Below are the known ports that need to be configured as accessible by the Celona infrastructure - Celona access points and Celona Edge - within an existing enterprise network. Note that this list may change over time so make sure to review with every new Celona network installation within your environment.
Celona Access Points themselves require no inbound ports opened.
If NOT using Celona IPsec, the following inbound ports must be opened to Celona Edge nodes:
Between Celona CBRS Access Points and Celona Edge
Port | TCP/UDP/IP | Note |
132 | IP | SCTP |
2123 | UDP | GTP Control |
2152 | UDP | GTP Data |
443 | TCP | Provisioning |
If using Celona IPsec, the following inbound ports must be opened to Celona Edge nodes:
Port | TCP/UDP/IP | Note |
4500 | UDP | Celona IPsec1 |
500 | UDP | Celona IPsec2 |
Regardless of IPsec settings, Celona Access Points and Celona Edge nodes require outbound HTTPS access to the Celona Orchestrator:
Between Celona Edge and Celona Orchestrator
Port | TCP/UDP/IP | Note |
443 | TCP | Configuration |
Between Celona Access Points and Celona Orchestrator
Port | TCP/UDP/IP | Note |
443 | TCP | Provisioning |
For Edge & AP bringup in environments with restricted firewall please contact Celona Support (support@celona.io). URL allow list for these environments is -
sas.goog
spectrum-connect.federatedwireless.com
cso.celona.io
grpclb-cso.celona.io
psereg-cso.celona.io
tp2.celona.io
Next up, let's activate your Celona subscription licenses within Celona Orchestrator so that you can start configuring your end to end private cellular network. To learn how, see this article on activating Celona subscription licenses.