Firewall Rules 68p09287a58
description
Transcript of Firewall Rules 68p09287a58
Accuracy
While reasonable efforts have been made to assure the accuracy of this document, Motorola, Inc. assumes noliability resulting from any inaccuracies or omissions in this document, or from use of the information obtainedherein. Motorola, Inc. reserves the right to make changes to any products described herein to improve reliability,function, or design, and reserves the right to revise this document and to make changes from time to time in contenthereof with no obligation to notify any person of revisions or changes. Motorola, Inc. does not assume any liabilityarising out of the application or use of any product, software, or circuit described herein; neither does it conveylicense under its patent rights or the rights of others. It is possible that this publication may contain references to, orinformation about Motorola products (machines and programs), programming, or services that are not announcedin your country. Such references or information must not be construed to mean that Motorola intends to announcesuch Motorola products, programming, or services in your country.
Copyrights
This document, Motorola products, and 3rd Party Software products described in this document may includeor describe copyrighted Motorola and other 3rd Party supplied computer programs stored in semiconductormemories or other media. Laws in the United States and other countries preserve for Motorola, its licensors, andother 3rd Party supplied software certain exclusive rights for copyrighted material, including the exclusive rightto copy, reproduce in any form, distribute and make derivative works of the copyrighted material. Accordingly,any copyrighted material of Motorola, its licensors, or the 3rd Party software supplied material contained in theMotorola products described in this document may not be copied, reproduced, reverse engineered, distributed,merged or modified in any manner without the express written permission of Motorola. Furthermore, the purchaseof Motorola products shall not be deemed to grant either directly or by implication, estoppel, or otherwise, anylicense under the copyrights, patents or patent applications of Motorola or other 3rd Party supplied software,except for the normal non-exclusive, royalty free license to use that arises by operation of law in the sale of aproduct.
A list of 3rd Party supplied software copyrights are contained in the Supplemental information section of thisdocument.
Restrictions
Software and documentation are copyrighted materials. Making unauthorized copies is prohibited by law. No partof the software or documentation may be reproduced, transmitted, transcribed, stored in a retrieval system, ortranslated into any language or computer language, in any form or by any means, without prior written permissionof Motorola, Inc.
License Agreements
The software described in this document is the property of Motorola, Inc and its licensors. It is furnished by expresslicense agreement only and may be used only in accordance with the terms of such an agreement.
High Risk Materials
Components, units, or 3rd Party products used in the product described herein are NOT fault-tolerant and are NOTdesigned, manufactured, or intended for use as on-line control equipment in the following hazardous environmentsrequiring fail-safe controls: the operation of Nuclear Facilities, Aircraft Navigation or Aircraft CommunicationSystems, Air Traffic Control, Life Support, or Weapons Systems (High Risk Activities). Motorola and its supplier(s)specifically disclaim any expressed or implied warranty of fitness for such High Risk Activities.
Trademarks
Motorola and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or servicenames are the property of their respective owners.
The CE mark confirms Motorola, Inc. statement of compliance with EU directives applicable to this product. Copiesof the Declaration of Compliance and installation information in accordance with the requirements of EN50385 canbe obtained from the local Motorola representative or by contacting the Customer Network Resolution Center(CNRC). The 24 hour telephone numbers are listed at https://mynetworksupport.motorola.com. Select CustomerNetwork Resolution Center contact information. Alternatively if you do not have access to CNRC or theinternet, contact the Local Motorola Office.
JUL 2007
Tableof
Contents
Contents■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
■
■
PoC Firewall RulesRevision history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Version information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2General information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Cross references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Text conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Contacting Motorola . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Questions and comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524 hour support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Security Advice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Warnings and cautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Failure to comply with warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Warnings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Cautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
General Safety . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Ground the equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Do not operate in an explosive atmosphere . . . . . . . . . . . . . . . . . . . . . . . . . 9Keep away from live circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Do not service or adjust alone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Use caution when exposing or handling the CRT. . . . . . . . . . . . . . . . . . . . . . . 10Do not substitute parts or modify equipment . . . . . . . . . . . . . . . . . . . . . . . . 10Potentially hazardous procedure warnings. . . . . . . . . . . . . . . . . . . . . . . . . . 10
Devices sensitive to static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Special handling techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Caring for the environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Disposal of Motorola Networks equipment in EU countries . . . . . . . . . . . . . . . . . 12Disposal of Motorola Networks equipment in non-EU countries . . . . . . . . . . . . . . . 12
Motorola document set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Ordering documents and CD-ROMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Document banner definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Third Party Computer Software and Trademarks . . . . . . . . . . . . . . . . . . . . . . . . 14Computer Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chapter 1: Handset, CS, AD, and Web server interface rulesCS and handset interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2CS and AD interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3Web server and AD interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4CS to Prepaid Mediation Server Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
68P09287A58-A i
JUL 2007
Contents
OAMP Traffic (NMHOST) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7Multi AD interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11Network to Network Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
SIP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13Media traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
IMS to PoC Application Server Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15IMS to PoC CS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15IMS to PoC AD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
HS to XDMS interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17CS to CS (IPMH Sigcomp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18CS to GAMA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-19DNS to CS/AD/PM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20
Appendix A: Acronyms and Abbreviations
ii 68P09287A58-A
JUL 2007
Listof
Tables
