wran com mat ru50 03
DESCRIPTION
wranTRANSCRIPT
WCDMA RAN, Rel. RU50, Operating Documentation, Issue 02
WCDMA RAN Communication Matrix DN70962119
Approval date 2014-06-04
WCDMA RAN Communication Matrix
DN0962119 Issue 03
© Nokia Solutions and Networks Confidential
2
The information in this document is subject to change without notice and describes only the product defined in the introduction of this documentation. This documentation is intended for the use of Nokia Solutions and Networks customers only for the purposes of the agreement under which the document is submitted, and no part of it may be used, reproduced, modified or transmitted in any form or means without the prior written permission of Nokia Solutions and Networks. The documentation has been prepared to be used by professional and properly trained personnel, and the customer assumes full responsibility when using it. Nokia Solutions and Networks welcomes customer comments as part of the process of continuous development and improvement of the documentation. The information or statements given in this documentation concerning the suitability, capacity, or performance of the mentioned hardware or software products are given "as is" and all liability arising in connection with such hardware or software products shall be defined conclusively and finally in a separate agreement between Nokia Solutions and Networks and the customer. However, Nokia Solutions and Networks has made all reasonable efforts to ensure that the instructions contained in the document are adequate and free of material errors and omissions. Nokia Solutions and Networks will, if deemed necessary Nokia Solutions and Networks, explain issues which may not be covered by the document. Nokia Solutions and Networks will correct errors in this documentation as soon as possible. IN NO EVENT WILL NOKIA SOLUTIONS AND NETWORKS BE LIABLE FOR ERRORS IN THIS DOCUMENTATION OR FOR ANY DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL OR ANY LOSSES, SUCH AS BUT NOT LIMITED TO LOSS OF PROFIT, REVENUE, BUSINESS INTERRUPTION, BUSINESS OPPORTUNITY OR DATA, THAT MAY ARISE FROM THE USE OF THIS DOCUMENT OR THE INFORMATION IN IT. NSN is a trademark of Nokia Solutions and Networks. Nokia is a registered trademark of Nokia Corporation. Other product names mentioned in this document may be trademarks of their respective owners, and they are mentioned for identification purposes only. Copyright © Nokia Solutions and Networks 2014. All rights reserved.
Nokia Solutions and Networks are continually striving to reduce the adverse environmental effects of its products and services. We would like to encourage you as our customers and users to join us in working towards a cleaner, safer environment. Please recycle product packaging and follow the recommendations for power use and proper disposal of our products and their components. If you should have questions regarding our Environmental Policy or any of the environmental services we offer, please contact us at Nokia Solutions and Networks for additional information.
WCDMA RAN Communication Matrix
DN0962119 Issue 03
© Nokia Solutions and Networks Confidential
3
Table of contents Summary of changes ...................................................................................................... 4
1. Introduction…………………………………………………………………...5 2. Flexi BTS……………………………………………………………………...6 3. IPA RNC………………………………………………………………………12 4. OMS……………………………………………………………………………18
WCDMA RAN Communication Matrix
DN0962119 Issue 03
© Nokia Solutions and Networks Confidential
4
Summary of changes The document comprises 23 pages.
Multicontroller RNC content is on mcRNC3.0 level and is not valid for RU50. Flexi Direct content is on Flexi Direct RU40 level, and is not valid for RU50. Changes between issues 02E (2014-03-07, RU40) and 03 (2014-06-04, RU50)
• mcRNC and FlexiDirect have been removed due to no release for these products in RU50
• iOMS ILO connections has been added • Co-siting connections has been removed • Traffic ports have been corrected for IPA RNC • Virtual printer port has been added to IPA RNC • NTP and DNS have been added to IPA RNC.
Changes between issues 02D (2014-02-18, RU40) and 02E (2014-03-07, RU40)
• Certificate management section has been added to the mcRNC chapter.
Changes between issues 02C (2013-09-11, RU40) and 02D (2014-02-18, RU40)
• Older releases, Ultra Site and ToP Master have been removed.
i
Nokia Solutions and Networks Issue 03 Confidential 5
Limitations
Legend:Local system: Indicates the local Network Element and the address within the elementLocal port: Indicates which port or ports used by the local Network Element. They can be either fixed, configurable or dynamically selected.
Any Indicates that a dynamic port, from the range [1024, 65535] is usedConfigurable Indicates that the port can be configured in the user interface of the network elementN/A Indicates that there is no port number
Init direction: It indicates which peer initiates the connection
↔ Either Network Element can initiate the connection
← The remote Network Element initiates the connection, or sends the first packet
→ The local Network Element initiates the connection, or sends the first packetTraffic direction: It indicates which peer initiates the connection
↔ Either Network Element can send a packet
← Only the remote Network Element sends packets
→ Only the local Network Element send packetsRemote system: Indicates the remote Network Element and the address within the elementRemote port: Indicates which port or ports used by the remote Network Element. They can be either fixed, configurable or dynamically selected.
Any Indicates that a dynamic port, from the range [1024, 65535] is usedConfigurable Indicates that the port can be configured in the user interface of the network elementN/A Indicates that there is no port number
Protocol: Transport protocol used by the connectionService: Service supported by the connectionAuthenticated Service Indicates if the service has some type of authentication (username/password, certificates, PSK, etc)Availability: Indicate whether the connection is present in the system or not
always on If feature is available in release and license is available (if applicable), then ports are always open or connection existdefault on If feature is available in release and license is available (if applicable), then ports are open by default or connections exist by default. However they can be closed by configuration.default off If feature is available in release and license is available (if applicable), then ports are closed by default. However they can be opened by configuration.dynamic Connection exists depending on feature availability/configuration or on dynamic negotiations between network elements
Supported Remote System FamiliesWhen the remote system might be of different product family, the supported family is listed. At this moment this applies only to BTS and RNC.N/A indicates that there is only one product family for the remote system, or there is no practical difference between them.
Secure Network Indicates whether the connection is required when using securityN/A The connection is not related to security (typically non O&M connections)Yes The connection does exist when security is usedNo The connection does not exist when security is usedBoth The connection will be present both when security is used and when not, usually because there is no secure alternative
Related feature Feature(s) where the connection was introduced
WCDMA RAN Communication Matrix
The purpose of this document is to list all the IP based connection established between the RAN network elements as well as the connections towards other network elements outside the RAN.It is intended to be used by R&D to be aware of all the possible IP services available in the RAN, so that appropriate hardening and security measures are taken into account. In particular, this document can be used as input to configure the firewalls in the network.
