Firewall Rules 68p09287a58

PoC Firewall Rules

68P09287A58-A JUL 2007© 2007 Motorola, Inc. All Rights Reserved

Accuracy

While reasonable efforts have been made to assure the accuracy of this document, Motorola, Inc. assumes noliability resulting from any inaccuracies or omissions in this document, or from use of the information obtainedherein. Motorola, Inc. reserves the right to make changes to any products described herein to improve reliability,function, or design, and reserves the right to revise this document and to make changes from time to time in contenthereof with no obligation to notify any person of revisions or changes. Motorola, Inc. does not assume any liabilityarising out of the application or use of any product, software, or circuit described herein; neither does it conveylicense under its patent rights or the rights of others. It is possible that this publication may contain references to, orinformation about Motorola products (machines and programs), programming, or services that are not announcedin your country. Such references or information must not be construed to mean that Motorola intends to announcesuch Motorola products, programming, or services in your country.

Copyrights

This document, Motorola products, and 3rd Party Software products described in this document may includeor describe copyrighted Motorola and other 3rd Party supplied computer programs stored in semiconductormemories or other media. Laws in the United States and other countries preserve for Motorola, its licensors, andother 3rd Party supplied software certain exclusive rights for copyrighted material, including the exclusive rightto copy, reproduce in any form, distribute and make derivative works of the copyrighted material. Accordingly,any copyrighted material of Motorola, its licensors, or the 3rd Party software supplied material contained in theMotorola products described in this document may not be copied, reproduced, reverse engineered, distributed,merged or modified in any manner without the express written permission of Motorola. Furthermore, the purchaseof Motorola products shall not be deemed to grant either directly or by implication, estoppel, or otherwise, anylicense under the copyrights, patents or patent applications of Motorola or other 3rd Party supplied software,except for the normal non-exclusive, royalty free license to use that arises by operation of law in the sale of aproduct.

A list of 3rd Party supplied software copyrights are contained in the Supplemental information section of thisdocument.

Restrictions

Software and documentation are copyrighted materials. Making unauthorized copies is prohibited by law. No partof the software or documentation may be reproduced, transmitted, transcribed, stored in a retrieval system, ortranslated into any language or computer language, in any form or by any means, without prior written permissionof Motorola, Inc.

License Agreements

The software described in this document is the property of Motorola, Inc and its licensors. It is furnished by expresslicense agreement only and may be used only in accordance with the terms of such an agreement.

High Risk Materials

Components, units, or 3rd Party products used in the product described herein are NOT fault-tolerant and are NOTdesigned, manufactured, or intended for use as on-line control equipment in the following hazardous environmentsrequiring fail-safe controls: the operation of Nuclear Facilities, Aircraft Navigation or Aircraft CommunicationSystems, Air Traffic Control, Life Support, or Weapons Systems (High Risk Activities). Motorola and its supplier(s)specifically disclaim any expressed or implied warranty of fitness for such High Risk Activities.

Trademarks

Motorola and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or servicenames are the property of their respective owners.

The CE mark confirms Motorola, Inc. statement of compliance with EU directives applicable to this product. Copiesof the Declaration of Compliance and installation information in accordance with the requirements of EN50385 canbe obtained from the local Motorola representative or by contacting the Customer Network Resolution Center(CNRC). The 24 hour telephone numbers are listed at https://mynetworksupport.motorola.com. Select CustomerNetwork Resolution Center contact information. Alternatively if you do not have access to CNRC or theinternet, contact the Local Motorola Office.

JUL 2007

Tableof

Contents

Contents■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

■

■

PoC Firewall RulesRevision history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Version information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2General information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Cross references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Text conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Contacting Motorola . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Questions and comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524 hour support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Security Advice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Warnings and cautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Failure to comply with warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Warnings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Cautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

General Safety . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Ground the equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Do not operate in an explosive atmosphere . . . . . . . . . . . . . . . . . . . . . . . . . 9Keep away from live circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Do not service or adjust alone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Use caution when exposing or handling the CRT. . . . . . . . . . . . . . . . . . . . . . . 10Do not substitute parts or modify equipment . . . . . . . . . . . . . . . . . . . . . . . . 10Potentially hazardous procedure warnings. . . . . . . . . . . . . . . . . . . . . . . . . . 10

Devices sensitive to static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Special handling techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Caring for the environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Disposal of Motorola Networks equipment in EU countries . . . . . . . . . . . . . . . . . 12Disposal of Motorola Networks equipment in non-EU countries . . . . . . . . . . . . . . . 12

Motorola document set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Ordering documents and CD-ROMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Document banner definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Third Party Computer Software and Trademarks . . . . . . . . . . . . . . . . . . . . . . . . 14Computer Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Chapter 1: Handset, CS, AD, and Web server interface rulesCS and handset interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2CS and AD interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3Web server and AD interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4CS to Prepaid Mediation Server Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

68P09287A58-A i

JUL 2007

Contents

OAMP Traffic (NMHOST) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7Multi AD interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11Network to Network Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13

SIP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13Media traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13

IMS to PoC Application Server Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15IMS to PoC CS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15IMS to PoC AD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15

HS to XDMS interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17CS to CS (IPMH Sigcomp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18CS to GAMA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-19DNS to CS/AD/PM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20

