To configure your network firewall for day 0 bring up & day N operations of Celona Edge & AP (software version 2206 & above), please see the following table -
Outbound Edge to Orchestrator
URL | Port | Protocol | Purpose |
cso.celona.io | 443 | TCP | Discovery, Configuration & Reporting |
cso.celona.io | 22 | TCP | Troubleshooting |
grpclb-cso.celona.io | 443 | TCP | gRPC connection |
psereg-cso.celona.io | 443 | TCP | Registration |
Outbound Edge to Internet
URL | Port | Protocol | Purpose |
tp2.celona.io | 443 | TCP | Troubleshooting |
tp6.celona.io | 443 | TCP | Troubleshooting |
sas.goog | 443 | TCP | Google SAS communication |
spectrum-connect.federatedwireless.com | 443 | TCP | Federated Wireless SAS communication |
ntp.ubuntu.com | 123 | UDP | If no internal NTP server is configured via DHCP option 42, Edge reaches out to internet for time synchronization |
*.ubuntu.pool.ntp.org | 123 | UDP | If no internal NTP server is configured via DHCP option 42, Edge reaches out to internet for time synchronization |
Outbound Edge to Enterprise Network
IP Address | Port | Protocol | Purpose |
NTP server IP Address | 123 | UDP | Edge configured with internal NTP server via DHCP option 42 |
Outbound Access Point to Edge
Port | Protocol | Purpose |
2123 | UDP | GTP Control from AP to Edge |
2152 | UDP | GTP Data from AP to Edge |
36412 | SCTP | S1 connection from AP to Edge |
38412 | SCTP | For 5G only S1/NG connection from AP to Edge |
36003 | TCP | AP Configuration via TR-069 |
36037 | TCP | Metrics data from AP to Edge |
36363 | TCP | Log data from AP to Edge |
6001 | UDP | Troubleshooting data from AP to Edge |
Not Applicable | ICMP | Basic network troubleshooting from AP to Edge & vice versa |
36004 | TCP | For 5G only 5G AP Configuration via NETCONF |
4500/500 | UDP | IPsec from AP to Edge (if IPsec is enabled) |
Outbound Edge to Access Point
7547 | TCP | Edge fallback communication to AP |
22 | TCP | AP Software upgrades and troubleshooting |
Not Applicable | ICMP | Basic network troubleshooting from AP to Edge & vice versa |
Outbound Access Point to Orchestrator
URL | Port | Protocol | Purpose |
cso.celona.io | 443 | TCP | AP discovery and configuration |
ap5g-cso.celona.io | 443 | TCP | For 5G only 5G AP discovery and configuration via Netconf |
Outbound Access Point to Internet
URL/IP Address | Port | Protocol | Purpose |
* | 123 | UDP | If no internal NTP server is configured via DHCP option 42, AP reaches out to the internet for time synchronization |
44.232.5.149 | 22 | TCP | AP Call Home |
Outbound Access Point to Enterprise Network
IP Address | Port | Protocol | Purpose |
NTP server IP Address | 123 | UDP | If the internal network NTP server is configured via DHCP option 42 on AP |
PTP server IP | 319 | UDP | PTP Time synchronization |
PTP server IP | 320 | UDP | PTP Time synchronization |
Outbound from Device to Internet for eSIM provisioning
URL/IP Address | Port | Protocol | Purpose |
sm-v4-072-d-gtm.pr.go-esim.com | 443 | TCP | SMDP+ server URL that hosts eSIM profiles. Devices connect to the SMDP+ server and download the eSIM profile |
Access to NTP
Celona Edge nodes and Celona Access Point devices require access to NTP for initial time synchronization. Please ensure your firewall permits access from the Celona Edge and Access Points to NTP (typically this is server port 123).
Another, more preferred option for the initial time synchronization is DHCP option 42, which allows for NTP servers to be listed through DHCP. If your DHCP server is configured for DHCP option 42, then the Celona devices will utilize that DHCP option to configure their NTP time server.
Next up, let's activate your Celona subscription licenses within Celona Orchestrator so that you can start configuring your end to end private cellular network. To learn how, see this article on activating Celona subscription licenses.