Celona Access Points, Edge, and Orchestrator must communicate over the existing enterprise LAN/WAN infrastructure to enable zero-touch provisioning and cloud-based management of the Private Wireless network. For seamless Day 0 & Day N operations of the Celona Private Wireless network, enterprise firewalls must be configured to allow specific discovery, management, provisioning, and troubleshooting functions.
Please refer to the following tables for detailed firewall configurations to allow communication between Celona AP, Edge, and Orchestrator (software version 2206 & above).
Outbound Edge to Orchestrator
URL | Port | Protocol | Purpose |
cso.celona.io | 443 | TCP | Discovery, Configuration & Reporting |
grpclb-v2-cso.celona.io | 443 | TCP | gRPC connection |
psereg-v2-cso.celona.io | 443 | TCP | Registration |
bootstrap-cso.celona.io | 443 | TCP | Edge Bootstrap |
grpclb-cso.celona.io | 443 | TCP | gRPC connection
|
psereg-cso.celona.io | 443 | TCP | Registration |
ap5g-cso.celona.io | 443 | TCP | Registration and feature configuration for 4G and 5G network |
Outbound Edge to the Internet
URL | Port | Protocol | Purpose |
tp2.celona.io | 443 | TCP | Troubleshooting |
tp6.celona.io | 443 | TCP | Troubleshooting |
sas.goog | 443 | TCP | Google SAS communication |
spectrum-connect.federatedwireless.com | 443 | TCP | Federated Wireless SAS communication |
ntp.ubuntu.com | 123 | UDP | If no internal NTP server is configured via DHCP option 42, Edge reaches out to the internet for time synchronization |
*.ubuntu.pool.ntp.org | 123 | UDP | If no internal NTP server is configured via DHCP option 42, Edge reaches out to the internet for time synchronization |
Apple application server | 5223 | TCP | This is applicable only if the Apple devices and native Apple applications (FaceTime, iMessage) need to be supported over Private Wireless |
Outbound Edge to Enterprise Network
IP Address | Port | Protocol | Purpose |
NTP server IP Address | 123 | UDP | Edge configured with internal NTP server via DHCP option 42 |
Outbound Access Point to Edge
Port | Protocol | Purpose |
2123 | UDP | GTP Control from AP to Edge |
2152 | UDP | GTP Data from AP to Edge |
36412 | SCTP | S1 connection from AP to Edge |
38412 | SCTP | For 5G only S1/NG connection from AP to Edge |
36003 | TCP | AP Configuration via TR-069 |
36037 | TCP | Metrics data from AP to Edge |
36363 | TCP | Log data from AP to Edge |
6001 | UDP | Troubleshooting data from AP to Edge |
6002 | TCP | AP to Edge telemetry |
Not Applicable | ICMP | Basic network troubleshooting from AP to Edge & vice versa |
36004 | TCP | For 5G only 5G AP Configuration via NETCONF |
Outbound Edge to Access Point
7547 | TCP | Edge fallback communication to AP |
22 | TCP | AP Software upgrades and troubleshooting |
Not Applicable | ICMP | Basic network troubleshooting from AP to Edge & vice versa |
Outbound Access Point to Orchestrator
URL | Port | Protocol | Purpose |
cso.celona.io | 443 | TCP | AP discovery and configuration |
ap5g-cso.celona.io | 443 | TCP | For 5G only 5G AP discovery and configuration via Netconf |
bootstrap-cso.celona.io | 443 | TCP | For 4G only AP Bootstrap |
Outbound Access Point to the Internet
URL/IP Address | Port | Protocol | Purpose |
* | 123 | UDP | If no internal NTP server is configured via DHCP option 42, AP reaches out to the internet for time synchronization |
Outbound Access Point to Enterprise Network
IP Address | Port | Protocol | Purpose |
NTP server IP Address | 123 | UDP | If the internal network NTP server is configured via DHCP option 42 on AP |
PTP server IP | 319 | UDP | PTP Time synchronization |
PTP server IP | 320 | UDP | PTP Time synchronization |
Outbound from a Device to the Internet for eSIM provisioning
URL/IP Address | Port | Protocol | Purpose |
sm-v4-072-d-gtm.pr.go-esim.com | 443 | TCP | SMDP+ server URL that hosts eSIM profiles. Devices connect to the SMDP+ server and download the eSIM profile |
Access to NTP
Celona Edge nodes and Celona Access Points require access to NTP for initial time synchronization. Please ensure your firewall permits access from the Celona Edge and Access Points to NTP (typically, this is server port 123).
Another, more preferred option for the initial time synchronization is DHCP option 42, which allows NTP servers to be listed through DHCP. If your DHCP server is configured for DHCP option 42, then the Celona devices will utilize that DHCP option to configure their NTP time server.
Support for Native Apple Apps (Facetime, iMessage)
Outbound from Apple device to Application server
URL/IP Address | Port | Protocol | Purpose |
Apple Application Server IP address | 5223 | TCP | Support for Native Apple applications, such as, Facetime & iMessage |