All Collections
Getting Started with Celona 5G LAN
Network Prerequisites - Firewall Configuration
Network Prerequisites - Firewall Configuration
List of known ports & URLs that need to be opened for the Celona network
Team Celona avatar
Written by Team Celona
Updated over a week ago

Celona Access Points, Edge, and Orchestrator must communicate over the existing enterprise LAN/WAN infrastructure to enable zero-touch provisioning and cloud-based management of the Private Wireless network. For seamless Day 0 & Day N operations of the Celona Private Wireless network, enterprise firewalls must be configured to allow specific discovery, management, provisioning, and troubleshooting functions.

Please refer to the following tables for detailed firewall configurations to allow communication between Celona AP, Edge, and Orchestrator (software version 2206 & above).

Outbound Edge to Orchestrator

URL

Port

Protocol

Purpose

cso.celona.io

443

TCP

Discovery, Configuration & Reporting

cso.celona.io

22

TCP

Troubleshooting

grpclb-cso.celona.io

443

TCP

gRPC connection

psereg-cso.celona.io

443

TCP

Registration

Outbound Edge to the Internet

URL

Port

Protocol

Purpose

tp2.celona.io

443

TCP

Troubleshooting

tp6.celona.io

443

TCP

Troubleshooting

sas.goog

443

TCP

Google SAS communication

spectrum-connect.federatedwireless.com

443

TCP

Federated Wireless SAS communication

ntp.ubuntu.com

123

UDP

If no internal NTP server is configured via DHCP option 42, Edge reaches out to the internet for time synchronization

*.ubuntu.pool.ntp.org

123

UDP

If no internal NTP server is configured via DHCP option 42, Edge reaches out to the internet for time synchronization

Outbound Edge to Enterprise Network

IP Address

Port

Protocol

Purpose

NTP server IP Address

123

UDP

Edge configured with internal NTP server via DHCP option 42

Outbound Access Point to Edge

Port

Protocol

Purpose

2123

UDP

GTP Control from AP to Edge

2152

UDP

GTP Data from AP to Edge

36412

SCTP

S1 connection from AP to Edge

38412

SCTP

For 5G only

S1/NG connection from AP to Edge

36003

TCP

AP Configuration via TR-069

36037

TCP

Metrics data from AP to Edge

36363

TCP

Log data from AP to Edge

6001

UDP

Troubleshooting data from AP to Edge

Not Applicable

ICMP

Basic network troubleshooting from AP to Edge & vice versa

36004

TCP

For 5G only

5G AP Configuration via NETCONF

Outbound Edge to Access Point

7547

TCP

Edge fallback communication to AP

22

TCP

AP Software upgrades and troubleshooting

Not Applicable

ICMP

Basic network troubleshooting from AP to Edge & vice versa

Outbound Access Point to Orchestrator

URL

Port

Protocol

Purpose

cso.celona.io

443

TCP

AP discovery and configuration

ap5g-cso.celona.io

443

TCP

For 5G only

5G AP discovery and configuration via Netconf

Outbound Access Point to the Internet

URL/IP Address

Port

Protocol

Purpose

*

123

UDP

If no internal NTP server is configured via DHCP option 42, AP reaches out to the internet for time synchronization

44.232.5.149

22

TCP

AP Call Home

Outbound Access Point to Enterprise Network

IP Address

Port

Protocol

Purpose

NTP server IP Address

123

UDP

If the internal network NTP server is configured via DHCP option 42 on AP

PTP server IP

319

UDP

PTP Time synchronization

PTP server IP

320

UDP

PTP Time synchronization

Outbound from a Device to the Internet for eSIM provisioning

URL/IP Address

Port

Protocol

Purpose

sm-v4-072-d-gtm.pr.go-esim.com

443

TCP

SMDP+ server URL that hosts eSIM profiles. Devices connect to the SMDP+ server and download the eSIM profile

Access to NTP

Celona Edge nodes and Celona Access Points require access to NTP for initial time synchronization. Please ensure your firewall permits access from the Celona Edge and Access Points to NTP (typically, this is server port 123).

Another, more preferred option for the initial time synchronization is DHCP option 42, which allows NTP servers to be listed through DHCP. If your DHCP server is configured for DHCP option 42, then the Celona devices will utilize that DHCP option to configure their NTP time server.

Did this answer your question?