List of Tables■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
■
■
Table 1-1: CS to handset interface rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2Table 1-2: CS to AD interface rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3Table 1-3: Web server to AD interface rules . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4Table 1-4: CS to Prepaid Mediation Server Interface Rules . . . . . . . . . . . . . . . . . . . 1-5Table 1-5: CS to Prepaid Mediation Server Interface Rules continued . . . . . . . . . . . . . . 1-6Table 1-6: Web Browser to CS/AD server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7Table 1-7: Subscriber or enterprise admin Web server to AD . . . . . . . . . . . . . . . . . . 1-7Table 1-8: MTAS client to MTAS interface on the AD. . . . . . . . . . . . . . . . . . . . . . . 1-7Table 1-9: Operator SNMP manager and the SNMP interface of AD/CS/Web Server . . . . . . 1-8Table 1-10: Operator’s SNMP Manager and the SNMP interface of AD/CS/ WebServer. . . . . . 1-8Table 1-11: FTP / SFTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8Table 1-12: Telnet / SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9Table 1-13: SMTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9Table 1-14: NTP Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9Table 1-15: NMS Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10Table 1-16: XML API to Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10Table 1-17: AD1 IPMH to AD2 IPMH Interface. . . . . . . . . . . . . . . . . . . . . . . . . . 1-11Table 1-18: AD2 IPMH to AD1 IPMH Interface. . . . . . . . . . . . . . . . . . . . . . . . . . 1-11Table 1-19: NMS Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12Table 1-20: CS IPMH IP to NNI IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13Table 1-21: NNI IP to CS IPMH IP interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13Table 1-22: CS MRS to NNI Media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14Table 1-23: CS MRS to NNI Handsets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14Table 1-24: IMS to PoC CS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15Table 1-25: PoC CS to IMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15Table 1-26: IMS to PoC AD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16Table 1-27: PoC AD to IMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16Table 1-28: HS to XDMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17Table 1-29: XDMS to HS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17Table 1-30: OCS to TCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18Table 1-31: TCS to OCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18Table 1-32: CS to Diameter server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-19Table 1-33: Diameter server to CS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-19Table 1-34: DNS server to CS/AD/PM server . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20Table 1-35: DNS server to AD/CS/PM server . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20
68P09287A58-A iii
JUL 2007
AboutThisManual
PoC Firewall Rules■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
■
■
This document covers the Motorola PoC IP network and provides guidance for the field engineer,who implements the IP interface between the CS, AD and the customer network.
68P09287A58-A 1
JUL 2007
Revision history
Revision history■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
The following shows the status of this document since it was released.
Version information
Document issue Date of issue Remarks
A JUL 2007 Initial Release
2 68P09287A58-A
JUL 2007
General information
General information■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
Motorola disclaims all liability whatsoever, implied or express, for any risk of damage,loss or reduction in system performance arising directly or indirectly out of thefailure of the customer, or anyone acting on the customers behalf, to abide by theinstructions, system parameters or recommendations made in this document.
Purpose
Motorola cellular communications documents are intended to instruct and assist personnel inthe operation, installation and maintenance of the Motorola cellular infrastructure equipmentand ancillary devices. It is recommended that all personnel engaged in such activities beproperly trained by Motorola.
Failure to comply with Motorola’s operation, installation and maintenance instructionsmay, in exceptional circumstances, lead to serious injury or death.
These documents are not intended to replace the system and equipment training offered byMotorola, although they can be used to supplement and enhance the knowledge gained throughsuch training.
Cross references
Throughout this document, references are made to external publications, chapter numbersand section names. The references to external publications are shown in italics. Chapter andsection name cross references are emphasized in blue text in electronic versions. These areactive links to the references.
This document is divided into uniquely identified and numbered chapters that, in turn, aredivided into sections. Sections are not numbered, but are individually named at the top of eachpage, and are listed in the table of contents.
Text conventions
The following conventions are used in the Motorola cellular infrastructure documents torepresent keyboard input text, screen output text and special key sequences.
68P09287A58-A 3
JUL 2007
General information
Input
Characters typed in at the keyboard are shown like this.
Output
Messages, prompts, file listings, directories, utilities, and environmental
variables that appear on the screen are shown like this.
Special key sequences
Special key sequences are represented as follows:
CTRL-c Press the Control and c keys at the same time.
ALT-f Press the Alt and f keys at the same time.
¦ Press the pipe symbol key.
CR or RETURN Press the Return key.
4 68P09287A58-A
JUL 2007
Contacting Motorola
Contacting Motorola■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
Motorola appreciates feedback from the users of our documents.
Errors
To report a documentation error, call the CNRC (Customer Network Resolution Center) andprovide the following information to enable CNRC to open an SR (Service Request):
• The document type
• The document title, part number, and revision character
• The page number(s) with the error
• A detailed description of the error and if possible the proposed solution
Questions and comments
Send questions and comments regarding user documentation to the email address below:[email protected]
24 hour support
If you have problems regarding the operation of your equipment, please contact the CustomerNetwork Resolution Center (CNRC) for immediate assistance. The 24 hour telephone numbersare listed at https://mynetworksupport.motorola.com. Select Customer Network ResolutionCenter contact information. For additional CNRC contact information, contact your Motorolaaccount representative.
68P09287A58-A 5
JUL 2007
Security Advice
Security Advice■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
Motorola systems and equipment provide configurable security parameters to be set by theoperator based on their particular operating environment. Motorola recommends setting andusing these parameters following industry recognized security practices. Security aspectsto be considered are protecting the confidentiality, integrity, and availability of informationand assets. Assets include the ability to communicate, information about the nature of thecommunications, and information about the parties involved.
In certain instances Motorola makes specific recommendations regarding security practices,however the implementation of these recommendations and final responsibility for the securityof the system lies with the operator of the system.
Please contact the Customer Network Resolution Center (CNRC) for assistance. The 24 hourtelephone numbers are listed at https://mynetworksupport.motorola.com/. Select CustomerNetwork Resolution Center contact information, from the menu located to the left of theLogin box. Alternatively if you do not have access to CNRC or the internet, contact the LocalMotorola Office.
