Bi-directional


ICM PG2 (side A) (MDS)

MDS process port

TCP 44000

MDS process client


Bi-directional


ICM PG2 (side A) (MDS)

MDS state transfer port

TCP 44001

MDS process client (synchronized)


Bi-directional


ICM PG3 (side A) (MDS)

MDS process port

TCP 46000

MDS process client


Bi-directional


ICM PG3 (side A) (MDS)

MDS state transfer port

TCP 46001

MDS process client (synchronized)


Bi-directional


Router (side A) DMP (ccagent)

  • Public low:

    TCP 40002 + (instance number * 40)

  • Public medium:

    TCP 40017 + (instance number * 40)

  • Public high:

    TCP 40003 + (instance number * 40)

UDP 39500-39999

ICM PG (pgagent)


Bi-directional

Public network connecting the PG to the central controller

Router to pre-5.0 PG communication.

Note

 

UDP ports are not used if QoS is enabled on the ICM PG private interface.

Router (side B) DMP (ccagent)

  • Public low:

    TCP 41002 + (Instance Number * 40)

  • (instance number

    Public medium:

    TCP 41017 + (instance number * 40)

  • Public high:

    TCP 41003 + (instance number * 40)

UDP 39500-39999

ICM PG (pgagent)


Bi-directional

Public network connecting the PG to the central controller

Router to pre-5.0 PG communication.

Note

 

UDP ports are not used if QoS is enabled on the ICM PG private interface.

Router A (rtfeed)

TCP 40007 + (instance number * 40)

Administration & Data Server


Bi-directional

Real-time feed

Router B (rtfeed)

TCP 41007 + (instance number * 40)

Administration & Data Server


Bi-directional

Real-time feed

Logger (side A)

TCP 40026 + (instance number * 40)

TCP 40028 + (instance number * 40)

Administration & Data Server Historical Data Server (HDS)


Bi-directional

Replication

Logger (side A)

TCP 40032 + (instance number * 40)

Dialer and Import


Bi-directional

Campaign Manager EMT port to Dialer

Logger (side B)

TCP 41026 + (instance number * 40)

TCP 41028 + (instance number * 40)

Administration & Data Server Historical Data Server (HDS)


Bi-directional

Replication

Logger (side B)

TCP 41036 + (instance number * 40)

Dialer and Import


Bi-directional

Campaign Manager EMT port to Dialer

Primary Administration & Data Server (rtfeed)

TCP 48008 + (instance number * 40)

Administration client


Bi-directional

Real-time feed

Secondary Administration & Data Server (rtfeed)

TCP 49008 + (instance number * 40)

Administration client


Bi-directional

Real-time feed

Contact Sharing

TCP 61616

Active MQ for Live Data

TCP 61616

Bidirectional


CICM Router (side A) (INCRPNIC)

UDP 40025 + (instance number * 40)

NAM Router (CIC)


Bi-directional

Public network connecting the NAM to the CICM

CICM Router (side B) (INCRPNIC)

UDP 41025 + (instance number * 40)

NAM Router (CIC)


Bi-directional

Public network connecting the NAM to the CICM

CSFS

TCP 40015

CSFS duplexed peer


Bi-directional

CSFS event synchronization link

Logger Recovery Process (side A)

41013 + (instance number *40)



Bi-directional


Logger Recovery Process (side B)

40013 + (instance number *40)



Bi-directional


Diagnostic framework

TCP 7890

Any client that is requesting information from the diagnostic service.


Bi-directional

This serviceability component is installed on major CCE component servers (e.g. router, logger, PG, and Administration and Data Servers)

Table 2. Unified CCE Port Utilization: Distributor and Internet Script Editor
Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Port

Traffic Direction

Notes

MSSQL

TCP 1433

Logger

Distributor


Bi-directional


Table 3. Unified CCE Port Utilization: CCE Outbound Option Dialer

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Port

Traffic Direction

Notes

RTP for SIP

UDP ports in a range based on these formulas:

  • RangeStart = RTPPortRangeStart + (instNum * 2000)

  • RangeEnd = RangeStart + 2000

You can set RTPPortRangeStart in the registry key: RTPPortRangeStart.

