Skip to main content
All CollectionsGetting Started with Celona 5G LAN
Network Prerequisites - Firewall Configuration
Network Prerequisites - Firewall Configuration

List of known ports & URLs that need to be opened for the Celona network

Team Celona avatar
Written by Team Celona
Updated over 7 months ago

Celona Access Points, Edge, and Orchestrator must communicate over the existing enterprise LAN/WAN infrastructure to enable zero-touch provisioning and cloud-based management of the Private Wireless network. For seamless Day 0 & Day N operations of the Celona Private Wireless network, enterprise firewalls must be configured to allow specific discovery, management, provisioning, and troubleshooting functions.

Please refer to the following tables for detailed firewall configurations to allow communication between Celona AP, Edge, and Orchestrator (software version 2206 & above).

Outbound Edge to Orchestrator

URL

Port

Protocol

Purpose

cso.celona.io

443

TCP

Discovery, Configuration & Reporting

grpclb-v2-cso.celona.io

443

TCP

gRPC connection

psereg-v2-cso.celona.io

443

TCP

Registration

bootstrap-cso.celona.io

443

TCP

Edge Bootstrap

grpclb-cso.celona.io

443

TCP

gRPC connection

psereg-cso.celona.io

443

TCP

Registration

ap5g-cso.celona.io

443

TCP

Registration and

feature configuration for 4G and 5G network

Outbound Edge to the Internet

URL

Port

Protocol

Purpose

tp2.celona.io

443

TCP

Troubleshooting

tp6.celona.io

443

TCP

Troubleshooting

sas.goog

443

TCP

Google SAS communication

spectrum-connect.federatedwireless.com

443

TCP

Federated Wireless SAS communication

ntp.ubuntu.com

123

UDP

If no internal NTP server is configured via DHCP option 42, Edge reaches out to the internet for time synchronization

*.ubuntu.pool.ntp.org

123

UDP

If no internal NTP server is configured via DHCP option 42, Edge reaches out to the internet for time synchronization

Apple application server

5223

TCP

This is applicable only if the Apple devices and native Apple applications (FaceTime, iMessage) need to be supported over Private Wireless

Outbound Edge to Enterprise Network

IP Address

Port

Protocol

Purpose

NTP server IP Address

123

UDP

Edge configured with internal NTP server via DHCP option 42

Outbound Access Point to Edge

Port

Protocol

Purpose

2123

UDP

GTP Control from AP to Edge

2152

UDP

GTP Data from AP to Edge

36412

SCTP

S1 connection from AP to Edge

38412

SCTP

For 5G only

S1/NG connection from AP to Edge

36003

TCP

AP Configuration via TR-069

36037

TCP

Metrics data from AP to Edge

36363

TCP

Log data from AP to Edge

6001

UDP

Troubleshooting data from AP to Edge

6002

TCP

AP to Edge telemetry

Not Applicable

ICMP

Basic network troubleshooting from AP to Edge & vice versa

36004

TCP

For 5G only

5G AP Configuration via NETCONF

Outbound Edge to Access Point

7547

TCP

Edge fallback communication to AP

22

TCP

AP Software upgrades and troubleshooting

Not Applicable

ICMP

Basic network troubleshooting from AP to Edge & vice versa

Outbound Access Point to Orchestrator

URL

Port

Protocol

Purpose

cso.celona.io

443

TCP

AP discovery and configuration

ap5g-cso.celona.io

443

TCP

For 5G only

5G AP discovery and configuration via Netconf

bootstrap-cso.celona.io

443

TCP

For 4G only

AP Bootstrap

Outbound Access Point to the Internet

URL/IP Address

Port

Protocol

Purpose

*

123

UDP

If no internal NTP server is configured via DHCP option 42, AP reaches out to the internet for time synchronization

Outbound Access Point to Enterprise Network

IP Address

Port

Protocol

Purpose

NTP server IP Address

123

UDP

If the internal network NTP server is configured via DHCP option 42 on AP

PTP server IP

319

UDP

PTP Time synchronization

PTP server IP

320

UDP

PTP Time synchronization

Outbound from a Device to the Internet for eSIM provisioning

URL/IP Address

Port

Protocol

Purpose

sm-v4-072-d-gtm.pr.go-esim.com

443

TCP

SMDP+ server URL that hosts eSIM profiles. Devices connect to the SMDP+ server and download the eSIM profile

Access to NTP

Celona Edge nodes and Celona Access Points require access to NTP for initial time synchronization. Please ensure your firewall permits access from the Celona Edge and Access Points to NTP (typically, this is server port 123).

Another, more preferred option for the initial time synchronization is DHCP option 42, which allows NTP servers to be listed through DHCP. If your DHCP server is configured for DHCP option 42, then the Celona devices will utilize that DHCP option to configure their NTP time server.

Support for Native Apple Apps (Facetime, iMessage)

Outbound from Apple device to Application server

URL/IP Address

Port

Protocol

Purpose

Apple Application Server IP address

5223

TCP

Support for Native Apple applications, such as, Facetime & iMessage

Did this answer your question?