6 68P09287A58-A
JUL 2007
Warnings and cautions
Warnings and cautions■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
The following describes how warnings and cautions are used in this document and in alldocuments of this Motorola document set.
Failure to comply with warnings
Observe all warnings during all phases of operation, installation and maintenance of theequipment described in the Motorola documents. Failure to comply with these warnings,or with specific warnings elsewhere in the Motorola documents, or on the equipmentitself, violates safety standards of design, manufacture and intended use of theequipment. Motorola assumes no liability for the customer’s failure to comply withthese requirements.
Warnings
A definition and example follow below:
Denition of Warning
A warning is used to alert the reader to possible hazards that could cause loss of life, physicalinjury, or ill health. This includes hazards introduced during maintenance, for example, the useof adhesives and solvents, as well as those inherent in the equipment.
Example and format
Do not look directly into ber optic cables or data in/out connectors. Laser radiationcan come from either the data in/out connectors or unterminated ber optic cablesconnected to data in/out connectors.
Cautions
A definition and example follow below:
Denition of Caution
A caution means that there is a possibility of damage to systems, software or individual items ofequipment within a system. However, this presents no danger to personnel.
68P09287A58-A 7
JUL 2007
Warnings and cautions
Example and format
Do not use test equipment that is beyond its due calibration date; arrange forcalibration to be carried out.
Notes
A definition and example follow below:
Denition of Note
A note means that there is a possibility of an undesirable situation or provides additionalinformation to help the reader understand a topic or concept.
Example and format
The UDR version number is configured at installation time by Motorola personneland is not accessible by the customer.
8 68P09287A58-A
JUL 2007
General Safety
General Safety■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
Ground the equipment
To minimize shock hazard, the equipment chassis and enclosure must be connected to anelectrical ground. If the equipment is supplied with a three-conductor ac power cable, thepower cable must be either plugged into an approved three-contact electrical outlet or usedwith a three-contact to two-contact adapter. The three-contact to two-contact adapter musthave the grounding wire (green) firmly connected to an electrical ground (safety ground) atthe power outlet. The power jack and mating plug of the power cable must meet InternationalElectrotechnical Commission (IEC) safety standards.
Refer to Grounding Guideline for Cellular Radio Installations – 68P81150E62.
Do not operate in an explosive atmosphere
Do not operate the equipment in the presence of flammable gases or fumes. Operation of anyelectrical equipment in such an environment constitutes a definite safety hazard.
Keep away from live circuits
Operating personnel must:
• not remove equipment covers. Only Factory Authorized Service Personnel or otherqualified maintenance personnel may remove equipment covers for internal subassembly,or component replacement, or any internal adjustment.
• not replace components with power cable connected. Under certain conditions, dangerousvoltages may exist even with the power cable removed.
• always disconnect power and discharge circuits before touching them.
Do not service or adjust alone
Do not attempt internal service or adjustment, unless another person, capable of rendering firstaid and resuscitation, is present.
68P09287A58-A 9
JUL 2007
General Safety
Use caution when exposing or handling the CRT
Breakage of the Cathode–Ray Tube (CRT) causes a high-velocity scattering of glass fragments(implosion). To prevent CRT implosion, avoid rough handling or jarring of the equipment. Onlyqualified maintenance personnel wearing approved safety mask and gloves should handle theCRT.
Do not substitute parts or modify equipment
Because of the danger of introducing additional hazards, do not install substitute parts orperform any unauthorized modification of equipment. Contact Motorola Warranty and Repairfor service and repair to ensure that safety features are maintained.
Potentially hazardous procedure warnings
Warnings, such as the example below, precede potentially hazardous procedures throughoutthis document. Instructions contained in the warnings must be followed. Employ all other safetyprecautions necessary for the operation of the equipment in the operating environment.
Potentially hazardous voltages, capable of causing death, are present in thisequipment. Use extreme caution when handling, testing, and adjusting.
10 68P09287A58-A
JUL 2007
Devices sensitive to static
Devices sensitive to static■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
Certain metal oxide semiconductor (MOS) devices embody in their design a thin layer ofinsulation that is susceptible to damage from electrostatic charge. Such a charge applied to theleads of the device could cause irreparable damage.
These charges can be built up on nylon overalls, by friction, by pushing the hands into highinsulation packing material or by use of ungrounded soldering irons.
MOS devices are normally dispatched from the manufacturers with the leads short-circuitedtogether, for example, by metal foil eyelets, wire strapping, or by inserting the leads intoconductive plastic foam. Provided the leads are short-circuited it is safe to handle the device.
Special handling techniques
In the event of one of these devices having to be replaced, observe the following precautionswhen handling the replacement:
• Always wear a ground strap which must be connected to the electrostatic point on theequipment.
• Leave the short circuit on the leads until the last moment. It may be necessary to replacethe conductive foam by a piece of wire to enable the device to be fitted.
• Do not wear outer clothing made of nylon or similar man made material. A cotton overallis preferable.
• If possible work on an grounded metal surface or anti-static mat. Wipe insulated plasticwork surfaces with an anti-static cloth before starting the operation.
• All metal tools should be used and when not in use they should be placed on an groundedsurface.
• Take care when removing components connected to electrostatic sensitive devices. Thesecomponents may be providing protection to the device.
When mounted onto printed circuit boards (PCBs), MOS devices are normally less susceptible toelectrostatic damage. However PCBs should be handled with care, preferably by their edgesand not by their tracks and pins, they should be transferred directly from their packing to theequipment (or the other way around) and never left exposed on the workbench.
68P09287A58-A 11
JUL 2007
Caring for the environment
Caring for the environment■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
The following information is provided to enable regulatory compliance with the European Union(EU) Directive 2002/96/EC Waste Electrical and Electronic Equipment (WEEE) when usingMotorola Networks equipment in EU countries.
