Cisco Unity Connection Service Ports Quiz

Questions and Answers

Which TCP port must be opened for outbound connections made by Unity Connection for Exchange 2010?

• 7070
• 8080
• 9090
• 7080 (correct)

What type of notifications does Unity Connection use for voice messages?

• Email notifications
• Jabber notifications (correct)
• Web notifications
• SMS notifications

What is the service account associated with the Jetty service in Unity Connection?

• exchange_service
• jetty (correct)
• web_account
• unity_service

What is the primary application affected by the outbound connections made by Unity Connection?

Exchange 2010 (A)

Which feature is specifically mentioned for Exchange 2010 in relation to Unity Connection?

Single inbox functionality (B)

For which application are the outbound notifications intended to notify users about voice message changes?

Unity Connection (C)

Which of the following best describes the service that operates at TCP port 7080?

Jetty connection for Exchange (C)

What type of service is associated with UDP port 9291 in Unity Connection?

Connection Mailbox (C)

Which port is required for video server communication in Unity Connection?

TCP 6080 (C)

Which of the following is NOT an open port for direct connections from off-box clients in Unity Connection?

TCP 80 (A), TCP 443 (D)

What function does the WebDAV Sync Service provide in connection with Unity Connection?

Synchronization of voice messages (A)

Which component interacts with the Unity Connection via TCP port 6080?

CuCsMgr/Conversation Manager (A)

How many open ports are specified for direct connections in the provided information?

Two (A)

What is the primary protocol used for notifications of changes to Unity Connection voice messages?

UDP (C)

Which of the following statements is true concerning TCP and UDP ports used by Unity Connection?

Both protocols have designated ports for communication. (C)

What type of inbox functionality does UDP port 9291 support?

Single inbox only (B)

Which types of addresses do the supported ports utilize?

Both IPv4 and IPv6 addresses (A)

What functionality does Cisco Unity Connection Survivable Remote Site Voicemail (SRSV) provide?

Support for VoIP communication (A)

What command can be executed to check the configured minimum TLS version on Unity Connection?

show tls min-version (D)

Which of the following statements about the supported ports is true?

They enable IP communication for remote sites. (A)

In terms of communication, what do the supported ports primarily focus on?

IP-based communication (C)

What happens after configuring the minimum TLS version on the Cisco Unity Connection server?

The server restarts automatically. (B)

What distinguishes the supported ports in the content provided?

Their dual support for IPv4 and IPv6 (A)

What is the primary purpose of restriction tables in Cisco Unity Connection?

To control phone numbers used for specific Unity Connection functions. (B)

How is toll fraud defined within the context of Cisco Unity Connection?

Any toll call made at the organization's expense in violation of its policies. (C)

What aspect of remote site communication does Cisco Unity Connection SRSV enhance?

Voicemail accessibility (D)

Which of the following is NOT supported by the ports mentioned?

Legacy email systems (B)

What type of security issue does the Cisco Unity Connection guide primarily address?

Toll fraud prevention. (A)

The functionality of the supported ports is critical for which system?

Survivable Remote Site Voicemail (C)

What technology integration do the supported ports imply?

Voice and data over IP networks (D)

Which aspect enhances the utility of Cisco Unity Connection SRSV?

It provides voicemail solutions for both IPv4 and IPv6. (B)

What port is used for SFTP connections in the Disaster Recovery Framework?

22 (A)

What service account is associated with the DHCP/BootP client connections?

root (B)

Which protocol is specified for performing backups and restorations in the framework?

SFTP (A)

Which of the following actions does the Disaster Recovery Framework NOT perform?

Install software patches (B)

What is the purpose of UDP port 67 in the context of Cisco Unity Connection?

To obtain DHCP addressing (C)

Which protocol is NOT listed for securing transport layers in Cisco Unity Connection?

IMAP (D)

In the installation framework, what happens when an SFTP server is specified?

Download of upgrade media occurs. (C)

Which of the following services is indicated for making DHCP connections?

dhclient (C)

What is the primary function of SFTP connections in the Disaster Recovery Framework?

To perform secure backups and restorations (C)

For which operation is port 22 primarily designated in the content provided?

SSH/SFTP connections (D)

Flashcards

Unity Connection Ports

Unity Connection uses TCP port 7080 for communication.

Firewall Setting

Firewall must be open to allow communication on TCP port 7080

Service Account

The service account for Jetty/Unity Connection.