The following limitations exist in this document:1- Only IP over Ethernet connections are listed. This affects BTS O&M connections and Iu-PS user plane and control plane, since both can be also based on IP over ATM.2- Local connections used for local management purposes are not listed.3- Internal connections (not visible in the external interfaces) are not listed.
FlexiBTS
Nokia Solutions and Networks Issue 03 Confidential 6
Local system(NE/Functional unit/address) Local port Init Direction Direction Remote system
(NE/IP address) Remote port Protocol Service name / description Authentication Availability Remarks FSM-r2 FSM-r3 FlexiLite
User plane, control plane, synchronization plane
General
BTS/Any [33434 ... 33933] ← ← Any Any UDP traceroute No default on x x x
BTS/Any N/A ↔ ↔ Any N/A ICMP ICMP No always on x x x
IPsec
BTS/IPsec tunnel endpoint 500 ↔ ↔IPSecSecurityGateway
500 UDP IPSec Key management Yes dynamic The source port of the IPSec Security gateway unit could be a different port than port 500. The port 500 is usually used. x x x
BTS/IPsec tunnel endpoint N/A ↔ ↔IPSecSecurityGateway
N/A ESP IPSec Encapsulation Security Payload Yes dynamic x x x
Monitoring
BTS/Transport Interface 7 ← ↔ Echo client Any UDP FTM UDP Echo No default off x x x
BTS/TWAMP sender Configurable (5001, …, 5010) → ↔ TWAMP reflector configurable UDP TWAMP sender (client) No default off TWAMP session1=Port 5001, …, TWAMP Session10=Port
5010 x x x
BTS/TWAMP reflector 5018 ← ↔ TWAMP sender Any UDP TWAMP reflector (server) No default off x x x
BFD
BTS/Transport Interface Configurable → → Site Router 3784 UDP Bidirectional Forward Detection(Single Hop) No dynamic x x x
BTS/BFD Configurable → → RNC 4784 UDP Bidirectional Forward Detection(MultiHop) No dynamic x x x
BTS/Transport Interface 3784 ← ← Site Router Any UDP Bidirectional Forward Detection(Single Hop) No dynamic x x x
BTS/BFD 4784 ← ← RNC 4784 UDP Bidirectional Forward Detection(MultiHop) No dynamic x x x
OSPF
BTS/Transport Interface NA ↔ ↔ OSPF peer N/A OSPF OSPF No dynamic x x -
BTS/Multicast NA ← ← OSPF peer N/A OSPF OSPF No dynamic x x -
BTS/Transport Interface NA → → Multicast N/A OSPF OSPF No dynamic x x -
User plane, control plane, synchronization plane
BTS/Control plane Configurable ← ↔ RNC Configurable SCTP NetworkLayerSignallingCNBAP via SCTP No always on
The local port is configurable by Minimum SCTP port. With RAN2512 RNC Resiliency a second RNC Far End SCTP Subnet can be configured.
x x x
BTS/Control plane Configurable ← ↔ RNC Configurable SCTP NetworkLayerSignallingDNBAP via SCTP No always on
The local port is configurable by Minimum SCTP port + 1.With RAN2512 RNC Resiliency a second RNC Far End SCTP Subnet can be configured.
x x x
BTS/User plane [49152 … 65535] → ↔ RNC [1026 … 65535] UDP
IP based U-planeThe lower value of the BTS port range can be configured by the operator ( TMPAR: minUDPPort to a higher value up to 63135)
No default on x x x
BTS/Transport Interface N/A ↔ ↔ ATMoPSN GW N/A MPLS ATM over Ethernet (PSN): Pseudowire No dynamic x x -
BTS/Transport Interface Configurable ↔ ↔ CESoPSN GW, BSC3i with ETIP card Configurable UDP Generic: CESoPSN No dynamic
Local port is configurable in the range of [49152..65535]. 4, 8 or 16 Ports out of that range starting with "Minimum UDP Port". Selectable at the „CES over PSN“ tab.
x x -
BTS/Synchronization plane [319, 320] → ↔ ToP Server [319, 320] UDP Timing Over Packet No dynamic x x x
BTS/Synchronization plane [319, 320] ← ↔ ToP Server Any UDP Timing Over Packet No dynamic x x x
FlexiBTS
Nokia Solutions and Networks Issue 03 Confidential 7
Local system(NE/Functional unit/address) Local port Init Direction Direction Remote system
(NE/IP address) Remote port Protocol Service name / description Authentication Availability Remarks FSM-r2 FSM-r3 FlexiLite
Management plane
General
BTS/Management plane or BTS/DHCP assigned Any → ↔ RNC, OMS 8003 TCP/TLS Secure BTS O&M Interface Yes dynamic With RAN2512 RNC Resiliency a second RNC M-Plane IP
address can be configured x x x
BTS/Management plane or BTS/DHCP assigned Any → ↔ RNC, OMS 8002 TCP BTS O&M Interface No dynamic With RAN2512 RNC Resiliency a second RNC M-Plane IP
address can be configured x x x
DHCP
BTS/(0.0.0.0) 68 → → DHCP Server via broadcast/(255.255.255.255) 67 UDP DHCP for autoconnection No dynamic x x x
BTS/DHCP assigned 68 ← ← DHCP Server 67 UDP DHCP for autoconnection No dynamic x x x
HTTP
BTS/Management plane 80 ← ↔ BTS SM Any TCPO&M operations- Session IOR retrieval from BTS SM- Webserver unauthenticated pages
No always on x - -
BTS/Management plane 80 ← ↔ BTS SM Any TCPO&M operations- Webserver authenticated page access. (e.g. log file retrieval, ping, reboot)
Yes always on x - -
BTS/Management plane 443 ← ↔ BTS SM Any TCP/TLS
O&M operations- Session IOR retrieval from BTS SM- Webserver unauthenticated pages- Webserver authenticated page access. (e.g. log file retrieval, ping, reboot)
Yes always on Security relevant actions are authenticated x x x
BTS/Management plane 6000 ← ↔ BTS SM, OMS, NetAct Any TCP File transfer via HTTP Yesalways on (<WN8.0)default on(>= LN1.0, >= WN8.0)
Security relevant file access is authenticated x x x
BTS/Management plane 6001 ← ↔ BTS SM, OMS, NetAct Any TCP/TLS File transfer via HTTPS Yes always on Security relevant file access is authenticated x x x
BTS/Management plane or BTS/DHCP assigned Any → ↔ OMS 80 TCP File transfer via HTTP Yes
dynamic (<WN8.0)default on(>= LN1.0, >= WN8.0)
x x x