Disposal of Motorola Networks equipment in EU countries
Please do not dispose of Motorola Networks equipment in landfill sites.
In the EU, Motorola Networks in conjunction with a recycling partner will ensure that equipmentis collected and recycled according to the requirements of EU environmental law.
Please contact the Customer Network Resolution Center (CNRC) for assistance. The 24 hourtelephone numbers are listed at https://mynetworksupport.motorola.com/. Select CustomerNetwork Resolution Center contact information. Alternatively if you do not have accessto CNRC or the internet, contact the Local Motorola Office.
Disposal of Motorola Networks equipment in non-EU countries
In non-EU countries, dispose of Motorola Networks equipment in accordance with nationaland regional regulations.
12 68P09287A58-A
JUL 2007
Motorola document set
Motorola document set■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
The Motorola document sets provide the information needed to operate, install, and maintainthe Motorola equipment.
Ordering documents and CD-ROMs
With internet access available, to view, download, or order documents (original or revised), visitthe Motorola Lifecycles Customer web page at https://mynetworksupport.motorola.com/, orcontact your Motorola account representative.
Without internet access available, order hard copy documents or CD-ROMs with your MotorolaLocal Office or Representative.
If Motorola changes the content of a document after the original printing date, Motorolapublishes a new version with the same part number but a different revision character.
Document banner denitions
A banner (oversized text on the bottom of the page, for example, PRELIMINARY — UNDERDEVELOPMENT) indicates that some information contained in the document is not yet approvedfor general customer use.
68P09287A58-A 13
JUL 2007
Third Party Computer Software and Trademarks
Third Party Computer Software and Trademarks■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
Computer Software
The Motorola and 3rd Party supplied Software (SW) products described in this instructiondocument may include copyrighted Motorola and other 3rd Party supplied computer programsstored in semiconductor memories or other media. Laws in the United States and othercountries preserve for Motorola and other 3rd Party supplied SW certain exclusive rights forcopyrighted computer programs, including the exclusive right to copy or reproduce in anyform the copyrighted computer program. Accordingly, any copyrighted Motorola or other 3rdParty supplied SW computer programs contained in the Motorola products described in thisinstruction document may not be copied (reverse engineered) or reproduced in any mannerwithout the express written permission of Motorola or the 3rd Party SW supplier. Furthermore,the purchase of Motorola products shall not be deemed to grant either directly or by implication,estoppel, or otherwise, any license under the copyrights, patents or patent applications ofMotorola or other 3rd Party supplied SW, except for the normal non-exclusive, royalty freelicense to use that arises by operation of law in the sale of a product.
Vendor Copyright
Apache Software Foundation Copyright 2001, 2002, 2003, 2004 , 2004 AllRights Reserved
Artesyn Copyright All Rights Reserved
CMU * Copyright All Rights Reserved
Free Software Foundation * Copyright 2000 All Rights Reserved
Freeware Tools / Utilities * Copyright All Rights Reserved
GNOME Project * Copyright 2004 All Rights Reserved
iodbc.org * Copyright 2002 All Rights Reserved
Megastep * Copyright 2002 All Rights Reserved
NIST * Copyright 2002 All Rights Reserved
openBSD * Copyright 2006 All Rights Reserved
openSSL * Copyright 2006 All Rights Reserved
Performance Technologies Copyright All Rights Reserved
Postgres * Copyright 2005 All Rights Reserved
Sun Microsystems Inc. * Copyright 2002 All Rights Reserved
Telelogic Copyright All Rights Reserved
QNX * Copyright All Rights Reserved
*= May contain purchased SW and Open Source SW/Freeware which may be subject to alicense fee.
14 68P09287A58-A
JUL 2007
Third Party Computer Software and Trademarks
Trademarks
Java™ Technology and/or J2ME™: Java and all other Java-based marks are trademarks orregistered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.
UNIX®: UNIX is a registered trademark of The Open Group in the United States and othercountries.
68P09287A58-A 15
JUL 2007
Chapter
1
Handset, CS, AD, and Web server interfacerules■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
■
■
The Motorola Site Engineer and Account Team Representatives must work with the PoCApplication Engineering group to obtain appropriate PoC system firewall and port assignmentinformation.
68P09287A58-A 1-1
JUL 2007
CS and handset interface Chapter 1: Handset, CS, AD, and Web server interface rules
CS and handset interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
TCP is required for OMA POC handsets. It is not needed for MPTT handsets.
Port range varies from 2300 to 2899 for software MRS and 2300 to 5899 for IXP MRS.
Table 1-1 CS to handset interface rules
Protocol Handset IP(Source)
Handset Port(Source)
Server IP(Destination)
Server Port(Destination)
UDP HandsetPrivate IP
Any(Ephemeral).
CS IPMHMobile IP.
5060
Handset to CSIPMH Interface TCP Handset
Private IPAny(Ephemeral).
CS IPMHMobile IP.
Any (5060 &Ephemeral).
Protocol Server IP(Source)
Server Port(Source)
Handset IP(Destination)
Handset Port(Destination)
UDP CS IPMHMobile IP.
5060 HandsetPrivate IP.
Any(Ephemeral).
CS IPMHto HandsetInterface
TCP CS IPMHMobile IP.
Any (5060 &Ephemeral).
HandsetPrivate IP.
Any(Ephemeral).
Protocol Server IP(Source)
Server Port(Source)
Handset IP(Destination)
Handset Port(Destination)
CS MRSto HandsetInterface
UDP(RTP/RTCP)
List allMRPfloatingIP’s.
2300 through5899.
HandsetPrivate IP.
Any(Ephemeral).
Protocol Handset IP(Source)
Handset Port(Source)
Server IP(Destination)
Server Port(Destination)Handset to CS
MRS Interface UDP(RTP/RTCP)
HandsetPrivate IP.