Appendix A: Acronyms and Abbreviations

ii 68P09287A58-A

JUL 2007

Listof

Tables

List of Tables■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

■

■

Table 1-1: CS to handset interface rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2Table 1-2: CS to AD interface rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3Table 1-3: Web server to AD interface rules . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4Table 1-4: CS to Prepaid Mediation Server Interface Rules . . . . . . . . . . . . . . . . . . . 1-5Table 1-5: CS to Prepaid Mediation Server Interface Rules continued . . . . . . . . . . . . . . 1-6Table 1-6: Web Browser to CS/AD server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7Table 1-7: Subscriber or enterprise admin Web server to AD . . . . . . . . . . . . . . . . . . 1-7Table 1-8: MTAS client to MTAS interface on the AD. . . . . . . . . . . . . . . . . . . . . . . 1-7Table 1-9: Operator SNMP manager and the SNMP interface of AD/CS/Web Server . . . . . . 1-8Table 1-10: Operator’s SNMP Manager and the SNMP interface of AD/CS/ WebServer. . . . . . 1-8Table 1-11: FTP / SFTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8Table 1-12: Telnet / SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9Table 1-13: SMTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9Table 1-14: NTP Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9Table 1-15: NMS Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10Table 1-16: XML API to Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10Table 1-17: AD1 IPMH to AD2 IPMH Interface. . . . . . . . . . . . . . . . . . . . . . . . . . 1-11Table 1-18: AD2 IPMH to AD1 IPMH Interface. . . . . . . . . . . . . . . . . . . . . . . . . . 1-11Table 1-19: NMS Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12Table 1-20: CS IPMH IP to NNI IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13Table 1-21: NNI IP to CS IPMH IP interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13Table 1-22: CS MRS to NNI Media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14Table 1-23: CS MRS to NNI Handsets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14Table 1-24: IMS to PoC CS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15Table 1-25: PoC CS to IMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15Table 1-26: IMS to PoC AD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16Table 1-27: PoC AD to IMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16Table 1-28: HS to XDMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17Table 1-29: XDMS to HS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17Table 1-30: OCS to TCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18Table 1-31: TCS to OCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18Table 1-32: CS to Diameter server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-19Table 1-33: Diameter server to CS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-19Table 1-34: DNS server to CS/AD/PM server . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20Table 1-35: DNS server to AD/CS/PM server . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20

68P09287A58-A iii

JUL 2007

List of Tables

iv 68P09287A58-A

JUL 2007

AboutThisManual

PoC Firewall Rules■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

■

■

This document covers the Motorola PoC IP network and provides guidance for the field engineer,who implements the IP interface between the CS, AD and the customer network.

68P09287A58-A 1

JUL 2007

Revision history

Revision history■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

The following shows the status of this document since it was released.

Version information

Document issue Date of issue Remarks

A JUL 2007 Initial Release

2 68P09287A58-A

JUL 2007

General information

General information■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

Motorola disclaims all liability whatsoever, implied or express, for any risk of damage,loss or reduction in system performance arising directly or indirectly out of thefailure of the customer, or anyone acting on the customers behalf, to abide by theinstructions, system parameters or recommendations made in this document.

Purpose

Motorola cellular communications documents are intended to instruct and assist personnel inthe operation, installation and maintenance of the Motorola cellular infrastructure equipmentand ancillary devices. It is recommended that all personnel engaged in such activities beproperly trained by Motorola.

Failure to comply with Motorola’s operation, installation and maintenance instructionsmay, in exceptional circumstances, lead to serious injury or death.

These documents are not intended to replace the system and equipment training offered byMotorola, although they can be used to supplement and enhance the knowledge gained throughsuch training.

Cross references

Throughout this document, references are made to external publications, chapter numbersand section names. The references to external publications are shown in italics. Chapter andsection name cross references are emphasized in blue text in electronic versions. These areactive links to the references.

This document is divided into uniquely identified and numbered chapters that, in turn, aredivided into sections. Sections are not numbered, but are individually named at the top of eachpage, and are listed in the table of contents.

Text conventions

The following conventions are used in the Motorola cellular infrastructure documents torepresent keyboard input text, screen output text and special key sequences.

68P09287A58-A 3

JUL 2007

General information

Input

Characters typed in at the keyboard are shown like this.

Output

Messages, prompts, file listings, directories, utilities, and environmental

variables that appear on the screen are shown like this.

Special key sequences

Special key sequences are represented as follows:

CTRL-c Press the Control and c keys at the same time.

ALT-f Press the Alt and f keys at the same time.

¦ Press the pipe symbol key.

CR or RETURN Press the Return key.

4 68P09287A58-A

JUL 2007

Contacting Motorola

Contacting Motorola■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

Motorola appreciates feedback from the users of our documents.

Errors

To report a documentation error, call the CNRC (Customer Network Resolution Center) andprovide the following information to enable CNRC to open an SR (Service Request):

• The document type

• The document title, part number, and revision character

• The page number(s) with the error

• A detailed description of the error and if possible the proposed solution

Questions and comments

Send questions and comments regarding user documentation to the email address below:[email protected]

24 hour support

If you have problems regarding the operation of your equipment, please contact the CustomerNetwork Resolution Center (CNRC) for immediate assistance. The 24 hour telephone numbersare listed at https://mynetworksupport.motorola.com. Select Customer Network ResolutionCenter contact information. For additional CNRC contact information, contact your Motorolaaccount representative.

68P09287A58-A 5

JUL 2007

Security Advice

Security Advice■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

Motorola systems and equipment provide configurable security parameters to be set by theoperator based on their particular operating environment. Motorola recommends setting andusing these parameters following industry recognized security practices. Security aspectsto be considered are protecting the confidentiality, integrity, and availability of informationand assets. Assets include the ability to communicate, information about the nature of thecommunications, and information about the parties involved.