BTS/Management plane Any → ↔ BTS SM [13062...13092] TCP File transfer via HTTP Yesdynamic (<WN8.0)default on(>= LN1.0, >= WN8.0)
x x x
BTS/Management plane or BTS/DHCP assigned Any → ↔ BTS SM [13062...13092] TCP/TLS File transfer via HTTPS Yes
dynamic (<WN8.0)default on(>= LN1.0, >= WN8.0)
x x x
BTS/Management plane or BTS/DHCP assigned Any → ↔ OMS 443 TCP/TLS
O&M operations- Session IOR retrieval from BTS SM- Webserver unauthenticated pages- Webserver authenticated page access. (e.g. log file retrieval, ping, reboot)
Yesdynamic (<WN8.0)default on(>= LN1.0, >= WN8.0)
x x x
BTS/BTS address 80 ← ↔ BTS SM Any TCPSiteEM.xml retrieval from TRS network to FCM Note: Request will be redirect to FTM starting from RU20
No always on x - -
FTP
BTS/BTS address 21 ← ↔ BTS SM / NetAct, OMS Any TCP
ftp (control)SCF + Perf.Data upload from FCM to NetAct or BTS SM, triggered by ASN.1
Note: This connection will not be used starting with RU20 BTS SM and RU10 OMS, as it does not exist anymore in the peer. However forwarding still exists and server is still available (remains for compatibility)
Yes default offThe remote system is the client. The availability is set to default off because this link exists only when the optional IP address BTS/BTS address is configured
x - -
BTS/BTS address 20 ← ↔ BTS SM / NetAct, OMS Any TCP
ftp (active ftp data)SCF + Perf.Data upload from FCM to NetAct or BTS SM, triggered by ASN.1
Note: This connection will not be used starting with RU20 BTS SM and RU10 OMS, as it does not exist anymore in the peer. However forwarding still exists and server is still available (remains for compatibility)
Yes default offThe remote system is the client. The availability is set to default off because this link exists only when the optional IP address BTS/BTS address is configured
x - -
FlexiBTS
Nokia Solutions and Networks Issue 03 Confidential 8
Local system(NE/Functional unit/address) Local port Init Direction Direction Remote system
(NE/IP address) Remote port Protocol Service name / description Authentication Availability Remarks FSM-r2 FSM-r3 FlexiLite
BTS/BTS address Any → ↔ BTS SM / NetAct, OMS [13062...13092] TCP
ftp (active+passive ftp control+data)SWDL to FCM
Note: This connection will not be used starting with RU20 BTS SM and RU10 OMS, as it does not exist anymore in the peer. However forwarding still exists and server is still available (remains for compatibility)
Yes default offThe remote system is the server. The availability is set to default off because this link exists only when the optional IP address BTS/BTS address is configured
x - -
BTS/BTS address Any → ↔ BTS SM / NetAct, OMS 21 TCP
ftp (control)SWDL to FCM
Note: This connection will not be used starting with RU20 BTS SM and RU10 OMS, as it does not exist anymore in the peer. However forwarding still exists and server is still available (remains for compatibility)
Yes default offThe remote system is the server. The availability is set to default off because this link exists only when the optional IP address BTS/BTS address is configured
x - -
BTS/BTS address Any → ↔ BTS SM / NetAct, OMS 20 TCP
ftp (active ftp data)SWDL to FCM
Note: This connection will not be used starting with RU20 BTS SM and RU10 OMS, as it does not exist anymore in the peer. However forwarding still exists and server is still available (remains for compatibility)
Yes default offThe remote system is the server. The availability is set to default off because this link exists only when the optional IP address BTS/BTS address is configured
x - -
BTS/BTS address Any ↔ ↔ BTS SM / NetAct, OMS Any TCP
ftp (passive ftp data)SWDL to FCM
Note: This connection will not be used starting with RU20 BTS SM and RU10 OMS, as it does not exist anymore in the peer. However forwarding still exists and server is still available (remains for compatibility)
Yes default offThe remote system is the server. The availability is set to default off because this link exists only when the optional IP address BTS/BTS address is configured
x - -
BTS/Management plane 21 ← ↔ BTS SM / NetAct/OMS Any TCP
external ftp client (control) e.g.SCF + Perf.Data upload from TM to NetAct or BTS SM, triggered by ASN.1 (ftp will not be selected any more for >= RU20 but server is still reachable)
Yesalways on (<=RU20 EP1) default on (RU30) default off (RU40)
The remote system is the client x x x
BTS/Management plane 20 ← ↔ BTS SM / NetAct/OMS Any TCP
external ftp client (active ftp data) e.g.SCF + Perf.Data upload from TM to NetAct or BTS SM, triggered by ASN.1 (ftp will not be selected any more for >= RU20 but server is still reachable)
Yesalways on (<=RU20 EP1) default on (RU30) default off (RU40)
The remote system is the client x x x
BTS/Management plane Any ↔ ↔ BTS SM / NetAct/OMS Any TCP
external ftp client (passive ftp data) e.g.SCF + Perf.Data upload from TM to NetAct or BTS SM, triggered by ASN.1 (ftp will not be selected any more for >= RU20 but server is still reachable)
Yesalways on (<=RU20 EP1) default on (RU30) default off (RU40)
The remote system is the client x x x
NTP
BTS/Management plane 123 → ↔ NTP Server(Server 1, 2 or 3) 123 UDP NTP client No dynamic x x x
XoH
BTS/Management plane 12000 ← ↔ BTS SM Any TCP/TLS XoH connection Yes always on x x x
CMP and LDAP
BTS/Management plane or BTS/DHCP assigned Any → ↔ Certificate Authority
CA Server configurable TCP Certificate Management Protocolfor IPSec and TLS Yes dynamic x x x
BTS/Management plane or BTS/DHCP assigned Any → ↔ Certificate Repository
Configurable (in CRLDP extension of