Any(Ephemeral).
List all MRPfloating IP’s.
2300 through5899.
1-2 68P09287A58-A
JUL 2007
PoC Firewall Rules CS and AD interface
CS and AD interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
UDP: Only for Integrated IMS deployments.
TCP: Only for Integrated IMS deployments.
Table 1-2 CS to AD interface rules
Protocol CS IPMH IP(Source) CS IPMH (Source) AD IPMH IP
(Destination)AD IPMH(Destination)
UDP CS IPMHManagementIP.
5060 AD IPMHManagementIP.
5060
TCP CS IPMHManagementIP.
Any (5060 &Ephemeral).
AD IPMHManagementIP.
Any (5060 &Ephemeral).
CS IPMH to ADIPMH Interface
SCTP CS IPMHManagementIP.
Ephemeral AD IPMHManagementIP.
7008(wms_app_ipmh.ipmh_peer_port)
Protocol AD IPMH IP(Source)
AD IPMH(Source)
CS IPMH IP(Destination)
CS IPMH(Destination)
UDP AD IPMHManagementIP.
5060 CS IPMHManagementIP.
5060
TCP AD IPMHManagementIP.
Any (5060 &Ephemeral).
CS IPMHManagementIP.
Any (5060 &Ephemeral).
AD IPMH to CSIPMH Interface
SCTP AD IPMHManagementIP.
7008(wms_app_ipmh.ipmh_peer_port)
CS IPMHManagementIP.
Ephemeral
68P09287A58-A 1-3
JUL 2007
Web server and AD interface Chapter 1: Handset, CS, AD, and Web server interface rules
Web server and AD interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
Table 1-3 Web server to AD interface rules
ProtocolWebserver IP(Source)
Webserver(Source)
AD NMHost IP(Destination)
AD NMHost(Destination)
Webserver to ADNMHost Interface
TCP WebserverManagementIP.
Any(Ephemeral).
AD NMHostManagementIP.
• ProvAdapter(6828)
• MtasAdapter(6827)
• TL1 (2362)
• MoServer(5999)
Protocol AD NMHostIP (Source)
AD NMHost(Source)
Webserver IP(Destination)
Webserver(Destination)
AD NMHostto WebserverInterface
TCP AD NMHostManagementIP.
• ProvAdapter(6828)
• MtasAdapter(6827
• TL1 (2362)
• MoServer(5999)
WebserverManagementIP.
Any (Ephemeral).
1-4 68P09287A58-A
JUL 2007
PoC Firewall Rules CS to Prepaid Mediation Server Interface
CS to Prepaid Mediation Server Interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
The prepaid mediation server NMHOST IP is configurable and port is not always 7009.
TCP: PM Server1 is active and PM Server2 is backup. Active is a TCP server andBackup is a TCP client.
Table 1-4 CS to Prepaid Mediation Server Interface Rules
Protocol CS IPMH IP(Source)
CS IPMH Port(Source)
PrepaidMediationServerNMHOST IP(Destination)
PrepaidMediation ServerNMHOST Port(Destination)
CS IPMHto PrepaidMediationServer NMHOSTFor diametermessages.
TCP CS IPMHManagementIP.
Ephemeral PrepaidMediatorNMHOST IP.
7009 (port inwms_remotesp.remote_id)
Protocol PrepaidMediationServerNMHOST IP(Source)
PrepaidMediationServerNMHOST Port(Source)
CS IPMH IP(Destination)
CS IPMH Port(Destination)
PrepaidMediationServer NMHOSTto CS IPMHFordiametermessages.
TCP PrepaidMediatorNMHOSTIP.
7009 (port inwms_remotesp.remote_id)
CS IPMHManagementIP.
Ephemeral
68P09287A58-A 1-5
JUL 2007
CS to Prepaid Mediation Server Interface Chapter 1: Handset, CS, AD, and Web server interface rules
Table 1-5 CS to Prepaid Mediation Server Interface Rules continued
Protocol PM Server1NMHOST IP(Source)
PM Server1NMHOST Port(Source)
PM Server2NMHOST IP(Destination)
PM Server2NMHOST Port(Destination)
PMServer1NMHost toPMServer2NMHost
TCP PM Server1NMHost IP
7010(wms_app_prepaid_mediator.peer_port)
PM Server2NMHost IP
Ephemeral
Protocol PM Server2NMHOST IP(Source)
PM Server2NMHOST Port(Source)
PM Server1NMHOST IP(Destination)
PM Server1NMHOST Port(Destination)
PM Server2NMHOST toPM Server1NMHOST
TCP PM Server2NMHOST IP.
Ephemeral PM Server1NMHOST IP.
7010(wms_app_prepaid_mediator.peer_port)
1-6 68P09287A58-A
JUL 2007
PoC Firewall Rules OAMP Trafc (NMHOST)
OAMP Trafc (NMHOST)■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
Table 1-6 Web Browser to CS/AD server
Protocol Browser IP(Source)
Browser Port(Source)
Server IP(Destination)
Server Port(Destination)
HTTP Any (WebBrowser IP).
Any(Ephemeral).
AD/CS NMHPrimary IP.
80This is to accessthe EMS GUIpage for theCS/AD. This canbe limited withinthe Operatorprivate network.
HTTPS Any (WebBrowser IP).
Any(Ephemeral).
AD/CS NMHPrimary IP.
443
Table 1-7 Subscriber or enterprise admin Web server to AD
Protocol Server IP(Destination)
Server Port(Destination)
Web server IP(Source)
Web serverPort (Source)
TCP AD NMHPrimary IP.
6828 Web server IP Any(Ephemeral).
Subscriberor enterpriseadmin Webserver to AD. TCP AD NMH
Primary IP.6827 Web server IP Any
(Ephemeral).