TCP Protocol

Unity Connection uses the TCP protocol for connections.

Jetty/Unity Connection

The name of the executable/service for Unity Connection.

Exchange 2010 Usage

Unity Connection uses port 7080 for Exchange 2010 interactions with a single inbox.

Jabber & Web Notifications

Unity Connection uses port 7080 for Jabber and Web inbox notifications.

Open Ports

Ports that allow direct external client connections to Unity Connection.

UDP Port 9291

This port is used for Unity Connection's synchronization with external components.

TCP Port 6080

This port is crucial for video communication between Unity Connection and the video server.

CuMbxSync

A component for synchronization in Unity Connection, likely handling mail.

Outbound Connections

Connections initiated by Unity Connection to other servers in the network.

CuCsMgr

A component for managing conversations in Unity Connection.

Single Inbox

Unity Connection's synchronized mailbox system, allowing only one place for messages.

WebDAV

A protocol likely used for accessing files or data within Unity Connection.

Network Communication

The way Unity Connection and other systems in the network communicate using TCP and UDP ports.

IPv4 & IPv6 Support

These ports allow communication using both IPv4 and IPv6 internet protocols.

Cisco Unity Connection SRSV

Cisco Unity Connection Survivable Remote Site Voicemail (SRSV) uses these ports for IP communication.

IP Communication

These ports are essential for Cisco Unity Connection SRSV to communicate using the Internet Protocol.

Firewall Configuration

To allow Cisco Unity Connection to communicate, firewalls must be configured to allow traffic through TCP port 7080.

Unity Connection Service

The Cisco Unity Connection service uses TCP port 7080 for communication, ensuring smooth operation.

Exchange 2010 Integration

Unity Connection uses TCP port 7080 for communication with Microsoft Exchange 2010 servers.

What is toll fraud?

Toll fraud is when unauthorized long distance calls are made using your organization's phone system, violating company policy.

How can Unity Connection help prevent toll fraud?

Unity Connection uses restriction tables to control outgoing calls, limiting which phone numbers can be used for transferring, notifications, and other functions.

What's the purpose of restriction tables?

Restriction tables are used to control which phone numbers can be used for transferring calls, message notifications, and other Unity Connection functions.

TLS Minimum Version

A setting on Unity Connection that determines the minimum security standard for connections, protecting against older, less secure protocols.

How does TLS minimum version affect Unity Connection?

After configuring the minimum TLS version, the Unity Connection server will restart automatically.

CiscoDRFMaster

The Cisco Disaster Recovery Framework (DRF) enables backup and restore operations by securely connecting to network backup servers via SFTP. It also downloads upgrade media from SFTP servers when configured.

SFTP

Secure File Transfer Protocol (SFTP) is a secure network protocol used to transfer files between a client and a server. It encrypts data during transmission, ensuring secure file exchange.

What is CiscoDRFMaster's role?

CiscoDRFMaster coordinates SFTP connections to backup servers for data backup and restoration purposes. It also handles the download of upgrade media from SFTP servers when specified.

What is DHCP?

Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses and other network configurations to devices on a network.

What is BootP?

Bootstrap Protocol (BootP) is an older network protocol used to configure devices, particularly when obtaining an IP address.

UDP: 67

Unity Connection uses UDP port 67 (DHCP/BootP) for clients to obtain network configurations, including IP addresses.

dhclient

The dhclient executable is responsible for client connections to obtain DHCP addressing. It communicates with the DHCP server to get an IP address and other network settings.

TCP: 22

Unity Connection utilizes TCP port 22 for secure SFTP connections, enabling file transfers to backup servers and downloading upgrade media.

root

The 'root' account refers to the superuser account with the highest privileges on a system. It's often used in server configurations and network management.

Security Guide

The Security Guide for Cisco Unity Connection provides detailed information about configuring security settings, including port and protocol usage, for a secure and reliable system.

Study Notes

IP Communications Required by Cisco Unity Connection Service Ports

• Table 1: TCP and UDP Ports Used for Inbound Connections to Cisco Unity Connection details TCP and UDP ports for inbound connections to the Cisco Unity Connection server, and internal ports used by Cisco Unity Connection.

• Ports and protocols, operating system, firewall settings, executable/service or application, service account, and comments are included for each port.

