Mitel Call Paths and Ports

Traffic Guidelines
Phone Sets and System Resources
Mitel Ports

Controller and Handsets

FUNCTION SOCKET NUMBER

FTP (data) TCP 20
FTP (control) TCP 21
Telnet TCP 23
SMTP (VPIM for voice mail) TCP 25
DNS UDP 53
DHCP server UDP 67
DHCP client UDP 68
TFTP UDP 69
HTTP TCP 80
SNMP UDP 161
SNMP trap UDP 162
HTTPS (SSL) TCP 443
IP Trunk (unsecured) TCP 1066
IP Trunk (SSL) TCP 1067
OPS Manager, telephone directory TCP 1606
VoiceFirst (server connection) TCP 3300
PDA, Application communication TCP 3999
EDS TCP 5002
Telephone Directory (eManager) TCP 5009
SIP TCP 5060
SIP-TLS TCP/UDP 5061
E2T to RTC (SSL) TCP 6000
Set to ICP (Unsecured) TCP 6800
Set to ICP (SSL) TCP 6801
Set to ICP (Secure Minet) TCP 6802
Data Services access TCP 7011
SDS TCP 7050
E2T IP prior to release 6 RTP/UDP 5000 to 5512
E2T IP release 6 and above RTP/UDP 50000-50255
RTC TCP 6800
MiNET Client TCP 6900-6999
MiTAI TCP 8000
MiTAI (SSL) TCP 8001
IP Sets - Voice B1/B2, Rx pre release 8.0 RTP/UDP 9000/9002
IP Sets - Voice B1/B2, Tx pre release 8.0 RTP/UDP 9000/9002
IP Sets - Voice B1/B2, Rx post release 8.0 RTP/UDP 50000-50511
IP Sets - Voice B1/B2, Tx post release 8.0 RTP/UDP 50000-50511
TFTP UDP 20001
DECT voice and signalling TCP/UDP 16320 to 32767
5550 Console

"Keypad to Console PC" TCP port usage:

• The Keypad will use TCP port 6900 to establish a socket connection to the IP
address of the PC on TCP port 10000

• The PC needs to allow inbound TCP sessions to TCP port 10000

"Console PC to 3300 ICP" TCP port usage:

• The PC will establish a connection to the 3300 ICP using the following TCP ports
6800, 7011 and 1606 on the 3300 ICP side
Log Output Socket Number
FUNCTION SOCKET NUMBER

Software Logs TCP 1750

Maintenance Logs TCP 1751
SMDR TCP 1752
Hotel Logs TCP 1753
LPR1 Printer Port TCP 1754
ACD Real Time Event TCP 15373
IP PMS (Release 6.0) TCP 15374
PMS Voice Mail Integration TCP 6830
Teleworker

Port Range Direction Purpose & Details

AMC communications. Allow inbound and outbound packets on TCP port

22 between the 6010 and the Internet to enable server registration, software
TCP 22 (SSH) Server « Internet
and license key downloads, alerts and reporting.

Remote Server Management. Allow inbound and outbound packets on TCP

port 443 between the 6010 and the Internet to allow remote management of
TCP 443 Server « Internet the server, if required.
(HTTPS) HTTPS access to the manager on the external interface must be also be
explicitly enabled from the server manager interface.
Local Server Management. Allow inbound and outbound packets on TCP
port 443 between the 6010 and the LAN to allow for management of the
server.
TCP 443 (HTTPS) Server « LAN HTTPS access to the manager on the external interface must be also be
explicitly enabled from the server manager interface.
The firewall should be configured to limit HTTPS access to desired
management hosts.
MiNet Call Control. Allow incoming and outgoing packets for TCP ports
6801 and 6802 between the server and the Internet. Allow incoming and
Server « Internet
TCP 6800, outgoing packets for TCP ports 6800, 6801 and 6802 between the server and
Server « LAN
6801 and 6802 the LAN and the server and the ICP(s).
Server « ICP(s)
The LAN rule can be omitted if there are no teleworker sets on the LAN, but
ensure that the ICP(s) can communicate with the server’s public address.
Firmware Downloads. Allow incoming TFTP requests from the Internet and
from the LAN to the server on UDP port 69. Allow outbound replies to these
requests, from the server to both the Internet and the LAN. Phones will be
Server « Internet
UDP 69 Server « LAN
unable to boot if this is misconfigured. LAN rules can be omitted if there are
no in-office Teleworker sets.
Note: a source UDP port of 69 is used for all replies from the 6010 TFTP
server.
Voice Communications. Allow incoming and outgoing RTP on UDP ports
UDP 20,000 to Server « Internet
20000 – 23000 between the server and the Internet. Misconfiguration here is a
23,000 (RTP) Server « LAN
common cause of one-way audio problems.
Voice Communications. Allow outgoing RTP on UDP ports greater than, or
UDP 1024 to equal to, 1024 from the server to the phone network (LAN). Failure to do so
Server ® LAN
65,535 (RTP) often results in a loss of audio from the remote phone to the local phone
network (LAN).
Voice Communications. Allow outgoing RTP on UDP ports greater than, or
UDP 1024 to equal to, 1024 from the phone network (LAN) to the publicly routable IP
LAN ® Server
65,535 (RTP) address of the server. Failure to do so usually results in the loss of audio from
the local phone network (LAN) to the remote phone.
Server « Internet Optional VoiceFirst Communications. Allow bidirectional traffic on TCP
TCP 3300 (VFA)
Server « LAN port 3300 if you have a VoiceFirst Solution installed.
Optional MiTAI Communications. Allow bidirectional traffic on TCP port
TCP 8001 Server « Internet
8001 if you are using the Your Assistant Softphone v3.1 or higher with the
(MiTAI) Server « LAN
Teleworker Solution.
Optional 5230 IP Appliance Communications. Allow bidirectional traffic
TCP 3999 (5230 Server « Internet
on TCP port 3999 if you are using Mitel 5230 IP Appliances as Teleworker
set) Server « LAN
sets. This enables communications from the on-board PDA.
Multi Protocol Border Gateway