MTAS client is an application in operator network which provisions PoC subscribers to MTASinterface on the AD.
Table 1-8 MTAS client to MTAS interface on the AD.
Protocol Server IP(Destination)
Server Port(Destination)
MTAS client(Source) IP
MTAS clientPort (Source)
MTAS Client TCP AD NMHPrimary IP.
6827 MTAS Client IP. Any(Ephemeral).
68P09287A58-A 1-7
JUL 2007
OAMP Trafc (NMHOST) Chapter 1: Handset, CS, AD, and Web server interface rules
Table 1-9 is for the SNMP Manager to do SNMP GET/SET/GETNEXT kind of operations on thePoC Network elements like AD/CS/Web server.
Table 1-9 Operator SNMP manager and the SNMP interface of AD/CS/Web Server
ProtocolSNMPAgent IP(Destination)
SNMPAgent Port(Destination)
SNMP Manager(Source) IP
SNMP ManagerPort (Source)
SNMPGET/SET/GETNEXTOperations
UDP AD/CS NMHprimary IP orWeb serverIP.
161 Client PrivateIP.
Any(Ephemeral).
Table 1-10 is for the PoC Network elements like AD/CS/webserver to send SNMP traps.
Table 1-10 Operator’s SNMP Manager and the SNMP interface of AD/CS/ WebServer.
Protocol SNMP AgentIP (Source)
SNMP AgentPort (Source)
SNMP Manager(Destination) IP
SNMPManager Port(Destination)
PoC Networkelements likeAD/CS/WebServer to sendSNMP traps
UDP AD/CS NMHprimary IP, orWeb serverIP
162 List of IPsConfigured inthe AD/CS/Webserver.
List of PortsConfiguredin theAD/CS/Webserver.
Table 1-11 is for sync operations between the ADs or the primary AD and the other CS/ADs. Thisis also to access billing records and to bring in new software loads/patches for upgrades.
Table 1-11 FTP / SFTP.
Protocol Server IP(Destination)
Server Port(Destination)
Client IP(Source)
Client Port(Source)
FTP AD/CS NMHPrimary IP.
21 Any Any(Ephemeral).
Sync operationsbetween theADs or theprimary ADand the otherCS/ADs.
SFTP AD/CS NMHPrimary IP.
22 Any Any(Ephemeral).
1-8 68P09287A58-A
JUL 2007
PoC Firewall Rules OAMP Trafc (NMHOST)
The following Table 1-12 is for terminal access to the PoC Network element - AD/CS/webserver.
Table 1-12 Telnet / SSH
Protocol Server IP(Destination)
Server Port(Destination)
Client (Source)IP
Client Port(Source)
TELNET AD/CS NMHPrimary IPPublic IPs ofNMHOST01andNMHOST02.
23 Any Any(Ephemeral).
Terminalaccess to thePoC Networkelement -AD/CS/Webserver.
SSH AD/CS NMHprimary IPPublic IPs ofNMHOST01andNMHOST02.
22 Any Any(Ephemeral).
The following Table 1-13 is to enable the AD and webserver to send out emails. AD send outemails for auto-provisioning feature and webserver for forgot password.
Table 1-13 SMTP
Protocol Client(Source) IP
Client Port(Source)
Server IP(Destination)
Server Port(Destination)
SMTP AD/PrepaidMS, NMHPrimary IP,Web serverIP.
Any(Ephemeral).
SMTP server IP. 25
The following Table 1-14 is to enable the PoC network elements to sync their time to thenetwork time server.
Table 1-14 NTP Sync
Protocol Client (Source)IP
Client Port(Source)
Server IP(Destination)
Server Port(Destination)
NTP Sync NTP AD/CS NMHPrimary IP,Web server IP,external IPs ofNMHOST01andNMHOST02on the AD/CS.
Any(Ephemeral)
Network timeserver IP.
123
68P09287A58-A 1-9
JUL 2007
OAMP Trafc (NMHOST) Chapter 1: Handset, CS, AD, and Web server interface rules
The following Table 1-15 is to enable the PoC network elements to sync their time to thenetwork time server.
Table 1-15 NMS Sync
Protocol Primary ADNMHOST IP(Source)
Primary ADNMHOSTPort(Source)
AD1 /CS1NMHOST IP(Destination)
AD1/CS1NMHOST port(Destination)
NMS Sync SCP Primary ADNMH PrimaryIP.
Any(Ephemeral).
AD/CS NMHPrimary IP.
22
Table 1-16 XML API to Web Server
Protocol XML API IP(Source)
XML API IPPort (Source)
Web server IP(Destination)
Web Server port(Destination)
HTTP Any Private IP Any(Ephemeral)
Web server IP 80
HTTPs Any Private IP Any(Ephemeral)
Web server IP 443
1-10 68P09287A58-A
JUL 2007
PoC Firewall Rules Multi AD interface
Multi AD interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
IPMH of AD1 should be connected to IPMH of all other AD chassis (active andbackup) - except AD1’s own backup AD.
SCTP: Assuming AD1 wms_app_ipmh.ipmh_peer_port is less than that on AD2 (thismakes AD1 IPMH the client and AD2 IPMH the server).
Table 1-17 AD1 IPMH to AD2 IPMH Interface
Protocol AD1 IPMH IP(Source)
AD1 IPMHPort (Source)
AD2 IPMH IP(Destination)
AD2 IPMH Port(Destination)
SCTP AD1 IPMHManagementIP.
Ephemeral AD2 IPMHManagementIP.
7009(wms_app_ipmh.ipmh_peer_port)
AD1 IPMHto AD2 IPMHInterface
IPMH of AD1 should be connected to IPMH of all other AD chassis (active andbackup) - except AD1’s own backup AD.