In certain instances Motorola makes specific recommendations regarding security practices,however the implementation of these recommendations and final responsibility for the securityof the system lies with the operator of the system.

Please contact the Customer Network Resolution Center (CNRC) for assistance. The 24 hourtelephone numbers are listed at https://mynetworksupport.motorola.com/. Select CustomerNetwork Resolution Center contact information, from the menu located to the left of theLogin box. Alternatively if you do not have access to CNRC or the internet, contact the LocalMotorola Office.

6 68P09287A58-A

JUL 2007

Warnings and cautions

Warnings and cautions■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

The following describes how warnings and cautions are used in this document and in alldocuments of this Motorola document set.

Failure to comply with warnings

Observe all warnings during all phases of operation, installation and maintenance of theequipment described in the Motorola documents. Failure to comply with these warnings,or with specific warnings elsewhere in the Motorola documents, or on the equipmentitself, violates safety standards of design, manufacture and intended use of theequipment. Motorola assumes no liability for the customer’s failure to comply withthese requirements.

Warnings

A definition and example follow below:

Denition of Warning

A warning is used to alert the reader to possible hazards that could cause loss of life, physicalinjury, or ill health. This includes hazards introduced during maintenance, for example, the useof adhesives and solvents, as well as those inherent in the equipment.

Example and format

Do not look directly into ber optic cables or data in/out connectors. Laser radiationcan come from either the data in/out connectors or unterminated ber optic cablesconnected to data in/out connectors.

Cautions


Denition of Caution

A caution means that there is a possibility of damage to systems, software or individual items ofequipment within a system. However, this presents no danger to personnel.

68P09287A58-A 7

JUL 2007

Warnings and cautions

Example and format

Do not use test equipment that is beyond its due calibration date; arrange forcalibration to be carried out.

Notes


Denition of Note

A note means that there is a possibility of an undesirable situation or provides additionalinformation to help the reader understand a topic or concept.

Example and format

The UDR version number is configured at installation time by Motorola personneland is not accessible by the customer.

8 68P09287A58-A

JUL 2007

General Safety

General Safety■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

Ground the equipment

To minimize shock hazard, the equipment chassis and enclosure must be connected to anelectrical ground. If the equipment is supplied with a three-conductor ac power cable, thepower cable must be either plugged into an approved three-contact electrical outlet or usedwith a three-contact to two-contact adapter. The three-contact to two-contact adapter musthave the grounding wire (green) firmly connected to an electrical ground (safety ground) atthe power outlet. The power jack and mating plug of the power cable must meet InternationalElectrotechnical Commission (IEC) safety standards.

Refer to Grounding Guideline for Cellular Radio Installations – 68P81150E62.

Do not operate in an explosive atmosphere

Do not operate the equipment in the presence of flammable gases or fumes. Operation of anyelectrical equipment in such an environment constitutes a definite safety hazard.

Keep away from live circuits

Operating personnel must:

• not remove equipment covers. Only Factory Authorized Service Personnel or otherqualified maintenance personnel may remove equipment covers for internal subassembly,or component replacement, or any internal adjustment.

• not replace components with power cable connected. Under certain conditions, dangerousvoltages may exist even with the power cable removed.

• always disconnect power and discharge circuits before touching them.

Do not service or adjust alone

Do not attempt internal service or adjustment, unless another person, capable of rendering firstaid and resuscitation, is present.

68P09287A58-A 9

JUL 2007

General Safety

Use caution when exposing or handling the CRT

Breakage of the Cathode–Ray Tube (CRT) causes a high-velocity scattering of glass fragments(implosion). To prevent CRT implosion, avoid rough handling or jarring of the equipment. Onlyqualified maintenance personnel wearing approved safety mask and gloves should handle theCRT.

Do not substitute parts or modify equipment

Because of the danger of introducing additional hazards, do not install substitute parts orperform any unauthorized modification of equipment. Contact Motorola Warranty and Repairfor service and repair to ensure that safety features are maintained.

Potentially hazardous procedure warnings

Warnings, such as the example below, precede potentially hazardous procedures throughoutthis document. Instructions contained in the warnings must be followed. Employ all other safetyprecautions necessary for the operation of the equipment in the operating environment.

Potentially hazardous voltages, capable of causing death, are present in thisequipment. Use extreme caution when handling, testing, and adjusting.

10 68P09287A58-A

JUL 2007

Devices sensitive to static

Devices sensitive to static■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

Certain metal oxide semiconductor (MOS) devices embody in their design a thin layer ofinsulation that is susceptible to damage from electrostatic charge. Such a charge applied to theleads of the device could cause irreparable damage.

These charges can be built up on nylon overalls, by friction, by pushing the hands into highinsulation packing material or by use of ungrounded soldering irons.

MOS devices are normally dispatched from the manufacturers with the leads short-circuitedtogether, for example, by metal foil eyelets, wire strapping, or by inserting the leads intoconductive plastic foam. Provided the leads are short-circuited it is safe to handle the device.

Special handling techniques

In the event of one of these devices having to be replaced, observe the following precautionswhen handling the replacement:

• Always wear a ground strap which must be connected to the electrostatic point on theequipment.

• Leave the short circuit on the leads until the last moment. It may be necessary to replacethe conductive foam by a piece of wire to enable the device to be fitted.

• Do not wear outer clothing made of nylon or similar man made material. A cotton overallis preferable.

• If possible work on an grounded metal surface or anti-static mat. Wipe insulated plasticwork surfaces with an anti-static cloth before starting the operation.

• All metal tools should be used and when not in use they should be placed on an groundedsurface.

• Take care when removing components connected to electrostatic sensitive devices. Thesecomponents may be providing protection to the device.