Port Range Direction Purpose & Details

TCP 22 (SSH) Server => Internet AMC Communications. Allow

outbound packets (and replies)
on TCP port 22 between the
MBG Server and the Internet to
enable server registration,
software and license key
downloads, alerts and reporting.
UDP 53 (DNS) Server => Internet DNS. The server requires DNS
to look up the IP address of the
Mitel AMC. Alternatively, the
server can be configured to
forward all DNS requests to
another DNS server.
TCP 443 (HTTPS) Server <= Internet Remote Server Management
(Optional). Allow inbound and
outbound packets on TCP port
443 between the MBG server
and the Internet to allow remote
management of the server, if
required. HTTPS access to the
manager on the external
interface must also be explicitly
enabled from the server
manager interface. The firewall
should be configured to limit
HTTPS access to desired
management hosts.
TCP 443 (HTTPS) Server <= LAN Local Server Management.
Allow inbound and outbound
packets on TCP port 443
between the MBG Server and
the LAN to allow for
management of the server.
HTTPS access to the manager
on the external interface must
also be explicitly enabled from
the server manager interface.
The firewall should be
configured to limit HTTPS
access to desired management
hosts.
TCP 6800, 6801 and 6802 Server => LAN MiNet Call Control. Allow
Server => ICP(s) incoming and outgoing packets
TCP 6801 and 6802 Server <= Internet for TCP ports 6801 (MiNet-
SSL) and 6802 (MiNet-Secure
V1) between the server and the
Internet. Allow incoming
and outgoing packets for TCP
ports 6800 (unencrypted
MiNet), 6801 and 6802 between
the server and the LAN and the
server and the ICP(s). The LAN
rule can be omitted if there are
no IP sets on the LAN, but
ensure that the ICP(s) can
communicate with the server's
public address.
TCP 3998, and 6880 Server <= Internet SAC Connection Support.
Allow incoming TCP on ports
3998 and 6880 to support the
applications and the web
browsing, respectively, on the
5235, 5330, 5340 and Navigator
sets, from the Internet to the
MBG server. There is an
additional LAN rule that follows
this to complete the support.
TCP 3998, 3999 and 6880 Server => ICP(s) SAC Connection Support.
Allow bi-directional TCP traffic
on port 3999 to the ICP(s). This
is to support the applications on
the 5235, 5330, 5340 and
Navigator sets.
Note: 3998 and 6880 are
dependent on an additional,
internal MBG server that the
Internet-facing server is
daisychained to.
TCP 80 Server => LAN SAC Connection Support
Server => Internet (Optional). Allow TCP port 80
from the server to the Internet,
and to the LAN, to support web
browsing on the 5235, 5330,
5340 and Navigator sets. Also
required to the Internet to allow
browsing of the Internet from
the set.
TCP 80 Internet <=> Server Certificate Management
(Optional). On any client that
makes use of MiSSLTunnel
with a client certificate (UCA,
CIS, etc), then this port must be
open to the Internet to
permit the web service to submit
a certificate signing
request (CSR) and check on the
status of that request, finally
downloading it. Also needed for
CREs to register with SRC
control interface.
TCP 6809 Between servers in the cluster. Cluster Comms. If making use
of clustering in MBG/SRC, this
port must be open between the
servers in the cluster to permit
them to communicate with one
another.
UDP 20000 to configured upper Server <= Internet Voice Communications. Allow
bound (SRTP) Server <= LAN incoming SRTP on UDP ports
20000 to the configured upper
bound from all streaming
devices on the LAN and the
Internet. Misconfiguration here
is a common cause of one-way
audio problems.
UDP 30000 to 40000 Server => LAN Voice Recording (SRC only).
For streaming voice streams
from the SRC server to the CRE
for recording purposes.
UDP 1024 to 65535 (RTP) Server => LAN Voice Communications. Allow
Server => Internet outgoing SRTP on UDP ports
greater than, or equal to 1024
from the server to all streaming
devices on the LAN and the
Internet. Misconfiguration here
is a common cause of one-way
audio problems.
TCP 3300 (VFA) Server <= Internet Optional VoiceFirst
Server <=> LAN Communications. Allow bi-
directional traffic on TCP port
3300 if you have a VoiceFirst
Solution installed.
TCP 2114 Server <=> LAN Your Assistant Support. To
Server <=> Internet permit the YA client to connect
to the logon server on the LAN
side, this port must be
permitted. Failure to do so will
result in the client being unable
to logon via their YA client.
TCP 2116 Server <=> LAN Your Assistant Support. To
Server <= Internet permit the YA client to connect
to the telephony server on the
LAN side, this port must be
permitted. Failure to do so will
result in the client being unable
to control their set via the Mitel
ICP.
TCP 35000 Server <=> LAN Your Assistant Support. To
Server <= Internet permit the YA client to connect
to the presence server on the
LAN side, this port must be
permitted. Failure to do so will
result in the presence features in
YA failing to function.
TCP 37000 Server <=> LAN Your Assistant Support. To
Server <= Internet permit the YA client to connect
to the collaboration server on
the LAN side, this port must be
permitted. Failure to do so will
result in the collaboration
features in YA failing to
function.
UDP 5060 Server <=> LAN SIP Support. If the SIP
Server <=> Internet connector is enabled, then this
port is required for SIP
signalling between MBG and
the set, and MBG and the ICP.
UDP 5064 Server <=> LAN SIP Trunk Support. If making
Server <=> Internet use of SIP trunks, then this port
must be open.
Enterprise Manage Release 2.1 and up TCP/UDP Ports