Voice gateway


Bi-directional

Receive ports for reservation calls.

Use the following registry key to select and configure UDP ports: RTPPortRangeStart

TFTP


TFTP server

UDP 69

Bi-directional


TFTP file transfer



Ephemeral

Bi-directional


MR PG

TCP 38001+ (instance number)

Dialer


Bi-directional

The MR PG connects to the SIP Dialer using this port.

Dialer (SIP)

5060 and "SIPDialerPortBaseNumber + instance number"

Voice Gateway or SIP Proxy


Bi-directional

Set in the SIPServerPortNumber registry key.

Table 4. Unified CCE Port Utilization: CTI and CTI Object Server

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Port

Traffic Direction

Notes

GED-188 (CTI Server) unsecured

Side A

TCP 42027 + (instance number * 40)

Side B

TCP 43027 + (instance number * 40)

Finesse

Cisco Outbound Dialer

ARM Interface

CTI OS Server


Bi-directional

CTI OS is only supported for TDM and System PG.

GED-188 (CTI Server) secured

Side A

TCP 42030 + (instance number * 40)

Side B

TCP 43030 + (instance number * 40)

Finesse

Cisco Outbound Dialer

ARM Interface

CTI OS Server


Bi-directional

CTI OS is only supported for TDM and System PG.

CTI OS Server

TCP 42028

CTI OS Client

CTI OS Server Peers

CAD Desktop

Cisco Sync Service


Bi-directional

Applicable to first CTI OS instance. Multi-instance CTI OS

and Cisco Unified Contact Center Hosted

require a custom port be defined.

CTI OS Server

TCP 42028

CTI OS Client

CTI OS Server Peers

Cisco Sync Service


Bi-directional

CTI OS is only supported for TDM and System PG.

Applicable to first CTI OS instance. Multi-instance CTI OS require a custom port be defined.

CTI OS Supervisor Desktop

UDP 39200

CTI OS Client


Bi-directional

Desktop Silent Monitoring

CTI OS Supervisor Desktop is only supported for System PG.

CTI OS Silent Monitor Service

TCP 42228

CTI OS Client


Bi-directional

CTI OS Silent Monitor Service is only supported for System PG.

Cisco Enterprise Data Store

TCP 42228

Siebel server


Bi-directional

Support for screen call context

Table 5. Unified CCE Port Utilization: TDM/IP Peripherals

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Port

Traffic Direction

Notes

IP Process Communications

CTI/QBE



TCP 2748

Bi-directional

JTAPI

Customer Voice Portal - Call Server

Cisco Unified IP-IVR


PG, VRU PIM (GED-125)

TCP 5000-5001

Bi-directional

Unified ICM/IVR message interface, VRU PIM

CCE PG

TCP 2789

Unified CM


Bi-directional

JTAPI application server

Media Routing process


MR PIM

TCP 38001

Bi-directional


TDM Process Communications

Note

 

For more information on peripheral communication, see the "ACD Supplement" user documentation for the specific switch you are using.

Aspect PIM


Aspect ACD

TCP 8000

Bi-directional

Used by real-time bridge

Aspect Contact Center server PIM


Aspect Contact Center server

TCP 6101

TCP 6102

TCP 9001

Bi-directional

Application bridge

Event link

Avaya ACD

CMS

TCP 6060-6070

Avaya PIM

TCP 5678

Bi-directional

Event link

MIS Process

TCP 3000-3030

VRU


Bi-directional

Connects to CTI server, listens for VRU PIM

Avaya Aura Contact Center (AACC) PIM


Avaya ACD

TCP 3000

Bi-directional


UCCE System PG / CTI Server

TCP 42027

UCCE Gateway PIM


Bi-directional

Port number is configurable


Note

For port utilization information about Network Interface Controllers (NICs), refer to the TCP/IP-based NIC System Management Guide Supplements and setup parameters of the NIC or SCP connections.

