Release ports for estos products – which network interfaces are used?
October 2022
This article explains which ports must be released for the respective estos product components.
Under "Direction" there is
- "in" for incoming connections on the computer of the program itself
- "out" for the port that is addressed on the computer of the target program
Example: The UCClient connects "out" to the UCServer on 7222. This is the port that must be accessible on the server.
Usually, the port number for "out" is searched for and set by the TCP stack itself and cannot be specified/changed on the computer of the program itself.
ProCall Enterprise
UCServer
Port number | Transport | Direction | Purpose |
|---|---|---|---|
389 | TCP | out | Default to Active Directory |
636 | TLS | out | LDAPs to Active Directory |
712 | TCP | out | Default to MetaDirectory |
714 | TCP | out | Default to MetaDirectory (saved) |
5002 | TCP | out | SMEP (only for SMS connection with WhateverMobile) |
5003 | TCP | out | SMEP SSL (only for SMS connection with WhateverMobile) |
7220 | TCP | in | Remote TSP/MultiLine TSP |
7221 | TCP | in | UCServer management |
7222 | TCP | in | UCClient/update server |
7224 | TCP | in | UC web server |
7225 | TCP | in | UC web server (secure) |
7230 | UDP | in | Server search (from e.g. Windows clients) |
| 5269 | TCP | in | Default port for direct XMPP federation |
| 5275 | TCP | out | XMPP federation via proxy |
| 5060 | TCP | in/out | Default for SIP over TCP (federation) |
| 5061 | TCP | in/out | Default for SIP over TLS/MTLS (federation) |
| 443 | TLS | out | (optional) to *.ucconnect.de (for UCConnect services) |
| 5060 | UDP | out | SIP Registry (signaling the softphone) |
MediaServer
| Port number | Transport | Direction | Purpose |
|---|---|---|---|
8888 | TCP | in | Control MediaServer |
| 8433 | TLS | in | Control MediaServer |
| 3478 | UDP/TCP | out | (optional) to STUN/TURN Server |
| 3478/443 | UDP/TCP | out | (optional) to *.ucconnect.de (for UCConnect services: STUN/TURN) |
1024-65535  | UDP | in/out | SIP media |
1024-65535  | UDP | in/out | WebRTC media from and to clients (host candidates) |
Since ProCall 7 Enterprise the port number range can be restricted individually (properties of the SIP management group in the "Media" tab).
If the Clients or the MediaServer cannot establish a connection via the set port number range, a connection via STUN or TURN will be tried simultaneously by using ICE.
ProCall client for Windows
Port number | Transport | Direction | Purpose |
|---|---|---|---|
389 | TCP | out | Default to Active Directory |
712 | TCP | out | Default to MetaDirectory |
714 | TCP | out | Default to MetaDirectory (secure) |
7222 | TCP | out | UCServer connection |
7231 | UDP | in | for searching for a UCServer as a response channel |
| 3478 | UDP/TCP | out | (optional) to the STUN/TURN server |
| 3478/443 | UDP/TCP | out | (optional) to *.ucconnect.de (for UCConnect services: STUN/TURN) |
| 1024-65535 | UDP | in/out | WebRTC media (host candidates) from and to clients/media server (audio/video, softphone, screen sharing) |
Since ProCall 7 Enterprise the port number range can be restricted individually (properties of the SIP management group in the "Media" tab).
If the Clients or the MediaServer cannot establish a connection via the set port number range, a connection via STUN or TURN will be tried simultaneously by using ICE.