When mounted onto printed circuit boards (PCBs), MOS devices are normally less susceptible toelectrostatic damage. However PCBs should be handled with care, preferably by their edgesand not by their tracks and pins, they should be transferred directly from their packing to theequipment (or the other way around) and never left exposed on the workbench.

68P09287A58-A 11

JUL 2007

Caring for the environment

Caring for the environment■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

The following information is provided to enable regulatory compliance with the European Union(EU) Directive 2002/96/EC Waste Electrical and Electronic Equipment (WEEE) when usingMotorola Networks equipment in EU countries.

Disposal of Motorola Networks equipment in EU countries

Please do not dispose of Motorola Networks equipment in landfill sites.

In the EU, Motorola Networks in conjunction with a recycling partner will ensure that equipmentis collected and recycled according to the requirements of EU environmental law.

Please contact the Customer Network Resolution Center (CNRC) for assistance. The 24 hourtelephone numbers are listed at https://mynetworksupport.motorola.com/. Select CustomerNetwork Resolution Center contact information. Alternatively if you do not have accessto CNRC or the internet, contact the Local Motorola Office.

Disposal of Motorola Networks equipment in non-EU countries

In non-EU countries, dispose of Motorola Networks equipment in accordance with nationaland regional regulations.

12 68P09287A58-A

JUL 2007

Motorola document set

Motorola document set■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

The Motorola document sets provide the information needed to operate, install, and maintainthe Motorola equipment.

Ordering documents and CD-ROMs

With internet access available, to view, download, or order documents (original or revised), visitthe Motorola Lifecycles Customer web page at https://mynetworksupport.motorola.com/, orcontact your Motorola account representative.

Without internet access available, order hard copy documents or CD-ROMs with your MotorolaLocal Office or Representative.

If Motorola changes the content of a document after the original printing date, Motorolapublishes a new version with the same part number but a different revision character.

Document banner denitions

A banner (oversized text on the bottom of the page, for example, PRELIMINARY — UNDERDEVELOPMENT) indicates that some information contained in the document is not yet approvedfor general customer use.

68P09287A58-A 13

JUL 2007

Third Party Computer Software and Trademarks

Third Party Computer Software and Trademarks■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

Computer Software

The Motorola and 3rd Party supplied Software (SW) products described in this instructiondocument may include copyrighted Motorola and other 3rd Party supplied computer programsstored in semiconductor memories or other media. Laws in the United States and othercountries preserve for Motorola and other 3rd Party supplied SW certain exclusive rights forcopyrighted computer programs, including the exclusive right to copy or reproduce in anyform the copyrighted computer program. Accordingly, any copyrighted Motorola or other 3rdParty supplied SW computer programs contained in the Motorola products described in thisinstruction document may not be copied (reverse engineered) or reproduced in any mannerwithout the express written permission of Motorola or the 3rd Party SW supplier. Furthermore,the purchase of Motorola products shall not be deemed to grant either directly or by implication,estoppel, or otherwise, any license under the copyrights, patents or patent applications ofMotorola or other 3rd Party supplied SW, except for the normal non-exclusive, royalty freelicense to use that arises by operation of law in the sale of a product.

Vendor Copyright

Apache Software Foundation Copyright 2001, 2002, 2003, 2004 , 2004 AllRights Reserved

Artesyn Copyright All Rights Reserved

CMU * Copyright All Rights Reserved

Free Software Foundation * Copyright 2000 All Rights Reserved

Freeware Tools / Utilities * Copyright All Rights Reserved

GNOME Project * Copyright 2004 All Rights Reserved

iodbc.org * Copyright 2002 All Rights Reserved

Megastep * Copyright 2002 All Rights Reserved

NIST * Copyright 2002 All Rights Reserved

openBSD * Copyright 2006 All Rights Reserved

openSSL * Copyright 2006 All Rights Reserved

Performance Technologies Copyright All Rights Reserved

Postgres * Copyright 2005 All Rights Reserved

Sun Microsystems Inc. * Copyright 2002 All Rights Reserved

Telelogic Copyright All Rights Reserved

QNX * Copyright All Rights Reserved

*= May contain purchased SW and Open Source SW/Freeware which may be subject to alicense fee.

14 68P09287A58-A

JUL 2007


Trademarks

Java™ Technology and/or J2ME™: Java and all other Java-based marks are trademarks orregistered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.

UNIX®: UNIX is a registered trademark of The Open Group in the United States and othercountries.

68P09287A58-A 15

JUL 2007


16 68P09287A58-A

JUL 2007

Chapter

1

Handset, CS, AD, and Web server interfacerules■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

■

■

The Motorola Site Engineer and Account Team Representatives must work with the PoCApplication Engineering group to obtain appropriate PoC system firewall and port assignmentinformation.

68P09287A58-A 1-1

JUL 2007

CS and handset interface Chapter 1: Handset, CS, AD, and Web server interface rules

CS and handset interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

TCP is required for OMA POC handsets. It is not needed for MPTT handsets.

Port range varies from 2300 to 2899 for software MRS and 2300 to 5899 for IXP MRS.

Table 1-1 CS to handset interface rules

Protocol Handset IP(Source)

Handset Port(Source)

Server IP(Destination)

Server Port(Destination)

UDP HandsetPrivate IP

Any(Ephemeral).

CS IPMHMobile IP.

5060

Handset to CSIPMH Interface TCP Handset

Private IPAny(Ephemeral).

CS IPMHMobile IP.

Any (5060 &Ephemeral).

Protocol Server IP(Source)

Server Port(Source)

Handset IP(Destination)

Handset Port(Destination)

UDP CS IPMHMobile IP.