Table 6. Unified CCE Port Utilization: Windows Authentication and Remote Administration Ports

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Port

Traffic Direction

Notes

RPC

TCP 135

UDP 135



Bi-directional


NetBIOS Session

TCP 139



Bi-directional


NetBIOS Name Resolution

TCP 137

UDP 137



Bi-directional


NetBIOS Netlogon/ Browsing

UDP 138



Bi-directional


SMB

TCP 445

UDP 445 1



Bi-directional


LDAP

TCP 389

UDP 389



Bi-directional


LDAP SSL

TCP 636



Bi-directional


LDAP GC

TCP 3268



Bi-directional


LDAP GC SSL

TCP 3269



Bi-directional


Active Directory Web Services

TCP 9389

UDP 9389



Bi-directional

Powershell uses this port.

DNS

TCP 53

UDP 53



Bi-directional


Kerberos

TCP 88

UDP 88



Bi-directional


SQL Server

TCP 1433

UDP 1434



Bi-directional

For more information, see Configure the Windows Firewall to Allow SQL Server Access in Microsoft documentation.
  1. DB Worker uses UDP 445. This port is also used for named pipes connectivity.

Note

For more information on Windows authentication, see Service overview and network port requirements for the Windows in Microsoft documentation.

Table 7. Unified CCE Port Utilization: Network Management and Remote Administration

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Port

Traffic Direction

Notes

SNMP-Trap

UDP 162



Bi-directional


Syslog

UDP 514



Bi-directional


Telnet

TCP 23



Bi-directional


RDP (Terminal Services)

TCP 3389



Bi-directional


pcAnywhere

TCP 5631

UDP 5632



Bi-directional


VNC

TCP 5900

TCP 5800 (Java HTTP)



Bi-directional

RealVNC

Unified CCE Servers

ICMP

Unified CCE Servers


Bi-directional

Inter-server communication

Table 8. Unified CCE Port Utilization: Customer Interaction Analyzer

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Port

Traffic Direction

Notes

VPN/terminal services

TCP 3389

Call recording server


Bi-directional


Table 9. Unified CCE Port Utilization: Live Data

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Protocol and Port

Traffic Direction

Notes

Router (side A and B) (TIP Event)

Router A: 40034 + (instance number * 40)

Router B: 41034 + (instance number * 40)

CUIC/Live Data


Bi-directional

Public network Live Data Events.

Router (side A and B) (TIP TOS)

Router A: 40035 + (instance number * 40)

Router B: 41035 + (instance number * 40)

CUIC/Live Data


Bi-directional

Public network Live Data Test Other Side.

ICM PG1 (side A and B) (TIP Event) 2

Side A: 42034 + (instance number * 40)

Side B: 43034 + (instance number * 40)

CUIC/Live Data


Bi-directional

Public network Live Data Events.

ICM PG2 (side A and B) (TIP Event)

Side A: 44034 + (instance number * 40)

Side B: 45034 + (instance number * 40)

CUIC/Live Data


Bi-directional

Public network Live Data Events.

ICM PG1 (side A and B) (TIP TOS)

Side A: 42035 + (instance number * 40)

Side B: 43035 + (instance number * 40)

CUIC/Live Data


Bi-directional

Public network Live Data Test Other Side.

ICM PG2 (side A and B) (TIP TOS)

Side A: 44035 + (instance number * 40)

Side B: 45035 + (instance number * 40)

CUIC/Live Data


Bi-directional

Public network Live Data Test Other Side.

  1. The ports for TIP/TOS connections are assigned based on the order in which the PG pair (side A/B) is installed on the same server. For example, the first PG pair (PG1 Side A/B) installed, is assigned TIP base ports 42034 and 43034 respectively. The second PG pair (PG2 Side A/B) installed, is assigned ports 44034 and 45034 respectively. The same assignment is applicable to TOS ports as well.

Port Utilization in Cisco Cloud Connect

Table 10. Cisco Unified Web Proxy

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Port

Traffic Direction

Notes

Cisco Unified Web Proxy Service (HTTPS)

TCP 8445

Applications

-

Inward from applications to Cloud Connect Services.