SCTP: Assuming AD1 wms_app_ipmh.ipmh_peer_port is less than that on AD2 (thismakes AD1 IPMH the client and AD2 IPMH the server).
Table 1-18 AD2 IPMH to AD1 IPMH Interface
Protocol AD2 IPMH IP(Source)
AD2 IPMH Port(Source)
AD1 IPMH IP(Destination)
AD1 IPMH Port(Destination)
SCTP AD2 IPMHManagementIP.
7009(wms_app_ipmh.ipmh_peer_port)
AD1 IPMHManagementIP.
EphemeralAD2 IPMHto AD1 IPMHInterface
68P09287A58-A 1-11
JUL 2007
Multi AD interface Chapter 1: Handset, CS, AD, and Web server interface rules
Table 1-19 NMS Sync
ProtocolPrimary ADNMHOST IP(Source)
Primary ADNMHOST Port(Source)
AD1 /CS1NMHOST IP(Destination)
AD1/CS1NMHOST port(Destination)
AD1 NMHOSTto Primary ADNMHOST
SCP Primary ADNMH PrimaryIP.
Any(Ephemeral).
AD/CS NMHPrimary IP.
22
1-12 68P09287A58-A
JUL 2007
PoC Firewall Rules Network to Network Interface
Network to Network Interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
SIP Trafc
Table 1-20 CS IPMH IP to NNI IP
Protocol CS IPMH IP (Source) CS IPMH Port(Source)
NNI IP List(Destination)
NNI IP Port(Destination)
UDP SIP Mobile IP at CSIPMH.
5060 SIP Core IP Any (5060 &Ephemeral).
CS IPMH IP toNNI IP
TCP SIP Mobile IP at CSIPMH.
Any (5060 &Ephemeral).
SIP Core IP Any (5060 &Ephemeral).
Table 1-21 NNI IP to CS IPMH IP interface
Protocol NNI IP List(Destination)
NNI IP Port(Destination) CS IPMH IP(Source)
CS IPMHPort(Source)
UDP SIP Core IP Any (5060 &Ephemeral).
SIP Mobile IP at CSIPMH.
5060NNI IP to CSIPMH IP
TCP SIP Core IP Any (5060 &Ephemeral).
SIP Mobile IP at CSIPMH.
Any(5060 &Ephemeral).
Media trafc
<X, Y> is range of ports open on the NNI Server for media.
68P09287A58-A 1-13
JUL 2007
Network to Network Interface Chapter 1: Handset, CS, AD, and Web server interface rules
Participating Server is in Media Path
Table 1-22 CS MRS to NNI Media
Protocol CS MRS IP(Source)
CS MRS IP(Port)
NNI Media IP(Destination)
NNI MediaPosrt(Destination)
UDP(RTP/RTCP)
List all MRPIP’s.
2300 through5899
NNI MRP IPlist.
<X, Y>ParticipatingServer inMedia Path
UDP(RTP/RTCP)
NNI MRP IPlist.
<X, Y> List all MRPIP’s.
2300through5899.
Participating Server not in Media Path
Table 1-23 CS MRS to NNI Handsets
Protocol CS MRSIP(Source)
CS MRS Port(Source)
NNI Handset IP(Destination)
NNI HandsetPort(Destination
UDP(RTP/RTCP)
List all MRPIP’s.
2300through5899
Handset privateIP addresses.
EphemeralParticipatingServer not inMedia Path
UDP(RTP/RTCP)
Handsetprivate IPaddresses.
Ephemeral List all MRPIP’s.
2300through5899
1-14 68P09287A58-A
JUL 2007
PoC Firewall Rules IMS to PoC Application Server Interface
IMS to PoC Application Server Interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
IMS to PoC CS
This section deals with rules for SIP messages for the PoC service.
Table 1-24 IMS to PoC CS
Protocol Source IP Source Port Destination IP DestinationPort
SIP/TCP SIP IP Core Any(Ephemeral).
CS IPMHMobile IP.
any (5060 &Ephemeral).
IMS to CSSIP/UDP SIP IP Core Any
(Ephemeral).CS IPMHMobile IP.
5060
Table 1-25 PoC CS to IMS
Protocol Source IP Source Port Destination IP DestinationPort
SIP/TCP CS IPMH MobileIP.
Any(Ephemeral).
SIP IP Core ofIMS.
Any(Ephemeral).
CS to IMSSIP/UDP CS IPMH Mobile
IP.5060 SIP IP Core of
IMS.Any(Ephemeral).
IMS to PoC AD
This section deals with rules for SIP messages for the Presence service.
68P09287A58-A 1-15
JUL 2007
IMS to PoC Application Server Interface Chapter 1: Handset, CS, AD, and Web server interface rules
Table 1-26 IMS to PoC AD
Protocol Source IP Source Port Destination IP DestinationPort
SIP/TCP SIP IP Core Any(Ephemeral).
AD IPMHMobile IP.
any (5060 &Ephemeral).
IMS to ADSIP/UDP SIP IP Core Any
(Ephemeral).AD IPMHMobile IP.
5060
Table 1-27 PoC AD to IMS
Protocol Source IP Source Port Destination IP DestinationPort
SIP/TCP AD IPMHMobile IP.
Any(Ephemeral).
SIP IP Core ofIMS.
Any(Ephemeral).
AD to IMSSIP/UDP AD IPMH
Mobile IP.5060 SIP IP Core of
IMS.Any(Ephemeral).
1-16 68P09287A58-A
JUL 2007
PoC Firewall Rules HS to XDMS interface
HS to XDMS interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
Table 1-28 HS to XDMS
Protocol Source IP Source Port Destination IP DestinationPort
HS to XDMS HTTP/TCP HandsetPrivate IP
Ephemeral Web server IP 80
For TLS, port is 443.