5060 HandsetPrivate IP.

Any(Ephemeral).

CS IPMHto HandsetInterface

TCP CS IPMHMobile IP.


HandsetPrivate IP.

Any(Ephemeral).

Protocol Server IP(Source)

Server Port(Source)

Handset IP(Destination)

Handset Port(Destination)

CS MRSto HandsetInterface

UDP(RTP/RTCP)

List allMRPfloatingIP’s.

2300 through5899.

HandsetPrivate IP.

Any(Ephemeral).

Protocol Handset IP(Source)

Handset Port(Source)


Server Port(Destination)Handset to CS

MRS Interface UDP(RTP/RTCP)

HandsetPrivate IP.

Any(Ephemeral).

List all MRPfloating IP’s.

2300 through5899.

1-2 68P09287A58-A

JUL 2007

PoC Firewall Rules CS and AD interface

CS and AD interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

UDP: Only for Integrated IMS deployments.

TCP: Only for Integrated IMS deployments.

Table 1-2 CS to AD interface rules

Protocol CS IPMH IP(Source) CS IPMH (Source) AD IPMH IP

(Destination)AD IPMH(Destination)

UDP CS IPMHManagementIP.

5060 AD IPMHManagementIP.

5060

TCP CS IPMHManagementIP.


AD IPMHManagementIP.


CS IPMH to ADIPMH Interface

SCTP CS IPMHManagementIP.

Ephemeral AD IPMHManagementIP.

7008(wms_app_ipmh.ipmh_peer_port)

Protocol AD IPMH IP(Source)

AD IPMH(Source)

CS IPMH IP(Destination)

CS IPMH(Destination)

UDP AD IPMHManagementIP.

5060 CS IPMHManagementIP.

5060

TCP AD IPMHManagementIP.


CS IPMHManagementIP.


AD IPMH to CSIPMH Interface

SCTP AD IPMHManagementIP.



Ephemeral

68P09287A58-A 1-3

JUL 2007

Web server and AD interface Chapter 1: Handset, CS, AD, and Web server interface rules

Web server and AD interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

Table 1-3 Web server to AD interface rules

ProtocolWebserver IP(Source)

Webserver(Source)

AD NMHost IP(Destination)

AD NMHost(Destination)

Webserver to ADNMHost Interface

TCP WebserverManagementIP.

Any(Ephemeral).

AD NMHostManagementIP.

• ProvAdapter(6828)

• MtasAdapter(6827)

• TL1 (2362)

• MoServer(5999)

Protocol AD NMHostIP (Source)

AD NMHost(Source)

Webserver IP(Destination)

Webserver(Destination)

AD NMHostto WebserverInterface

TCP AD NMHostManagementIP.

• ProvAdapter(6828)

• MtasAdapter(6827

• TL1 (2362)

• MoServer(5999)

WebserverManagementIP.

Any (Ephemeral).

1-4 68P09287A58-A

JUL 2007

PoC Firewall Rules CS to Prepaid Mediation Server Interface

CS to Prepaid Mediation Server Interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

The prepaid mediation server NMHOST IP is configurable and port is not always 7009.

TCP: PM Server1 is active and PM Server2 is backup. Active is a TCP server andBackup is a TCP client.

Table 1-4 CS to Prepaid Mediation Server Interface Rules

Protocol CS IPMH IP(Source)

CS IPMH Port(Source)

PrepaidMediationServerNMHOST IP(Destination)

PrepaidMediation ServerNMHOST Port(Destination)

CS IPMHto PrepaidMediationServer NMHOSTFor diametermessages.

TCP CS IPMHManagementIP.

Ephemeral PrepaidMediatorNMHOST IP.

7009 (port inwms_remotesp.remote_id)

Protocol PrepaidMediationServerNMHOST IP(Source)

PrepaidMediationServerNMHOST Port(Source)

CS IPMH IP(Destination)

CS IPMH Port(Destination)

PrepaidMediationServer NMHOSTto CS IPMHFordiametermessages.

TCP PrepaidMediatorNMHOSTIP.

7009 (port inwms_remotesp.remote_id)


Ephemeral

68P09287A58-A 1-5

JUL 2007

CS to Prepaid Mediation Server Interface Chapter 1: Handset, CS, AD, and Web server interface rules

Table 1-5 CS to Prepaid Mediation Server Interface Rules continued

Protocol PM Server1NMHOST IP(Source)

PM Server1NMHOST Port(Source)

PM Server2NMHOST IP(Destination)

PM Server2NMHOST Port(Destination)

PMServer1NMHost toPMServer2NMHost

TCP PM Server1NMHost IP

7010(wms_app_prepaid_mediator.peer_port)

PM Server2NMHost IP

Ephemeral

Protocol PM Server2NMHOST IP(Source)

PM Server2NMHOST Port(Source)

PM Server1NMHOST IP(Destination)

PM Server1NMHOST Port(Destination)

PM Server2NMHOST toPM Server1NMHOST

TCP PM Server2NMHOST IP.

Ephemeral PM Server1NMHOST IP.

7010(wms_app_prepaid_mediator.peer_port)

1-6 68P09287A58-A

JUL 2007

PoC Firewall Rules OAMP Trafc (NMHOST)

OAMP Trafc (NMHOST)■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

Table 1-6 Web Browser to CS/AD server

Protocol Browser IP(Source)

Browser Port(Source)



HTTP Any (WebBrowser IP).

Any(Ephemeral).

AD/CS NMHPrimary IP.