Table 11. Cloud Connect Services

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Port

Traffic Direction

Notes

CherryPoint Service

TCP 3551

CherryPoint Service on the other node in the same cluster.


Bidirectional

CherryPoint services use this port for secure cluster management.

EvaPoint Service

TCP 4551

EvaPoint Service on the other node is the same cluster.


Bidirectional

EvaPoint services use this port for secure cluster management.

Table 12. Cloud Connect External Connections

(Process or Application Protocol)

Protocol and Port

Remote Device (Process or Application Protocol)

Remote Port

Traffic Direction

Notes

CloudConnectMgmt


Fusion Management Service

https://hercules-a.wbx2.com,

https://hercules-k.wbx2.com,

https://hercules-r.wbx2.com

TCP 443



CloudConnectMgmt


WxCC Services

https://*.ciscoservice.com

TCP 443



CloudConnectMgmt


Webex Identity

https://idbroker.webex.com

TCP 443



CherryPoint


Webex Experience Management

TCP 443


Get remote host address from the Webex Experience Management

Unified CCMP Port Utilization

Table 13. Cisco Unified Contact Center Management Portal Port Utilization

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Port

Traffic Direction

Notes

CCMP Web/Application server A/B

SQL

TCP 1433

CCMP DB server A/B



Standard SQL connection

LDAP (Domain Controller)

UDP 389

TCP 389

Integrated Configuration Environment (ICE)



Used to read AD account information for supervisor provisioning

CCMP Database server A/B

SQL

TCP 1433

CCMP DB server A/B



Standard SQL Connection and for SQL replication

TCP 1433

CCE/CCH Administration and Data server side A/B



For import of CCE/CCH dimension data

*MSDTC

TCP 135

CCMP DB sever A/B

TCP 1024-5000


For the CCMP audit archive job

SMB over IP (CVP Media Server)

UDP 445*

TCP 445

Integrated Configuration Environment



For CVP file upload file replication

* Also used for named pipes connectivity.

These assume the Server Name field in ICE is configured with either a TCP/IP address or DNS name (hence no NETBIOS port requirements).

Ports are also required to access all Unified Contact Center Management Portal servers for support reasons (either pcAnywhere or terminal services).


Note

This list does not include standard Windows ports such as DNS and Kerberos.

* MSDTC response ports by default use a dynamically allocated port in the range of 1024 to 5000. You can configure this range creating the HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet location registry key and adding the following registry values:

  • Ports (REG_MULTI_SZ) - specify one port range per line, for example, 3000-3005

  • PortsInternetAvailable (REG_SZ) - always set this value to "Y" (do not include the quotes)

  • UseInternetPorts (REG_SZ) - always set this value to "Y" (do not include the quotes)

Unified CRM Connectors Port Utilization

Table 14. Cisco Unified CRM Connector for SAP

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Protocol and Port

Traffic Direction

Notes

CRM DataStore for SAP

TCP 42029

CRM Connector for SAP




Table 15. Cisco Unified CRM Connector for Microsoft CRM, Oracle PeopleSoft, Salesforce.com

Listener (Process or Application Protocol)

Listener Protocol and Port

Remote Device (Process or Application Protocol)

Remote Protocol and Port

Traffic Direction

Notes

MSCRM Server

TCP 81

MSCRM Client



MSCRM only.

CRM Connector Server

TCP 5666

CRM Adapters



Configurable in \Program Files\Cisco\CRM Connector\MCIS\Config.ini

.NET Adapter

TCP 5558

Agent Desktop



Remoting Port.

CRM Connector Server

TCP 42027

Cisco CTI Server



Default port for side A. Configurable in the Config.ini file [CTIModule Setting] Port_A.

CRM Connector Server

TCP 44027

Cisco CTI Server



Default port for side B. Configurable in the Config.ini file [CTIModule Setting] Port_B.

CRM Connector Server

TCP 65372

Server Administration Tool



Configurable under \Program Files\Cisco\CRM Connector\MCIS\Config.ini and \Program Files\Cisco\CRM Connector\ Server Administration Tool\WebComponent\ server.config