the relevant certificate)TCP Certificate Revocation List (CRL) retrieval LDAP
over HTTP Yes dynamic x x x
BTS/Management plane or BTS/DHCP assigned Any → ↔ Authentication LDAP Server configurable TCP LDAP RUIM server Yes dynamic x x x
BTS/Management plane or BTS/DHCP assigned Any → ↔ Authentication LDAP Server configurable TCP/TLS LDAP RUIM server Yes dynamic x x x
Site support
BTS/SSE subnet N/A ↔ ↔ Site Support Management Any anyConnection between SSE and equipment on transport network N/A dynamic x x x
FlexiBTS
Nokia Solutions and Networks Issue 03 Confidential 9
Local system(NE/Functional unit/address) Local port Init Direction Direction Remote system
(NE/IP address) Remote port Protocol Service name / description Authentication Availability Remarks FSM-r2 FSM-r3 FlexiLite
Microwave Radio
Flexi Packet Radio Manager/ SSE subnet Any ↔ ↔ Flexi Packet Radio Any TCPFlexi Packet Radio Management(needs to be enabled via IP filtering exception rules)
N/A dynamic x x x
BTS/Management plane 27500 ← ↔ Flexi Hub MGR Any TCP Flexbus block management on FTFA/FTFB.Flexi Hub MGRaddress needs to be configured N/A always on x - -
Local ICMP
(192.168.255.129),BTS/Management plane andBTS/TRS
N/A ↔ ↔ Any N/A ICMP ICMP No always on x x x
Local DHCP
BTS/(255.255.255.255) 67 ← ← SSE (0.0.0.0) 68 UDP DHCP for SSE devices No dynamic x x x
BTS/TRS (DHCP Server) 67 → ↔ SSE/DHCP assigned 68 UDP DHCP for SSE devices No dynamic x x x
Local HTTP
(192.168.255.129),BTS/Management plane andBTS/TRS
80 ← ↔ BTS SM/ Web Browser any TCP File transfer via HTTP Yes always on x - -
(192.168.255.129),BTS/Management plane andBTS/TRS
443 ← ↔ BTS SM/ Web Browser any TCP/TLS
O&M operations- Session IOR retrieval from BTS SM- Webserver unauthenticated pages- Webserver authenticated page access. (e.g. log file retrieval, ping, reboot)
Yes always on x x x
(192.168.255.129),BTS/Management plane andBTS/TRS
6000 ← ↔ BTS SM any TCP File transfer via HTTP Yesalways on (<WN8.0)default on(>= LN1.0, >= WN8.0)
x x x
(192.168.255.129),BTS/Management plane andBTS/TRS
6001 ← ↔ BTS SM any TCP/TLS File transfer via HTTPS Yes always on x x x
(192.168.255.129),BTS/Management plane andBTS/TRS
any → ↔ BTS SM [13062..13092] TCP File transfer via HTTP Yesdynamic (<WN8.0)default on(>= LN1.0, >= WN8.0)
x x x
(192.168.255.129),BTS/Management plane andBTS/TRS
any → ↔ BTS SM [13062..13092] TCP/TLS File transfer via HTTPS Yesdynamic (<WN8.0)default on(>= LN1.0, >= WN8.0)
x x x
Local FTP
(192.168.255.129),BTS/Management plane andBTS/TRS
21 ← ↔ BTS SM(ftp control)) any TCP
external ftp client (control)file transfers from LMPBTS SM SCF upload from TM to BTS SM
Yesalways on (<=RU20 EP1) default on (RU30) default off (RU40)
x - -
(192.168.255.129),BTS/Management plane andBTS/TRS
20 ← ↔ BTS SM(active ftp data) any TCP
external ftp client (active ftp data)file transfers from LMPBTS SM SCF upload from TM to BTS SM (ftp will not be selected any more for >= RU20 but server is still reachable)
Yesalways on (<=RU20 EP1) default on (RU30) default off (RU40)
x - -
(192.168.255.129),BTS/Management plane andBTS/TRS
any ← ↔ BTS SM(passive ftp data) any TCP
external ftp client (passive ftp data)file transfers from LMPBTS SM SCF upload from TM to BTS SM (ftp will not be selected any more for >= RU20 but server is still reachable)
Yesalways on (<=RU20 EP1) default on (RU30) default off (RU40)
x - -
Local XoH
(192.168.255.129),BTS/Management plane andBTS/TRS
12000 ← ↔ BTS SM any TCP/TLS XoH connectionfrom/to LMP Yes always on x x x
FlexiBTS
Nokia Solutions and Networks Issue 03 Confidential 10
Local system(NE/Functional unit/address) Local port Init Direction Direction Remote system
(NE/IP address) Remote port Protocol Service name / description Authentication Availability Remarks FSM-r2 FSM-r3 FlexiLite
NSN Service interface
Remote R&D test interface
BTS/BTS address 15001 ← ↔ Tester Any TCP
TASSU (remote via TRS)- with RAN1209 disabled by default, can be enabled via BTS Site Manager.- no authentication-public FCM IP address not used in LTE
No default off x - -
BTS/BTS address 15002 ← ↔ Tester Any TCP
DSP Browser (remote via TRS)- with RAN1209 disabled by default, can be enabled via BTS Site Manager.- no authentication-public FCM IP address not used in LTE
No default off x - -
BTS/BTS address 15003 ← ↔ Tester Any TCP
BTS Browser (remote via TRS)- with RAN1209 disabled by default, can be enabled via BTS Site Manager.- no authentication- public FCM IP address not used in LTE
No default off x - -
BTS/BTS address 15004 ← ↔ Tester Any TCP
BTS Log (remote via TRS)-with RAN1209 disabled by default, can be enabled via BTS Site Manager.- no authentication-public FCM IP address not used in LTE
No default off x - -
BTS/BTS address 15005 ← ↔ Tester Any TCP
Tester IF port (remote via TRS)-with RAN1209 disabled by default, can be enabled via BTS Site Manager- no authentication- public FCM IP address not used in LTE
No default off x - -
BTS/Management plane 15001 ← ↔ Tester Any TCP TASSU (NSN R&D) No default off - x x
BTS/Management plane 15002 ← ↔ Tester Any TCP DSP Browser (NSN R&D) No default off - x x
BTS/Management plane 15003 ← ↔ Tester Any TCP BTS Browser (NSN R&D) No default off - x x
BTS/Management plane 15004 ← ↔ Tester Any TCP BTS Logs (NSN R&D) No default off - x x
BTS/Management plane 15005 ← ↔ Tester Any TCP Tester Interface Port (NSN R&D) No default off - x x
BTS/Management plane 15006 ← ↔ Tester Any TCP GPS Maintenance Access (NSN R&D) No default off - x -
Remote Telnet