80This is to accessthe EMS GUIpage for theCS/AD. This canbe limited withinthe Operatorprivate network.

HTTPS Any (WebBrowser IP).

Any(Ephemeral).


443

Table 1-7 Subscriber or enterprise admin Web server to AD

Protocol Server IP(Destination)


Web server IP(Source)

Web serverPort (Source)

TCP AD NMHPrimary IP.

6828 Web server IP Any(Ephemeral).

Subscriberor enterpriseadmin Webserver to AD. TCP AD NMH

Primary IP.6827 Web server IP Any

(Ephemeral).

MTAS client is an application in operator network which provisions PoC subscribers to MTASinterface on the AD.

Table 1-8 MTAS client to MTAS interface on the AD.



MTAS client(Source) IP

MTAS clientPort (Source)

MTAS Client TCP AD NMHPrimary IP.

6827 MTAS Client IP. Any(Ephemeral).

68P09287A58-A 1-7

JUL 2007

OAMP Trafc (NMHOST) Chapter 1: Handset, CS, AD, and Web server interface rules

Table 1-9 is for the SNMP Manager to do SNMP GET/SET/GETNEXT kind of operations on thePoC Network elements like AD/CS/Web server.

Table 1-9 Operator SNMP manager and the SNMP interface of AD/CS/Web Server

ProtocolSNMPAgent IP(Destination)

SNMPAgent Port(Destination)

SNMP Manager(Source) IP

SNMP ManagerPort (Source)

SNMPGET/SET/GETNEXTOperations

UDP AD/CS NMHprimary IP orWeb serverIP.

161 Client PrivateIP.

Any(Ephemeral).

Table 1-10 is for the PoC Network elements like AD/CS/webserver to send SNMP traps.

Table 1-10 Operator’s SNMP Manager and the SNMP interface of AD/CS/ WebServer.

Protocol SNMP AgentIP (Source)

SNMP AgentPort (Source)

SNMP Manager(Destination) IP

SNMPManager Port(Destination)

PoC Networkelements likeAD/CS/WebServer to sendSNMP traps

UDP AD/CS NMHprimary IP, orWeb serverIP

162 List of IPsConfigured inthe AD/CS/Webserver.

List of PortsConfiguredin theAD/CS/Webserver.

Table 1-11 is for sync operations between the ADs or the primary AD and the other CS/ADs. Thisis also to access billing records and to bring in new software loads/patches for upgrades.

Table 1-11 FTP / SFTP.



Client IP(Source)

Client Port(Source)

FTP AD/CS NMHPrimary IP.

21 Any Any(Ephemeral).

Sync operationsbetween theADs or theprimary ADand the otherCS/ADs.

SFTP AD/CS NMHPrimary IP.


1-8 68P09287A58-A

JUL 2007

PoC Firewall Rules OAMP Trafc (NMHOST)

The following Table 1-12 is for terminal access to the PoC Network element - AD/CS/webserver.

Table 1-12 Telnet / SSH



Client (Source)IP

Client Port(Source)

TELNET AD/CS NMHPrimary IPPublic IPs ofNMHOST01andNMHOST02.


Terminalaccess to thePoC Networkelement -AD/CS/Webserver.

SSH AD/CS NMHprimary IPPublic IPs ofNMHOST01andNMHOST02.


The following Table 1-13 is to enable the AD and webserver to send out emails. AD send outemails for auto-provisioning feature and webserver for forgot password.

Table 1-13 SMTP

Protocol Client(Source) IP

Client Port(Source)



SMTP AD/PrepaidMS, NMHPrimary IP,Web serverIP.

Any(Ephemeral).

SMTP server IP. 25

The following Table 1-14 is to enable the PoC network elements to sync their time to thenetwork time server.

Table 1-14 NTP Sync

Protocol Client (Source)IP

Client Port(Source)



NTP Sync NTP AD/CS NMHPrimary IP,Web server IP,external IPs ofNMHOST01andNMHOST02on the AD/CS.

Any(Ephemeral)

Network timeserver IP.

123

68P09287A58-A 1-9

JUL 2007

OAMP Trafc (NMHOST) Chapter 1: Handset, CS, AD, and Web server interface rules

The following Table 1-15 is to enable the PoC network elements to sync their time to thenetwork time server.

Table 1-15 NMS Sync

Protocol Primary ADNMHOST IP(Source)

Primary ADNMHOSTPort(Source)

AD1 /CS1NMHOST IP(Destination)

AD1/CS1NMHOST port(Destination)

NMS Sync SCP Primary ADNMH PrimaryIP.

Any(Ephemeral).


22

Table 1-16 XML API to Web Server

Protocol XML API IP(Source)

XML API IPPort (Source)

Web server IP(Destination)

Web Server port(Destination)

HTTP Any Private IP Any(Ephemeral)

Web server IP 80

HTTPs Any Private IP Any(Ephemeral)

Web server IP 443

1-10 68P09287A58-A

JUL 2007

PoC Firewall Rules Multi AD interface

Multi AD interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

IPMH of AD1 should be connected to IPMH of all other AD chassis (active andbackup) - except AD1’s own backup AD.

SCTP: Assuming AD1 wms_app_ipmh.ipmh_peer_port is less than that on AD2 (thismakes AD1 IPMH the client and AD2 IPMH the server).

Table 1-17 AD1 IPMH to AD2 IPMH Interface

Protocol AD1 IPMH IP(Source)

AD1 IPMHPort (Source)

AD2 IPMH IP(Destination)

AD2 IPMH Port(Destination)

SCTP AD1 IPMHManagementIP.

Ephemeral AD2 IPMHManagementIP.