Table 1-29 XDMS to HS
Protocol Source IP Source Port Destination IP DestinationPort
XDMS to HS HTTP/TCP Web server IP 80 HandsetPrivate IP
Ephemeral
68P09287A58-A 1-17
JUL 2007
CS to CS (IPMH Sigcomp) Chapter 1: Handset, CS, AD, and Web server interface rules
CS to CS (IPMH Sigcomp)■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
Table 1-30 OCS to TCS
Protocol Source IP (OCS) SourcePort
Destination IP(TCS)
DestinationPort
SIP/TCP OCS IPMHMobile IP andOCS IPMHManagement IP.
Any TCS IPMHMobile IP andTCS IPMHManagementIP.
Any
OCS to TCSSIP/UDP OCS IPMH
Mobile IP andOCS IPMHManagement IP.
5060 TCS IPMHMobile IPand TCSManagementIP.
5060
Table 1-31 TCS to OCS
Protocol Source IP (TCS) SourcePort
Destination IP(OCS)
DestinationPort
SIP/TCP TCS IPMH MobileIP and TCS IPMHManagement IP.
Any OCS IPMHMobile IP andOCS IPMHManagementIP.
Any
TCS to OCSSIP/UDP TCS IPMH Mobile
IP and TCSManagement IP.
5060 OCS IPMHMobile IP andOCS IPMHManagementIP.
5060
1-18 68P09287A58-A
JUL 2007
PoC Firewall Rules CS to GAMA
CS to GAMA■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
Table 1-32 CS to Diameter server
Protocol Source IP Source Port Destination IP DestinationPort
CS toDiameter
TCP IPMH IP(ext_ipaddr fromwms_ipmh_ext_ipaddrwhereuse_ip_for_gama_connectionis true).
Ephemeral Diameterserver IP.
Configurable
Table 1-33 Diameter server to CS
Protocol Source IP Source Port Destination IP DestinationPort
Diameter toCS
TCP Diameterserver IP.
Configurable IPMH IP(ext_ipaddr fromwms_ipmh_ext_ipaddrwhereuse_ip_for_gama_connectionis true.
Ephemeral
68P09287A58-A 1-19
JUL 2007
DNS to CS/AD/PM Server Chapter 1: Handset, CS, AD, and Web server interface rules
DNS to CS/AD/PM Server■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
■
■
Table 1-34 DNS server to CS/AD/PM server
Protocol Source IP Source Port Destination IP DestinationPort
UDP CS IPMHMobile IP,CS IPMHManagementIP, AD &PrepaidMediationServerNMHostFloating IP.
Ephemeral DNS ServerIP
53
DNS Server- CS/AD (CSuses it for NNI,AD uses DNSfor autoprov)
TCP CS IPMHMobile IP,CS IPMHManagementIP, AD &PrepaidMediationServerNMHostFloating IP.
Ephemeral DNS ServerIP
53
Table 1-35 DNS server to AD/CS/PM server
Protocol Source IP Source Port Destination IP DestinationPort
UDP DNS serverIP
Ephemeral(including53).
CS IPMH MobileIP, CS IPMHManagement IP,AD & PrepaidMediationServer NMHostFloating IP.
Ephemeral
DNS server toAD/CS TCP DNS server
IPEphemeral CS IPMH Mobile
IP, CS IPMHManagement IP,AD & PrepaidMediationServer NMHostFloating IP.
Ephemeral
1-20 68P09287A58-A
JUL 2007
Appendix
A
Acronyms and Abbreviations
AD Active Directory
API Application Programming Interface
CS Control Switch
DNS Domain Name Service
EMS Element Management Server
GAMA Global Application Management Architecture
GUI Graphical User Interface
HS Hand Set
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure
IMS IP Multimedia Subsystem
IPMH IP Message Handler
MO Managed Object
MRP Media Resource Platform
MRS Media Resource Server
MTAS Mobile Telephony API Service
NMS Network Management System
NNI Network to Network Interface
NTP Network Time Protocol
OCS Originating Control Switch
PoC Push-to-talk Over Cellular
PM Provisioning Module
RTCP Real Time Control Protocol
RTP Real Time Protocol
SCTP Stream Control Transmission Protocol
SIP Session Initiation Protocol
SNMP Simple Network Management Protocol
SPDB Subscriber and Presence Database
SSH Secure Shell
TCP Transfer Control Protocol
TCS Termination Control Switch
TL1 Transaction Language Console
68P09287A58-A A-1
JUL 2007
DNS to CS/AD/PM Server Appendix A: Acronyms and Abbreviations
TLS Transparent LAN service
UDP User Datagram Protocol
WS Web Server
XDMS XML Document Management Servers
XML Extended Markup Language
A-1 68P09287A58-A
JUL 2007
Technical Information
POC FIREWALL RULES
POC
SOFTWARE RELEASE 6.1.X.X
ROW, US/HONG KONG
ENGLISH JUL 2007 68P09287A58-A
PO
C FIR
EW
ALL R
ULE
S
SOFTW
AR
E RELEA
SE 6.1.X.X
RO
W, U
S/HO
NG
KO
NG
ENGLISHJUL 2007
68P09287A58-A
POC
Standard Printing Instructions
Part Number 68P09287A58-A
Manual Title PoC Firewall Rules
Date JUL 2007
CSD/CND (US)
Binder • 3 Slant D-ring binder - letter size (11.75 in x 11.5 in) white PVC.
• Capacity depends on size of document. (no larger than 3 in).
• Clear pockets on front and spine.
Printing • Cover / spine text overprinted onto Motorola cover stock.
• Body- printed double sided onto white letter size (8.5 in x 11 in) 70 lb.
Finishing • Shrink wrap contents.