BTS/BTS address 23 ← ↔ Telnet Client Any TCP
Telnet on FCM (remote) - R&D purposes, login rejected in FCM by default, must be enabled by BTS SM, - authentication WCDMA: fixed account,- TM forwarding is not restricted
Yes default on x - -
Remote SSH
BTS/Management plane 22 ← ↔ SSH Client Any TCP SSH on FTM Yes default off x - -
BTS/Management plane 22 ← ↔ SSH Client Any TCP SSH on FCT Yes default off - x x
Remote FTP
BTS/Management plane 21 ← ↔ FTP client Any TCP FTP Yesalways on (<=RU20 EP1) default on (RU30) default off (RU40)
x - -
BTS/Management plane 20 ← ↔ FTP client Any TCP FTP Yesalways on (<=RU20 EP1) default on (RU30) default off (RU40)
x - -
BTS/Management plane Any ← ↔ FTP client Any TCP FTP Yesalways on (<=RU20 EP1) default on (RU30) default off (RU40)
x - -
Local FTP at FTM
(192.168.255.129),BTS/Management plane andBTS/TRS
21 ← ↔ FTP client any TCP FTPto/from LMP Yes
always on (<=RU20 EP1) default on (RU30) default off (RU40)
x - -
FlexiBTS
Nokia Solutions and Networks Issue 03 Confidential 11
Local system(NE/Functional unit/address) Local port Init Direction Direction Remote system
(NE/IP address) Remote port Protocol Service name / description Authentication Availability Remarks FSM-r2 FSM-r3 FlexiLite
(192.168.255.129),BTS/Management plane andBTS/TRS
20 ← ↔ FTP client any TCP FTPto/from LMP Yes
always on (<=RU20 EP1) default on (RU30) default off (RU40)
x - -
(192.168.255.129),BTS/Management plane andBTS/TRS
any ← ↔ FTP client any TCP FTPto/from LMP Yes
always on (<=RU20 EP1) default on (RU30) default off (RU40)
x - -
Local SSH
(192.168.255.129),BTS/Management plane andBTS/TRS
22 ← ↔ SSH Client any TCP SSH on FTMto/from LMP Yes default off x x x
IPA RNC
Nokia Solutions and Networks Issue 03 Confidential 12
Local system(NE/Functional unit/) Local port Init Direction Traffic Direction Remote system
(NE/Functional unit/) Remote port Protocol Service name / description
Authenticated Service Remarks
User plane, control plane, synchronization plane
General
RNC/any N/A ↔ ↔ Any N/A ICMP ICMP No
RNC/Interface [33434 ... 33933] ← ← Any Any UDP Traceroute No
RNC/interface [32768 … 65535] → → Any [33434 ... 33933] UDP Traceroute No
OSPF
RNC/interface N/A ↔ ↔ Adjacent routers N/A OSPF OSPF No
RNC/interface N/A → → Multicast N/A OSPF OSPF No
RNC/Multicast N/A ← ← Adjacent routers N/A OSPF OSPF No
RNC/Management plane N/A ↔ ↔ Adjacent routers N/A OSPF OSPF No
RNC/Management plane N/A → → Multicast N/A OSPF OSPF No
BFD
RNC/BFD 4784 → → BTS/BFD , Neighbour RNC 4784 UDP Multi-hop BFD No
RNC/BFD 4784 ← ← BTS/BFD 4784, [49152 … 65535] UDP Multi-hop BFD No
RNC/BFD 4784 ← ← Neighbour RNC 4784 UDP Multi-hop BFD No
RNC/BFD 3784 ← ← RNC site routers Any UDP Single-hop BFD No
RNC/BFD 49152 → → RNC site routers 3784 UDP Single-hop BFD No
IPA RNC
Nokia Solutions and Networks Issue 03 Confidential 13
Local system(NE/Functional unit/) Local port Init Direction Traffic Direction Remote system
(NE/Functional unit/) Remote port Protocol Service name / description
Authenticated Service Remarks
Iub user plane, control plane
RNC/Control plane Configurable → ↔ BTS/Control plane Configurable SCTP Iub Control Plane NoPorts should be the same in RNC and in BTS for a given SCTP association.2..7 ports from [49152..65535]
RNC/User plane Configurable ↔ ↔ BTS/User plane [49152 … 65535] UDP Iub User Plane No configurable range [start..65535]
Iur user plane, control plane
RNC/Control plane Configurable ↔ ↔ Neighbour RNC/Flexi Direct BTS Configurable SCTP Iur Control Plane No Server role is configurable
RNC/User plane Any ↔ ↔ Neighbour RNC/Flexi Direct BTS Any UDP Iur User Plane No
Iu user plane, control plane
RNC/Control plane Configurable → ↔ 3G SGSN Configurable SCTP IuPS Control Plane No
RNC/User plane 2152 ↔ ↔ 3G SGSN 2152 UDP IuPS User Plane No
RNC/User plane 2152 ↔ ↔ 3G GGSN 2152 UDP IuPS User Plane No Direct tunnel connection
RNC/Control plane Configurable → ↔ MSC Server Configurable SCTP IuCS Control Plane No
RNC/User plane Any ↔ ↔ MGW Any UDP IuCS User Plane No
Iu-PC
RNC/Iu-PC Any → ↔ SAS 2905 SCTP IuPC NoOnly applicable if NPGE or NPS1 units do not exist in the RNC. (when RSMU is directly to SAS using Ethernet through ESA)
Iu-BC
RNC/Iu-BC 3452 ← ↔ CBC Any TCP Iu-BC No
IPA RNC
Nokia Solutions and Networks Issue 03 Confidential 14
Local system(NE/Functional unit/) Local port Init Direction Traffic Direction Remote system
(NE/Functional unit/) Remote port Protocol Service name / description
Authenticated Service Remarks
RNC/Iu-BC 3453 → ↔ CBC 3452 TCP Iu-BC No
Monitoring
RNC/UDP echo 7 ← ↔ BTS, Remote test tool Configurable UDP UDP echo No
RNC/TWAMP reflector 1000 ← ↔ BTS, TWAMP sender Configurable UDP TWAMP No
RNC/TWAMP sender 5000 → ↔ BTS, TWAMP reflector Configurable UDP TWAMP No
Management plane
General
RNC/Management plane 8002 ← ↔ BTS/Management plane Any TCP BTS O&M interface No
RNC/Management plane 8003 ← ↔ BTS/Management plane Any TCP/TLS Secure BTS O&M
interface Yes
RNC/Monitoring address 8019 ← ↔ RNC collector tool Any TCP RNC collector tool No
RNC/Monitoring address Configurable → ↔ RNC collector tool Configurable TCP RNC collector tool No
RNC/Monitoring address Configurable → ↔ RNC collector tool Configurable UDP RNC collector tool No
RNC/Monitoring address 8021 ← ↔ RNC collector tool Any TCP RNC collector tool Yes
RNC/Management plane 80 ← ↔ OMS EM Any TCP HTTP Yes
Display, modification and activation of configuration files. Requires authentication. From RU40 onwards it is recommended to disable the service.
