Home >  User Guide - UPLINX Report Tool > Compatibility and Requirements > Security, Firewall and Network Address Translation (NAT)

  Security, Firewall and Network Address Translation (NAT)

 

 

 

 

The Report Tool supports NAT in the following topology:

The following table outlines the report availability and limitations if there is not full access. For example, if the Report Tool is run on a laptop that is outside the firewall, the firewall translates the following:

FireWall Rule #

FW Rule Name

IP Outside

Port Outside

IP Inside

Port Inside

1

CUCM AXL

IP_FW

FW-Port-AXL

IP_Publisher

443

2

CUCM SSH

IP_FW

FW-Port-SSH

IP_Publisher

22

CUCM Configuration reports:

CUCM access for CUCM configuration reports requires AXL (mandatory) and SSH (optional) access.

Requires FW rule #1 CUCM AXL for Cisco AXL API access on the publisher. The AXL port 443 cannot be changed. In the Report Tool > Server configuration the IP address of the server should be set to IP_FW and the port to IP_FW.

Service status of subscribers will be missing in section Server > Services .

If FW rule #2 is present for SSH and the SSH IP and port in the Report Tool > Server Configuration are set to {IP_FW, FW-Port-SSH }, the Command Line output will be present in the report. If SSH is not translated, the SSH access should be unchecked in the Report Tool, Server > CUCM > SSH configuration .

Please note that the Service Status table will access the Publisher and Subscriber on the entered IP address with HTTPS on port 443. There is currently no option to change this port, so this port must be present on the firewall and must be translated to the SERVER_IP:443. For several servers, the firewall requires several IP addresses.

 

CUPS Configuration reports

CUPS access is the same as for CUCM reports and requires AXL (mandatory) and SSH (optional) access.

Please note that the Service Status table will access the Primary and Standby server on the entered IP address with HTTPS on port 443. There is currently no option to change this port, so this port must be present on the firewall and must be translated to the SERVER_IP:443. For several servers, the firewall requires several IP addresses.

Phone Inventory reports

Phone Inventory reports are not possible outside the firewall as full access to CUCM AXL, RIS and to each phone must be available.

Unity Connection reports

Unity connection reports require 2 entries on the firewall:

ODBC, port TCP 20532 on Unity connection server.

CLI SSH, port TCP 22 on Unity connection server.

Please note that the Services Status table will access the Primary and Standby server on the entered IP address with HTTPS on port 8443. There is currently no option to change this port, so this port must be present on the firewall and must be translated to the SERVER_IP:8443. For several servers, the firewall requires several IP addresses.

CER reports

Cisco Emergency Responder connection reports require one on the firewall:

CLI SSH,  port TCP 22 on CER server.

Please note that the Service Status table will access the Primary and Standby server on the entered IP address with HTTPS on port 8443. There is currently no option to change this port, so this port must be present on the firewall and must be translated to the SERVER_IP:8443. For several servers, the firewall requires several IP addresses.

UCCX reports

UCCX reports require 2 entries on the firewall:

Web Administration, port TCP 443 on UCCX server.

CLI SSH, port TCP 22 on UCCX server.

Please note that the Service Status table will access the Primary and Standby server on the entered IP address with HTTPS on port 443. There is currently no option to change this port, so this port must be present on the firewall and must be translated to the SERVER_IP:443. For several servers, the firewall requires several IP addresses.

To report on scripts via the Cisco UCCX Script Editor, please make sure the Cisco UCCX Script Editor can access the script repository on the UCCX server without the Report Tool. An entry for the Java RMI port (default is TCP 6978, which can be changed on UCCX Administration settings) is required for the firewall. No port translation support is included in the Report Tool, so a firewall rule needs to be added to translate the IP address by keeping the RMI TCP port number as defined on UCCX.

 

Please note that https TCP port 443 is used to access the CUCM AXL API which also runs on TCP port 8443.

 

 


 
 

 

 

 

 

Copyright © 2024 UPLINX - Last updated 26 Feb 2024