Port Type Default Description

Traps - UDP 162 SNMP Traps

RMI – TCP The RMI Registry port is used in client-server
1099
communication.
Inter-process This port is used for communication between the back-end
communication - 2000 and front-end components within Enterprise Manager
TCP
This port is used in Client-Server communication.
Apache port - TCP 9090

MiXML -TCP 18000 MiXML for IP Phone discovery

SNMP Agent port
– UDP
8001
This port is used in the database communication between
MySQL 3306
the back-end and front-end of Enterprise Manager.
IPA 48879 This port is used to send and receive data.
Random By default, random numbers are used, hence need to setup
Software Installer
Number an exception based on application.
Voice Quality This port is used to communicate to the Voice Quality
(Viola) 4331
server.
This port is used for TightVNC client server
TightVNC 5900
communication.
OPS Manager Release 6.10 and Up TCP/UDP Ports

Port Type Default Description

80 Http TCP 80 For Ops Manager Clients to login to Ops manage Server
443 Https
443 ESM access to 3300 ICP
TCP
PLID/DN Collection , Backup and restore of Network
21 Ftp TCP 21
Elements
5009 UDP 5009 Unsolicited Data Transfer (alarm, Telephone Directory)
49500 to
49549 Range Data Services
TCP
The 3300 is listening on the 7011 port number by default for
7011 TCP
ops Data service (MAC, Backup, etc.)
23 telnet
23 Access and upgrade to the sx2000
TCP
1606 csmsg – Telephone Directory, Alarm etc.
Ports used by YA
Port Type Description Host Client
Ports between YA Server and YA client
22 TCP SSH for Web Collaboration YA Server YA Client
23 TCP Telnet for Web Collaboration YA Server YA Client
80 TCP HTTP for Web Collaboration YA Server YA Client
443 TCP HTTP for Web Collaboration YA Server YA Client
1270 TCP Web Collaboration port YA Server YA Client
2114 TCP Client/Server Authentication YA Server YA Client
2115 TCP Licensing Server YA Server YA Client
2116 TCP Telephony Server YA Server YA Client
35000 TCP YA Presence Server YA Server YA Client
37000 TCP Web Collaboration port YA Server YA Client

Ports Between YA server and other

389 TCP LDAP for Active Directory Synch YA Server ADC Server
2117 TCP YA Administration port YA Server Admin Tool

Ports Between YA server and 3300 ICP

8000 TCP MiTAI 3300 ICP YA Server

8001 TCP Secure MiTAI 3300 ICP YA server
18000 TCP MiMXML Server 3300 ICP YA Server

Ports Between YA client and 3300 ICP

6800 TCP Minet Protocol 3300 ICP YA Softphone Client

6801 TCP Secure Minet (SSL) 3300 ICP YA Softphone Client
6802 TCP Secure Minet (AES) 3300 ICP YA Softphone Client
6900 TCP Minet Protocol YA Softphone Client 3300 ICP
5000 UDP Voice (RTP) between YA Softphone 3300 ICP YA Softphone Client
to and E2T (Prior to 3300 R6.0)
5414
9000 UDP Voice (RTP) Channel 1 YA Softphone Client Other YA softphone Client,
IP phone or IP Trunk
9002 UDP Voice (RTP) Channel 2 YA Softphone Client Other YA softphone Client,
IP phone or IP Trunk
50000- to UDP Voice (RTP) between YA Softphone 3300 ICP YA Softphone Client
- and E2T (Post to 3300 R6.0)
50255