IPSec
RNC/Management plane 500 ↔ ↔ NetAct VPN GW, OMS 500 UDP IKE Yes
RNC/Management plane N/A ↔ ↔ NetAct VPN GW, OMS N/A ESP (IP protocol 50) ESP Yes
IPA RNC
Nokia Solutions and Networks Issue 03 Confidential 15
Local system(NE/Functional unit/) Local port Init Direction Traffic Direction Remote system
(NE/Functional unit/) Remote port Protocol Service name / description
Authenticated Service Remarks
RNC/Management plane N/A ↔ ↔ NetAct VPN GW, OMS N/A AH (IP protocol 51) AH Yes
Traffica
RNC/Management plane 60000 ↔ ↔ Traffica Any UDP Traffica reporting No
Internal File Transfer
RNC/Management plane 21 ← ↔ OMS Any TCP FTP (control) Yes OMS is the client
RNC/Management plane 20 → ↔ OMS Any TCP FTP(active FTP data) Yes OMS is the client
RNC/Management plane [49152 ... 65535] ← ↔ OMS Any TCP FTP(passive FTP data) Yes OMS is the client
RNC/Management plane [49152 ... 65535] → ↔ OMS 21 TCP FTP (control) Yes OMS is the server
RNC/Management plane [49152 ... 65535] ← ↔ OMS 20 TCP FTP(active FTP data) Yes OMS is the server
RNC/Management plane [49152 ... 65535] → ↔ OMS Any TCP FTP(passive FTP data) Yes OMS is the server
NetAct File Transfer
RNC/Management plane 21 ← ↔ NetAct Any TCP FTP (control) Yes NetAct is the client
RNC/Management plane 20 → ↔ NetAct Any TCP FTP (active FTP data) Yes
RNC/Management plane [49152 ... 65535] ← ↔ NetAct Any TCP FTP (passive FTP data) Yes
Management connections
RNC/Management plane 22 ← ↔ OMS Any TCP SSH Yes SFTP is also using this connection (SFTP over SSH)
RNC/Management plane [49152 ... 65535] → ↔ OMS 22 TCP SSH Yes SFTP
RNC/Management plane [49152 ... 65535] → ↔ OMS 8002 TCP BTS O&M No
IPA RNC
Nokia Solutions and Networks Issue 03 Confidential 16
Local system(NE/Functional unit/) Local port Init Direction Traffic Direction Remote system
(NE/Functional unit/) Remote port Protocol Service name / description
Authenticated Service Remarks
RNC/Management plane [49152 ... 65535] → ↔ OMS 8003 TCP/TLS Secure BTS O&M Yes
RNC/Management plane 22 ← ↔ NetAct Any TCP SSH Yes SFTP is also using this connection (SFTP over SSH)
RNC/Management plane 23 ← ↔ NetAct Any TCP Telnet Yes
RNC/Management plane 22 ← ↔ OMS EM Any TCP SSH Yes
Other NetAct connections
RNC/Management plane [49152 ... 65535] → ↔ NetAct 389 TCP LDAP Yes
RNC/Management plane [49152 ... 65535] → ↔ NetAct 389 TCP LDAP over SSL Yes
ESA24 management
RNC/ESA24 22 ← ↔ OMS EM Any TCP SSH Yes
RNC/ESA24 23 ← ↔ OMS EM Any TCP Telnet Yes
NTP
RNC/Management plane 123 → ↔ NTP server 123 UDP NTP No
DNS
RNC/Management plane [49152 ... 65535] → ↔ DNS server 53 UDP DNS No
Certificate management
RNC/Management plane [49152 ... 65535] → ↔ Certification Authority server Configurable TCP CMP over HTTP Yes Configurable port. CMP over HTTP, configurable
based on CA server configuration
RNC/Management plane [49152 ... 65535] → ↔ Certification Authority certificate repository Configurable TCP LDAP No Configurable port. CA certificate retrieval
IPA RNC
Nokia Solutions and Networks Issue 03 Confidential 17
Local system(NE/Functional unit/) Local port Init Direction Traffic Direction Remote system
(NE/Functional unit/) Remote port Protocol Service name / description
Authenticated Service Remarks
Remote connections (only NSN services interface, manufacturing related and IPoATM)
RNC/OMU 67 ← ← BTS/(0.0.0.0) 68 UDP DHCP No
This port is used only for IPoATM.It does not accept packets through the Ethernet interface.The OMU does not respond to standard DHCP requests since some proprietary extensions are required.
RNC/OMU 67 → → BTS/DHCP assigned address 68 UDP DHCP No This port is used only for IPoATM.
RNC/NPS1/broadcast 67 ← ← BTS/(0.0.0.0) 68 UDP DHCP No
Only applicable for FlexiBTS, for IPoATM with NPS1. The NPS1 does not respond to standard DHCP requests since some proprietary extensions are required.
RNC/NPS1/IF address 67 → → BTS/DHCP assigned address 68 UDP DHCP No
Only applicable for FlexiBTS, for IPoATM with NPS1.The return packet is unicast to the leased address.This service does not respond to standard DHCP requests since some proprietary extensions are required.
RNC/Management plane 21 ← ↔IPA RNC maintenance workstation Any TCP FTP (control) Yes Local monitoring workstation is the client
RNC/Management plane 20 → ↔IPA RNC maintenance workstation Any TCP
FTP (active FTP data) Yes
RNC/Management plane [49152 ... 65535] ← ↔IPA RNC maintenance workstation Any TCP
FTP (passive FTP data) Yes
RNC/Management plane 22 ← ↔IPA RNC maintenance workstation Any TCP SSH Yes
SFTP is also using this connection (SFTP over SSH)
OMS
Nokia Solutions and Networks Issue 03 Confidential 18
Local system(NE/Functional unit/address)
Local port Init Direction Traffic DirectionRemote system(NE/Functional unit/address)
Remote port Protocol Service name / description
Authenticated Service Remarks
General
OMS N/A ↔ ↔ Any N/A ICMP ICMP No
IPSec
OMS 500 → ↔ NetAct VPN GW, RNC/Management plane 500 UDP IKE Yes
OMS N/A ↔ ↔ NetAct VPN GW, RNC/Management plane N/A ESP (IP protocol 50) ESP Yes
OMS N/A ↔ ↔ NetAct VPN GW, RNC/Management plane N/A AH (IP protocol 51) AH Yes
RNC File Transfer
OMS [54000 ... 65535] → ↔ RNC/Management plane 21 TCP FTP (control) Yes
OMS [54000 ... 65535] ← ↔ RNC/Management plane 20 TCP FTP(active FTP data) Yes
OMS [54000 ... 65535] → ↔ RNC/Management plane Any TCP FTP(passive FTP data) Yes
OMS 80 ← ↔RNC/Management plane, Flexi Direct RNC/Management plane
Any TCP HTTP Yes
OMS 443 ← ↔RNC/Management plane, Flexi Direct RNC/Management plane
Any TCP/TLS HTTPS Yes
OMS [54000 ... 65535] → ↔RNC/Management plane, Flexi Direct RNC/Management plane
80 TCP HTTP Yes
OMS [54000 ... 65535] → ↔RNC/Management plane, Flexi Direct RNC/Management plane
443 TCP/TLS HTTPS Yes
OMS(FTP server) 21 ← ↔ RNC/Management plane Any TCP FTP (control) Yes
OMS(FTP server) 20 → ↔ RNC/Management plane Any TCP FTP
(active FTP data) Yes
OMS(FTP server)
[50000 ...51 000] ← ↔ RNC/Management plane Any TCP FTP
(passive FTP data) Yes
OMS
Nokia Solutions and Networks Issue 03 Confidential 19
Local system(NE/Functional unit/address)
Local port Init Direction Traffic DirectionRemote system(NE/Functional unit/address)
Remote port Protocol Service name / description
Authenticated Service Remarks
BTS File Transfer
OMS 21 ← ↔ BTS/Management plane Any TCP FTP (control) YesSW DL. For Ultrasite this connection is used also with O&M security as there is no secure alternative.
