State of knowledge

August 2024

This article explains which ports must be released for the respective estos product components.

Under "Direction" there is

  • "in" for incoming connections on the computer of the program itself
  • "out" for the port that is addressed on the computer of the target program
  • Example: The UCClient connects "out" to the UCServer on 7222. This is the port that must be accessible on the server.

Usually, the port number for "out" is searched for and set by the TCP stack itself and cannot be specified/changed on the computer of the program itself.

ProCall Enterprise

UCServer

Port number

Transport

Direction

Purpose

389

TCPoutDefault to Active Directory

636

TLSoutLDAPs to Active Directory

712

TCPoutDefault to MetaDirectory

714

TCPoutDefault to MetaDirectory (saved)

5002

TCPoutSMEP (only for SMS connection with WhateverMobile)

5003

TCPoutSMEP SSL (only for SMS connection with WhateverMobile)

7220

TCPinRemote TSP/MultiLine TSP

7221

TCPinUCServer management

7222

TCPinUCClient/update server

7224

TCPinUC web server

7225

TCPinUC web server (secure)

7230

UDPinServer search (from e.g. Windows clients)
5269TCPinDefault port for direct XMPP federation
5275TCPoutXMPP federation via proxy
5060TCPin/outDefault for SIP over TCP (federation)
5061TCPin/outDefault for SIP over TLS/MTLS (federation)
443TLSoutto UCConnect *.ucconnect.de 
5060UDPoutSIP Registry (signaling the softphone)

MediaServer

Port numberTransportDirectionPurpose

8888

TCPinControl MediaServer
8433TLSinControl MediaServer
3478UDP/TCPout(optional) to STUN/TURN Server
3478/443UDP/TCPout(optional) to *.ucconnect.de (for UCConnect services: STUN/TURN)
1024-65535 (green star)UDPin/outSIP media
1024-65535 (green star) (blue star)UDPin/outWebRTC media from and to clients (host candidates)

(green star) Since ProCall 7 Enterprise the port number range can be restricted individually (properties of the SIP management group in the "Media" tab).

(blue star) If the Clients or the MediaServer cannot establish a connection via the set port number range, a connection via STUN or TURN will be tried simultaneously by using ICE.

ProCall client for Windows 

Port number

Transport

Direction

Purpose

389

TCPoutDefault to Active Directory

712

TCPoutDefault to MetaDirectory

714

TCPoutDefault to MetaDirectory (secure)

7222

TCPoutUCServer connection

7231

UDPinfor searching for a UCServer as a response channel
3478UDP/TCPout(optional) to the STUN/TURN server
3478/443UDP/TCPout(optional) to *.ucconnect.de (for UCConnect services: STUN/TURN)
1024-65535 (green star) (blue star)UDPin/outWebRTC media (host candidates) from and to clients/media server (audio/video, softphone, screen sharing)

(green star) Since ProCall 7 Enterprise the port number range can be restricted individually (properties of the SIP management group in the "Media" tab).

(blue star) If the Clients or the MediaServer cannot establish a connection via the set port number range, a connection via STUN or TURN will be tried simultaneously by using ICE.

Additionally as of ProCall 8 for login and licensing via UCConnect

Port number

Transport

Direction

Purpose

3478/443UDP/TCPout(optional) to *.ucconnect.de (for UCConnect services: STUN/TURN)
443TLSout(optional) to *.ucconnect.de (for UCConnect services)

Update service client

Port number

Transport

Direction

Purpose

7222

TCPoutServer connection (only opened when needed)

7232

UDPinIncoming UDP packets from the update server on UCServer

Mobile apps (iOS/Android)

Port number

Transport

Direction

Purpose

7224TCPoutConnection to Webservice
7225TLSoutConnection to Webservice (secured)
3478UDP/TCPoutConnection to STUN/TURN
3478/443UDP/TCPout(optional) to *.ucconnect.de (for UCConnect services: STUN/TURN)
443TLSout(optional) to *.ucconnect.de (for UCConnect services)
443TLSoutto ucpush.ucconnect.de for push services
1024-65535 (blue star)UDPin/outWebRTC media from and to clients/media server (audio/video, softphone)

(blue star) If the Clients or the MediaServer cannot establish a connection via the set port number range, a connection via STUN or TURN will be tried simultaneously by using ICE.

SIP proxy (federation)

Port number

Transport

Direction

Purpose

5060 TCPin/outDefault port for SIP via TCP
5061TCPin/outDefault port for SIP via TLS/MTLS

XMPP proxy (federation)

Port number

Transport

Direction

Purpose

5269TCPinDefault port for XMPP federation
5275TCPinDefault port for UCServer login

ProCall Meetings


Port number

Transport

Direction

Host

Purpose

443

TLSout

(*.)meetings.procall.de

ProCall Meetings services, such as the web front-end
20000-40000UDPout*.meetings.procall.deMedia in/out to the media server
443UDPout*.meetings.procall.deSTUN requests to determine the public IP address of the client
443UDP/TCP/TLSout*.meetings.procall.deMedia Relay via TURN
443TLSout*.ucconnect.deConnection of the UCServer to UCConnect and login of the client browser via UCConnect at the UCServer

ECSTA

ECSTA/uaCSTA

Port number

Transport

Direction

Purpose

5080

TCP or UDPoutConnection to the uaCSTA server

5081

TLSoutConnection to the uaCSTA server

uaCSTA serveraAdmin

Port number

Transport

Direction

Purpose

5090

TCPoutConnection to the uaCSTA server

uaCSTA Server

Port number

Transport

Direction

Purpose

5080

TCP or UDPinConnection from ECSTA uaCSTA

5081

TLSinConnection from ECSTA uaCSTA

5090

TCPinConnection from uaCSTA Server Admin (localhost only)

5060

TCP or UDPinConnection of telephones

5061

TLSinConnection of telephones

MetaDirectory

Port number

Transport

Direction

Purpose

7302

TCPinAdministrator

712

TCPinLDAP

714

TCPinLDAPS

80 (8080/7303)

TCPinHTTP

443 (8081/7304)

TCPinHTTPS (TLS)

7300

UDPinServer search (Broadcast Receiver)
443TLSoutto UCConnect *.ucconnect.de 

Procall Analytics

Analytics WebService

Port number

Transport

Direction

Purpose

8732 (green star)(blue star)

TCPin

Access via web client

The port used in each case is configurable or visible in the administration interface.

(green star) Typically, a corresponding rule is set up in the Windows firewall during the installation/configuration of ProCall Analytics. This allows the process to access all ports on the application level. When using a different firewall solution, this rule may need to be set up manually.

(blue star) Since some of the ports used by Analytics are allocated dynamically, only general statements can be made here. Other ports may be used in the respective customer environment. The port currently in use is visible in the Procall Analytics Server Administration under "Diagnostics" and can also be changed there.

CallControlGateway

(no longer available)

Port number

Transport

Direction

Purpose

389

TCPoutDefault to ActiveDirectory

712

TCPoutDefault to MetaDirectory

7206

TCPinAdministrator

5070

TCPinSIP over TCP

5071

TCPinSIP over TLS

7233

UDPinServer search

Further articles

Finding out the port allocation of an application