AD1 IPMHto AD2 IPMHInterface

IPMH of AD1 should be connected to IPMH of all other AD chassis (active andbackup) - except AD1’s own backup AD.

SCTP: Assuming AD1 wms_app_ipmh.ipmh_peer_port is less than that on AD2 (thismakes AD1 IPMH the client and AD2 IPMH the server).

Table 1-18 AD2 IPMH to AD1 IPMH Interface

Protocol AD2 IPMH IP(Source)

AD2 IPMH Port(Source)

AD1 IPMH IP(Destination)

AD1 IPMH Port(Destination)

SCTP AD2 IPMHManagementIP.


AD1 IPMHManagementIP.

EphemeralAD2 IPMHto AD1 IPMHInterface

68P09287A58-A 1-11

JUL 2007

Multi AD interface Chapter 1: Handset, CS, AD, and Web server interface rules

Table 1-19 NMS Sync

ProtocolPrimary ADNMHOST IP(Source)

Primary ADNMHOST Port(Source)

AD1 /CS1NMHOST IP(Destination)

AD1/CS1NMHOST port(Destination)

AD1 NMHOSTto Primary ADNMHOST

SCP Primary ADNMH PrimaryIP.

Any(Ephemeral).


22

1-12 68P09287A58-A

JUL 2007

PoC Firewall Rules Network to Network Interface

Network to Network Interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

SIP Trafc

Table 1-20 CS IPMH IP to NNI IP

Protocol CS IPMH IP (Source) CS IPMH Port(Source)

NNI IP List(Destination)

NNI IP Port(Destination)

UDP SIP Mobile IP at CSIPMH.

5060 SIP Core IP Any (5060 &Ephemeral).

CS IPMH IP toNNI IP

TCP SIP Mobile IP at CSIPMH.


SIP Core IP Any (5060 &Ephemeral).

Table 1-21 NNI IP to CS IPMH IP interface

Protocol NNI IP List(Destination)

NNI IP Port(Destination) CS IPMH IP(Source)

CS IPMHPort(Source)

UDP SIP Core IP Any (5060 &Ephemeral).

SIP Mobile IP at CSIPMH.

5060NNI IP to CSIPMH IP

TCP SIP Core IP Any (5060 &Ephemeral).

SIP Mobile IP at CSIPMH.

Any(5060 &Ephemeral).

Media trafc

<X, Y> is range of ports open on the NNI Server for media.

68P09287A58-A 1-13

JUL 2007

Network to Network Interface Chapter 1: Handset, CS, AD, and Web server interface rules

Participating Server is in Media Path

Table 1-22 CS MRS to NNI Media

Protocol CS MRS IP(Source)

CS MRS IP(Port)

NNI Media IP(Destination)

NNI MediaPosrt(Destination)

UDP(RTP/RTCP)

List all MRPIP’s.

2300 through5899

NNI MRP IPlist.

<X, Y>ParticipatingServer inMedia Path

UDP(RTP/RTCP)

NNI MRP IPlist.

<X, Y> List all MRPIP’s.

2300through5899.

Participating Server not in Media Path

Table 1-23 CS MRS to NNI Handsets

Protocol CS MRSIP(Source)

CS MRS Port(Source)

NNI Handset IP(Destination)

NNI HandsetPort(Destination

UDP(RTP/RTCP)

List all MRPIP’s.

2300through5899

Handset privateIP addresses.

EphemeralParticipatingServer not inMedia Path

UDP(RTP/RTCP)

Handsetprivate IPaddresses.

Ephemeral List all MRPIP’s.

2300through5899

1-14 68P09287A58-A

JUL 2007

PoC Firewall Rules IMS to PoC Application Server Interface

IMS to PoC Application Server Interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

IMS to PoC CS

This section deals with rules for SIP messages for the PoC service.

Table 1-24 IMS to PoC CS

Protocol Source IP Source Port Destination IP DestinationPort

SIP/TCP SIP IP Core Any(Ephemeral).

CS IPMHMobile IP.

any (5060 &Ephemeral).

IMS to CSSIP/UDP SIP IP Core Any

(Ephemeral).CS IPMHMobile IP.

5060

Table 1-25 PoC CS to IMS


SIP/TCP CS IPMH MobileIP.

Any(Ephemeral).

SIP IP Core ofIMS.

Any(Ephemeral).

CS to IMSSIP/UDP CS IPMH Mobile

IP.5060 SIP IP Core of

IMS.Any(Ephemeral).

IMS to PoC AD

This section deals with rules for SIP messages for the Presence service.

68P09287A58-A 1-15

JUL 2007

IMS to PoC Application Server Interface Chapter 1: Handset, CS, AD, and Web server interface rules

Table 1-26 IMS to PoC AD


SIP/TCP SIP IP Core Any(Ephemeral).

AD IPMHMobile IP.

any (5060 &Ephemeral).

IMS to ADSIP/UDP SIP IP Core Any

(Ephemeral).AD IPMHMobile IP.

5060

Table 1-27 PoC AD to IMS


SIP/TCP AD IPMHMobile IP.

Any(Ephemeral).

SIP IP Core ofIMS.

Any(Ephemeral).

AD to IMSSIP/UDP AD IPMH

Mobile IP.5060 SIP IP Core of

IMS.Any(Ephemeral).

1-16 68P09287A58-A

JUL 2007

PoC Firewall Rules HS to XDMS interface

HS to XDMS interface■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

Table 1-28 HS to XDMS


HS to XDMS HTTP/TCP HandsetPrivate IP

Ephemeral Web server IP 80

For TLS, port is 443.