OMS 20 → ↔ BTS/Management plane Any TCP FTP (active FTP data) Yes
SW DL. For Ultrasite this connection is used also with O&M security as there is no secure alternative.
OMS [50000 ...51 000] ← ↔ BTS/Management plane Any TCP FTP (passive FTP
data) YesSW DL. For Ultrasite this connection is used also with O&M security as there is no secure alternative.
OMS [54000 ... 65535] → ↔ BTS/Management plane 21 TCP FTP (control) YesPerformance data upload. For Ultrasite this connection is used also with O&M security as there is no secure alternative.
OMS [54000 ... 65535] ← ↔ BTS/Management plane 20 TCP FTP (active FTP data) Yes
Performance data upload. For Ultrasite this connection is used also with O&M security as there is no secure alternative.
OMS [54000 ... 65535] ↔ ↔ BTS/Management plane Any TCP FTP (passive FTP data) Yes
Performance data upload. For Ultrasite this connection is used also with O&M security as there is no secure alternative.
OMS 80 ← ↔ BTS/Management plane Any TCP File transfer via HTTP Yes For Ultrasite this connection is used also with
O&M security as there is no secure alternative.
OMS 443 ← ↔ BTS/Management plane Any TCP/TLS File transfer via HTTPS Yes For Ultrasite this connection is used also with
O&M security as there is no secure alternative.
OMS 80 ← ↔ BTS/DHCP assigned Any TCP File transfer via HTTP Yes Autoconfiguration commissioning file download
OMS 443 ← ↔ BTS/DHCP assigned Any TCP/TLS File transfer via HTTPS Yes Autoconfiguration commissioning file download
OMS [54000 ... 65535] → ↔ BTS/Management plane 6000 TCP HTTP server YesO&M operations. For Ultrasite the connection is used also with O&M security as there is no secure alternative.
OMS [54000 ... 65535] → ↔ BTS/Management plane 6001 TCP/TLS HTTPS server Yes O&M operations
NetAct File Transfer
OMS 21 ← ↔ NetAct Any TCP FTP (control) Yes NetAct is the client
OMS 20 → ↔ NetAct Any TCP FTP (active FTP data) Yes NetAct is the client
OMS [50000 ...51000] ← ↔ NetAct Any TCP FTP (passive FTP
data) Yes NetAct is the client
Note 1: From RU20 onwards, the services are available. However they will not normally selected for file transfer since secure file transfer over HTTP is also available.
OMS
Nokia Solutions and Networks Issue 03 Confidential 20
Local system(NE/Functional unit/address)
Local port Init Direction Traffic DirectionRemote system(NE/Functional unit/address)
Remote port Protocol Service name / description
Authenticated Service Remarks
Note 2: FTP not needed to normal usage. It is available e.g. for local management usage
OMS [54000 ... 65535] → ↔ NetAct 21 TCP FTP (control) Yes NetAct is the server
OMS [54000 ... 65535] ← ↔ NetAct 20 TCP FTP (active FTP data) Yes NetAct is the server
OMS [54000 ... 65535] → ↔ NetAct Any TCP FTP (passive FTP data) Yes NetAct is the server
OMS 80 ← ↔ NetAct Any TCP HTTP Yes
OMS 443 ← ↔ NetAct Any TCP/TLS HTTPS Yes
OMS [54000 ... 65535] → ↔ NetAct 80 TCP HTTP Yes
OMS [54000 ... 65535] → ↔ NetAct 443 TCP/TLS HTTPS Yes
Management connections
OMS [54000 ... 65535] → ↔ RNC/Management plane 22 TCP SSH Yes
OMS 22 ← ↔ RNC/Management plane any TCP SSH Yes SFTP
OMS 8002 ← ↔RNC/Management plane, Flexi Direct RNC/Management plane
any TCP BTS O&M No
OMS 8003 ← ↔RNC/Management plane, Flexi Direct RNC/Management plane
any TCP/TLS Secure BTS O&M Yes
OMS 8002 ← ↔ BTS/DHCP assigned any TCP BTS O&M NoTemporary management connection used when the BTS uses a DHCP server other than the RNC during autoconnection
OMS 8003 ← ↔ BTS/DHCP assigned any TCP/TLS Secure BTS O&M YesTemporary management connection used when the BTS uses a DHCP server other than the RNC during autoconnection
OMS 22 ← ↔ NetAct Any TCP SSH Yes
OMS
Nokia Solutions and Networks Issue 03 Confidential 21
Local system(NE/Functional unit/address)
Local port Init Direction Traffic DirectionRemote system(NE/Functional unit/address)
Remote port Protocol Service name / description
Authenticated Service Remarks
Other NetAct connections
OMS 53 ← ↔ NetAct Any TCP DNS No
OMS 53 ← ↔ NetAct Any UDP DNS No
OMS 636 ← ↔ NetAct Any TCP LDAP over SSL Yes AL / Parameter Tool
OMS [49152 … 49652] ← ↔ NetAct Any TCP NWI3 callbacks Yes
OMS Any → ↔ NetAct 53 TCP DNS No
OMS Any → ↔ NetAct 53 UDP DNS No
OMS [54000 ... 65535] → ↔ NetAct 389 TCP LDAP Yes RUIM
OMS [54000 ... 65535] → ↔ NetAct 389 TCP LDAP over SSL Yes RUIM
OMS [54000 ... 65535] → ↔ NetAct 7003 TCP NWI3 and OMS EM Yes