• TCP: 20500, 20501, 20502, 19003, 1935: Open only between servers in a Unity Connection cluster; port 1935 is blocked and for internal use only.

• TCP: 21000-21512: Open. Servers in a Unity Connection cluster must connect to each other. IP phones must connect to this range of ports on the Unity Connection server for some phone client applications.

• TCP: 5000: Open, used for port-status monitoring.

• TCP and UDP ports allocated by administrator for SIP traffic. Possible ports are 5060-5199.

• TCP: 20055: Open only between servers in a Unity Connection cluster.

• TCP: 1502, 1503 ("ciscounity_tcp" in /etc/services): Open only between servers in a Unity Connection cluster.

• TCP: 143, 993, 7993, 8143, 8993: Open, for IMAP inbox access and IMAP over SSL inbox access.

• TCP: 25, 8025, 4904, 4900: 4904, UDP: 16384-21511, UDP: 7774-7900, TCP: 22000, UDP: 22000, TCP: 22001, UDP: 22001, TCP: 20532, TCP: 22, UDP: 161 various ports and protocols for different functions.

• TCP: 5007, TCP: 1500, 1501, TCP: 1515, TCP: 8001, TCP: 2555, 2556, TCP: 1090, 1099, TCP: 80, 443, 8080, 8443, TCP: 8081, 8444, TCP: 25, 587, UDP: 21, TCP: 22 (SSH/SFTP)

• UDP: 500, UDP: 9291, UDP: 6080 specific ports and protocols are also described here for inbound connections.

• UDP: 50- 5004, 8005, UDP: 16384-32767, UDP: 69, UDP: 53, UDP: 123 described various ports and protocols.

• TCP: 7080 and UDP: 9291 and UDP:6080 described specific connections required by Unity Connection.

Preventing Toll Fraud

• Toll fraud is defined as any long-distance call at the expense of an organization.
• Restriction tables in Cisco Unity Connection help prevent toll fraud by controlling which phone numbers can be used for call transfers, message notifications, and other Unity Connection functions.
• Best practices include blocking calls to the international operator, matching trunk access codes for different phone system integrations, and blocking calls to international numbers for users who don't need them.

Cisco Unity Connection - Restricted and Unrestricted Version

• This product contains cryptographic features that are subject to U.S. and local country laws.
• Restricted and unrestricted versions of Cisco Unity Connection software exist to address import requirements for some countries that involve encryption.
• Functionality is available in the restricted version whereas this functionality is disallowed in the unrestricted version.

Securing the Connection between Cisco Unity Connection, Cisco Unified Communications Manager, and IP Phones

• The connection between Unity Connection, Cisco Unified Communications Manager, and IP phones can be vulnerable to man-in-the-middle attacks, network traffic sniffing, and identity theft.
• Unity Connection requires secure communication mechanisms are described
  • Signaling authentication
  • Device authentication
  • Signaling encryption
  • Media encryption

Enhanced Security Mode in Cisco Unity Connection

• Enhanced Security Mode employs secure communication mechanisms, password requirements are stricter,
  • Remote audit logging is enabled.
  • The maximum number of concurrent sessions is restricted on each interface (e.g., Telephony, IMAP).
  • User inactivity timeout is configured to disable inactive accounts.

Passwords, PINs, and Authentication Rule Management

• Authentication rules govern passwords, PINs, and account lockouts for all user accounts.
• Recommendations include frequent password changes, unique passwords, and non-trivial passwords.
• Best practices include requiring password changes every six months, using strong passwords, and appropriate lockout policies.

Using SSL to Secure Client/Server Connections

• Using SSL or TLS ensures secure client/server communication.
• A self-signed certificate or a certificate from a trusted Certificate Authority (CA) secures connections between the Cisco PCA, IMAP clients, and Cisco Unity Connection SRSV.

Securing User Messages

• Users can control who can access their messages and their distribution to protect sensitive data.
• Options are available to prevent users from saving messages locally or archiving securely.

Next Generation Security

• The product implements Suite B cryptographic algorithms (e.g., AES encryption and ECDSA ciphers) for improved security.
• It supports HTTPS, SIP and SRTP interfaces for secure communications.

Description

Test your knowledge on the IP communications required by Cisco Unity Connection. This quiz covers essential TCP and UDP ports, their purposes, and configurations necessary for optimal functionality within a Unity Connection cluster. Prepare to dive into technical specifics of service ports used for inbound connections.