Table 1-29 XDMS to HS


XDMS to HS HTTP/TCP Web server IP 80 HandsetPrivate IP

Ephemeral

68P09287A58-A 1-17

JUL 2007

CS to CS (IPMH Sigcomp) Chapter 1: Handset, CS, AD, and Web server interface rules

CS to CS (IPMH Sigcomp)■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

Table 1-30 OCS to TCS

Protocol Source IP (OCS) SourcePort

Destination IP(TCS)

DestinationPort

SIP/TCP OCS IPMHMobile IP andOCS IPMHManagement IP.

Any TCS IPMHMobile IP andTCS IPMHManagementIP.

Any

OCS to TCSSIP/UDP OCS IPMH

Mobile IP andOCS IPMHManagement IP.

5060 TCS IPMHMobile IPand TCSManagementIP.

5060

Table 1-31 TCS to OCS

Protocol Source IP (TCS) SourcePort

Destination IP(OCS)

DestinationPort

SIP/TCP TCS IPMH MobileIP and TCS IPMHManagement IP.

Any OCS IPMHMobile IP andOCS IPMHManagementIP.

Any

TCS to OCSSIP/UDP TCS IPMH Mobile

IP and TCSManagement IP.

5060 OCS IPMHMobile IP andOCS IPMHManagementIP.

5060

1-18 68P09287A58-A

JUL 2007

PoC Firewall Rules CS to GAMA

CS to GAMA■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

Table 1-32 CS to Diameter server


CS toDiameter

TCP IPMH IP(ext_ipaddr fromwms_ipmh_ext_ipaddrwhereuse_ip_for_gama_connectionis true).

Ephemeral Diameterserver IP.

Configurable

Table 1-33 Diameter server to CS


Diameter toCS

TCP Diameterserver IP.

Configurable IPMH IP(ext_ipaddr fromwms_ipmh_ext_ipaddrwhereuse_ip_for_gama_connectionis true.

Ephemeral

68P09287A58-A 1-19

JUL 2007

DNS to CS/AD/PM Server Chapter 1: Handset, CS, AD, and Web server interface rules

DNS to CS/AD/PM Server■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■

■

■

Table 1-34 DNS server to CS/AD/PM server


UDP CS IPMHMobile IP,CS IPMHManagementIP, AD &PrepaidMediationServerNMHostFloating IP.

Ephemeral DNS ServerIP

53

DNS Server- CS/AD (CSuses it for NNI,AD uses DNSfor autoprov)

TCP CS IPMHMobile IP,CS IPMHManagementIP, AD &PrepaidMediationServerNMHostFloating IP.

Ephemeral DNS ServerIP

53

Table 1-35 DNS server to AD/CS/PM server


UDP DNS serverIP

Ephemeral(including53).

CS IPMH MobileIP, CS IPMHManagement IP,AD & PrepaidMediationServer NMHostFloating IP.

Ephemeral

DNS server toAD/CS TCP DNS server

IPEphemeral CS IPMH Mobile

IP, CS IPMHManagement IP,AD & PrepaidMediationServer NMHostFloating IP.

Ephemeral

1-20 68P09287A58-A

JUL 2007

Appendix

A

Acronyms and Abbreviations

AD Active Directory

API Application Programming Interface

CS Control Switch

DNS Domain Name Service

EMS Element Management Server

GAMA Global Application Management Architecture

GUI Graphical User Interface

HS Hand Set

HTTP Hypertext Transfer Protocol

HTTPS Hypertext Transfer Protocol Secure

IMS IP Multimedia Subsystem

IPMH IP Message Handler

MO Managed Object

MRP Media Resource Platform

MRS Media Resource Server

MTAS Mobile Telephony API Service

NMS Network Management System

NNI Network to Network Interface

NTP Network Time Protocol

OCS Originating Control Switch

PoC Push-to-talk Over Cellular

PM Provisioning Module

RTCP Real Time Control Protocol

RTP Real Time Protocol

SCTP Stream Control Transmission Protocol

SIP Session Initiation Protocol

SNMP Simple Network Management Protocol

SPDB Subscriber and Presence Database

SSH Secure Shell

TCP Transfer Control Protocol

TCS Termination Control Switch

TL1 Transaction Language Console

68P09287A58-A A-1

JUL 2007

DNS to CS/AD/PM Server Appendix A: Acronyms and Abbreviations

TLS Transparent LAN service

UDP User Datagram Protocol

WS Web Server

XDMS XML Document Management Servers

XML Extended Markup Language

A-1 68P09287A58-A

JUL 2007

*68P09287A58-A* 68P09287A58-A

Technical Information

POC FIREWALL RULES

POC

SOFTWARE RELEASE 6.1.X.X

ROW, US/HONG KONG

ENGLISH JUL 2007 68P09287A58-A

PO

C FIR

EW

ALL R

ULE

S

SOFTW

AR

E RELEA

SE 6.1.X.X

RO

W, U

S/HO

NG

KO

NG

ENGLISHJUL 2007

68P09287A58-A

POC

Standard Printing Instructions

Part Number 68P09287A58-A

Manual Title PoC Firewall Rules

Date JUL 2007

CSD/CND (US)

Binder • 3 Slant D-ring binder - letter size (11.75 in x 11.5 in) white PVC.

• Capacity depends on size of document. (no larger than 3 in).

• Clear pockets on front and spine.

Printing • Cover / spine text overprinted onto Motorola cover stock.

• Body- printed double sided onto white letter size (8.5 in x 11 in) 70 lb.

Finishing • Shrink wrap contents.

Documents

Firewall Rules 68p09287a58