Additionally as of ProCall 8 when logging in via UCConnect
Port number | Transport | Direction | Purpose |
|---|---|---|---|
| 3478/443 | UDP/TCP | out | (optional) to *.ucconnect.de (for UCConnect services: STUN/TURN) |
| 443 | TLS | out | (optional) to *.ucconnect.de (for UCConnect services) |
Update service client
Port number | Transport | Direction | Purpose |
|---|---|---|---|
7222 | TCP | out | Server connection (only opened when needed) |
7232 | UDP | in | Incoming UDP packets from the update server on UCServer |
Mobile apps (iOS/Android)
Port number | Transport | Direction | Purpose |
|---|---|---|---|
| 7224 | TCP | out | Connection to Webservice |
| 7225 | TLS | out | Connection to Webservice (secured) |
| 3478 | UDP/TCP | out | Connection to STUN/TURN |
| 3478/443 | UDP/TCP | out | (optional) to *.ucconnect.de (for UCConnect services: STUN/TURN) |
| 443 | TLS | out | (optional) to *.ucconnect.de (for UCConnect services) |
| 443 | TLS | out | to ucpush.ucconnect.de for push services |
| 1024-65535 | UDP | in/out | WebRTC media from and to clients/media server (audio/video, softphone) |
If the Clients or the MediaServer cannot establish a connection via the set port number range, a connection via STUN or TURN will be tried simultaneously by using ICE.
SIP proxy (federation)
Port number | Transport | Direction | Purpose |
|---|---|---|---|
| 5060 | TCP | in/out | Default port for SIP via TCP |
| 5061 | TCP | in/out | Default port for SIP via TLS/MTLS |
XMPP proxy (federation)
Port number | Transport | Direction | Purpose |
|---|---|---|---|
| 5269 | TCP | in | Default port for XMPP federation |
| 5275 | TCP | in | Default port for UCServer login |
ProCall Meetings
Port number | Transport | Direction | Host | Purpose |
|---|---|---|---|---|
443 | TLS | out | ProCall Meetings services, such as the web front-end | |
| 20000-40000 | UDP | out | *.meetings.procall.de | Media in/out to the media server |
| 443 | UDP | out | *.meetings.procall.de | STUN requests to determine the public IP address of the client |
| 443 | UDP/TCP/TLS | out | *.meetings.procall.de | Media Relay via TURN |
| 443 | TLS | out | *.ucconnect.de | Connection of the UCServer to UCConnect and login of the client browser via UCConnect at the UCServer |
ECSTA
ECSTA/uaCSTA
Port number | Transport | Direction | Purpose |
|---|---|---|---|
5080 | TCP or UDP | out | Connection to the uaCSTA server |
5081 | TLS | out | Connection to the uaCSTA server |
uaCSTA serveraAdmin
Port number | Transport | Direction | Purpose |
|---|---|---|---|
5090 | TCP | out | Connection to the uaCSTA server |
uaCSTA Server
Port number | Transport | Direction | Purpose |
|---|---|---|---|
5080 | TCP or UDP | in | Connection from ECSTA uaCSTA |
5081 | TLS | in | Connection from ECSTA uaCSTA |
5090 | TCP | in | Connection from uaCSTA Server Admin (localhost only) |
5060 | TCP or UDP | in | Connection of telephones |
5061 | TLS | in | Connection of telephones |
MetaDirectory
Port number | Transport | Direction | Purpose |
|---|---|---|---|
7302 | TCP | in | Administrator |
712 | TCP | in | LDAP |
714 | TCP | in | LDAPS |
80 (8080/7303) | TCP | in | HTTP |
443 (8081/7304) | TCP | in | HTTPS (TLS) |
7300 | UDP | in | Server search (Broadcast Receiver) |
Procall Analytics
Analytics WebService
Port number | Transport | Direction | Purpose |
|---|---|---|---|
8732 | TCP | in | Access via web client The port used in each case is configurable or visible in the administration interface. |
Typically, a corresponding rule is set up in the Windows firewall during the installation/configuration of ProCall Analytics. This allows the process to access all ports on the application level. When using a different firewall solution, this rule may need to be set up manually.
Since some of the ports used by Analytics are allocated dynamically, only general statements can be made here. Other ports may be used in the respective customer environment. The port currently in use is visible in the Procall Analytics Server Administration under "Diagnostics" and can also be changed there.
CallControlGateway
(no longer available)
Port number | Transport | Direction | Purpose |
|---|---|---|---|
389 | TCP | out | Default to ActiveDirectory |
712 | TCP | out | Default to MetaDirectory |
7206 | TCP | in | Administrator |
5070 | TCP | in | SIP over TCP |
5071 | TCP | in | SIP over TLS |
7233 | UDP | in | Server search |
Further articles
Finding out the port allocation of an application