OMS [54000 ... 65535] → ↔ NetAct [7021 … 7023] TCP NWI3 and OMS EM Yes
OMS [54000 ... 65535] → ↔ NetAct [7171 … 7190] TCP NWI3 and OMS EM Yes
OMS [54000 ... 65535] → ↔ NetAct [8209 … 8210] TCP NWI3 and OMS EM Yes
OMS [54000 ... 65535] → ↔ NetAct 19020 TCP NWI3 and OMS EM Yes
OMS [54000 ... 65535] → ↔ NetAct [49152 … 49652] TCP NWI3 and OMS EM Yes
DNS
OMS [54000 ... 65535] → ↔ DNS server 53 UDP DNS No
Element manager connections
OMS 22 ← ↔ OMS EM Any TCP SSH Yes
OMS 80 ← ↔ OMS EM Any TCP HTTP Yes
OMS
Nokia Solutions and Networks Issue 03 Confidential 22
Local system(NE/Functional unit/address)
Local port Init Direction Traffic DirectionRemote system(NE/Functional unit/address)
Remote port Protocol Service name / description
Authenticated Service Remarks
OMS 443 ← ↔ OMS EM Any TCP/TLS HTTPS Yes
OMS 636 ← ↔ OMS EM Any TCP LDAP over SSL Yes
OMS [49152 … 49652] ← ↔ OMS EM Any TCP NWI3 callbacks Yes
OMS [54000 ... 65535] → ↔ OMS EM 80 TCP HTTP Yes
OMS [54000 ... 65535] → ↔ OMS EM 443 TCP/TLS HTTPS Yes
OMS [54000 ... 65535] → ↔ OMS EM [49152 … 49652] TCP NWI3 callbacks Yes
OMS [54000 ... 65535] → ↔ OMS EM 49300 TCP/TLS NWI3 CM Yes
NTP
OMS 123 ← ↔ NTP client, NetAct, RNC/Management plane 123 UDP NTP No
In particular, BTS can be a client.The client functionality is disabled by default in OMU.
OMS 123 → ↔ NetAct 123 UDP NTP No
ESA24/ESA40 management
OMS [54000 ... 65535] → ↔ RNC/ESA24/ESA40 161 TCP SNMP Yes SNMP-based supervision of ESA24/ESA40. Disabled by default.
OMS N/A → ↔ RNC/ESA24/ESA40 162 TCP SNMP Yes SNMP-based supervision of ESA24/ESA40. Disabled by default.
OMS 161 ← ↔ RNC/ESA24/ESA40 N/A TCP SNMP Yes SNMP-based supervision of ESA24/ESA40. Disabled by default.
OMS 162 ← ↔ RNC/ESA24/ESA40 N/A TCP SNMP Yes SNMP-based supervision of ESA24/ESA40. Disabled by default.
iLO2 / HP G6
OMS / System NIC 161 ← ↔ HP SIM Any UDP SNMP No SNMP access.
OMS / System NIC Any → → HP SIM 162 UDP SNMP No SNMP Alerts / Traps.
OMS / iLO NIC 22 ← ↔ HP SIM N/A TCP SSH Yes Secure Shell (SSH) Connections. Enabled by default: Yes
OMS / iLO NIC 23 ← ↔ HP SIM N/A TCP Telnet No Remote graphical console, remote text console, virtual serial port. Enabled by default: Yes.
OMS / iLO NIC 80 ← ↔ HP SIM N/A TCP HTTP No HTTP interface to iLO management board. Enabled by default: Yes.
OMS
Nokia Solutions and Networks Issue 03 Confidential 23
Local system(NE/Functional unit/address)
Local port Init Direction Traffic DirectionRemote system(NE/Functional unit/address)
Remote port Protocol Service name / description
Authenticated Service Remarks
OMS / iLO NIC 443 ← ↔ HP SIM N/A TCP / TLS HTTPS Yes SSL access to iLO management board. Encrypted XML access. Enabled by default: Yes.
OMS / iLO NIC 17988 ← ↔ HP SIM N/A TCP Virtual Media Yes Virtual Media Port. Enabled by default: Yes.
OMS / iLO NIC 636 ← ↔ HP SIM N/A LDAP LDAP YesSecure connection to the directory server. Enabled by default: Yes, if directory support is enabled.
OMS / iLO NIC 3389 ← ↔ HP SIM N/A RDP RDC / TS YesTerminal Services session software based remote console using Microsoft Windows (RDC / TS). Enabled by default: Yes.
OMS / iLO NIC 9300 ← ↔ HP SIM N/A TCP Telnet No Multi-user remote console. Enabled by default: No.
OMS / iLO NIC 17990 ← ↔ HP SIM N/A TCP Telnet No Console replay. Enabled by default: No.
Based on HP documentation: HP integrated Lights-Out security; Technology brief, 7th Edition (http://www.officeproductnews.net/sites/www.officeproductnews.net/files/imce/HPWhitepaper_1.pdf)
iLO4 / HP Gen 8
OMS / iLO NIC 161 ← ↔ HP SIM Any UDP SNMP No SNMP access.
OMS / iLO NIC Any → → HP SIM 162 UDP SNMP No SNMP Alerts / Traps.
OMS / iLO NIC 22 ← ↔ HP SIM N/A TCP SSH Yes Secure Shell (SSH) Port
OMS / iLO NIC 17990 ← ↔ HP SIM N/A TCP Remote Console protocol Yes Remote Console Port
OMS / iLO NIC 80 ← ↔ HP SIM N/A TCP HTTP No Web Server Non-SSL Port
OMS / iLO NIC 443 ← ↔ HP SIM N/A TCP / TLS HTTPS Yes Web Server SSL Port
OMS / iLO NIC 17988 ← ↔ HP SIM N/A TCP Virtual Media Yes Virtual Media Port
OMS / iLO NIC 623 ← ↔ HP SIM N/A IPMI over LANIntelligent Platform Management Interface (IPMI)
Yes Configuring IPMI / DCMI settings
Based on HP documentation: HP iLO 4 User Guide (http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c03334051-10.pdf)
Certificate management
OMS [54000 ... 65535] → ↔ Certification Authority server Configurable TCP CMP over HTTP Yes
OMS [54000 ... 65535] → ↔ Certification Authority certificate repository Configurable TCP LDAP No