Vocera Platform IP Ports

External and internal port information is provided in tables, including required and optional port information for platform, adapter, voice service, SIP telephony gateway, Badge, and Vina.

Users should access the application with a Fully Qualified Domain Name (FQDN). Sites using TLS should install a trusted certificate with a matching FQDN.

External Port Requirements

The following table describes the firewall requirements which should be configured in order to successfully install, update, and support the Vocera Platform and its operating system.

Port Number Protocol Source Destination Feature Purpose
443 TCP Vocera Platform

svc.ext-inc.com

199.180.201.227

Provisioning

Provisioning

APNS certificate retrieval

22 TCP Vocera Platform

svc.ext-inc.com

199.180.201.227

Remote Support Remote Support
443 TCP Vocera Platform

box.voceracommunications.com

address subject to change

or for legacy installations:

yum.ext-inc.com

38.99.68.43

Software Update Repository access for installing Redhat and Vocera software updates

The following table lists optional external ports that may be needed depending on the configured software and desired functionality.

Port Number Protocol Source Destination Feature Purpose
443 TCP Vocera Platform api.push.apple.com17.0.0.0/8 XMPP Send notifications for data and calls via the Apple Push Notification Service (APNS).
5223 TCP

Vina

(iOS only)

*.push.apple.com17.0.0.0/8 XMPP Receive push notifications on iOS device. According to Apple, the iOS device is using Wi-Fi, port 5223 must be open outbound and inbound to the Wi-Fi.
443 TCP Vocera Platform

Google's ASN of 15169

See Firebase firewall configuration

XMPP Send notifications for data and calls via Firebase Cloud Messaging (FCM)
5228, 5229, 5230 TCP

Vina

(Android only)

Firebase

Google's ASN of 15169

See Firebase firewall configuration

XMPP Receive push notifications on Android device
443 TCP

External browser access

(all networks)

Reverse proxy → Vocera Platform

Firewall pinhole → Vocera Platform

Port forwarder → Vocera Platform

  When workflow page access for browsers outside the network is desired using a reverse proxy in a DMZ, traffic from any address to the proxy on port 443 must be open. Using a reverse proxy also has an internal requirement for the proxy to access Vocera.
5222 TCP Vina

Vocera Edge → Vocera Platform

Firewall pinhole → Vocera Platform

Port forwarder → Vocera Platform

XMPP External XMPP traffic communicates with Vocera Platform via the Vocera Edge XMPP proxy
443 TCP Vocera Platform www.amion.com Amion Adapter Download Amion schedule updates from the Amion cloud service
443 TCP Vocera Platform api.qgenda.com Qgenda Adapter Download Qgenda schedule updates from the Qgenda cloud service

Internal Port Requirements

It is assumed that the following sources or destinations are on the internal network. If a listed item has a source or destination outside the internal network, then it must also be opened in the external firewall.

Platform Ports

Port Number Protocol Source Destination Feature Purpose
22 TCP Any SSH client Vocera Platform SSH access Command line administration
80 TCP

Cisco Phones

SpectraLink Phones

Vocera Platform Multiple Workflow access from mobile devices
443 TCP Any HTTPS client Vocera Platform Multiple Admin Console and workflow access via HTTPS
161 UDP SNMP Client Vocera Platform SNMP Query Vocera Platform for SNMP parameters
161 UDP Vocera Platform SNMP Manager SNMP Send SNMP traps for audit events
25 TCP Vocera Platform SMTP Server SMTP Send SMTP messages for audit events

Clustering Ports

IP packets of type 112 must be allowed for VRRP; the Virtual Router Redundancy Protocol

Port Number Protocol Source (Client) Destination (Server) Feature Purpose
22 TCP Master Slave Rsync over SSH Filesystem replication
5432 TCP Slave Master Postgres Database replication
5433 TCP Slave Master Postgres Database replication
61616 TCP Master Slave Slave Master Apache Artemis JMS broker clustering
61617 TCP Master Slave Slave Master Apache Artemis JMS broker replication

Adapter Ports

The following port usage depends on the configured integrations.

Port Number Protocol Source Destination Feature Purpose
9443 HTTPS Vocera Platform Vocera Platform Austco Request to register a subscription
9443 WSS Vocera Platform Austco Austco Persistent connection to receive Austco alerts
443 TCP Multiple inbound integrations Vocera Platform Multiple Inbound adapter integrations that support HTTPS; e.g., ResponderSync, Hill-Rom Clinical API, SOAP Publisher
80 TCP Multiple inbound integrations Vocera Platform Multiple Available for inbound adapter integration\ support for HTTP when HTTPS is not supported
443 TCP Vocera Platform Multiple outbound integrations Multiple Outbound adapter integrations that support HTTPS; e.g., ResponderSync, Hill-Rom Clinical API, SOAP Publisher
80 TCP Vocera Platform Multiple outbound integrations Multiple Available for outbound adapter integration\ support for HTTP when HTTPS is not supported
80 TCP

Cisco Phones

SpectraLink Phones

Vocera Platform Multiple Workflow access from mobile devices
443 TCP Any HTTPS client Vocera Platform Multiple Admin Console and workflow access via HTTPS
5222 TCP Vina Vocera Platform XMPP Client to server XMPP traffic for all data, messaging, presence
389 TCP Vocera Platform LDAP Server LDAP Authentication and user synchronization via LDAP
686 TCP Vocera Platform LDAP Server LDAP Authentication and user synchronization via LDAP over SSL
1322 TCP Vocera Platform Unite Connectivity Manager (UCM) Ascom Push interactive messages to Ascom devices
5000-5004 * TCP UCM Vocera Platform Ascom UCM responses to message delivery
5005 * TCP Vocera Messaging Interface (VMI) Client Vocera Platform VMI Inbound VMI integrations
5007 * TCP Vocera Messaging Interface (VMI) Client Vocera Platform VMI Inbound VMI integrations using TLS
25 * TCP SMTP Client Vocera Platform Incoming Email Inbound SMTP messages for the Incoming Email interface
25 * TCP Vocera Platform SMTP Server Outgoing Email Outbound SMTP messages from the Outgoing Email interface
6661-6664 ** TCP HL7 Vocera Platform HL7 (ADT) Inbound HL7 ADT messages via LLP
7000,8000-8010 ** TCP HL7 Vocera Platform HL7 (Alarms) Inbound HL7 Philips, Capsule or IHE compliant Alarm messages via LLP
12000 TCP Navicare Server Vocera Platform Navicare Inbound Hill-Rom Navicare messages
2000 * UDP Carescape Network Vocera Platform Carescape Time synchronization
70001 UDP Carescape Network Vocera Platform Carescape Device discovery
7001 * UDP Carescape Network Vocera Platform Carescape Monitor Alarm Messages
5050 *   EarlySense Gateway Vocera Platform    

Voice Service Ports

Port Number Protocol Source Destination/Feature Direction
5002 UDP Badge Vocera Server Signaling Bidirectional
5001 TCP Vocera SIP Telephony Gateway Vocera Server Signaling Outbound
5400 UDP Badge/Badge Property Editor Updater Signaling Bidirectional
5100 UDP Badge Vocera Server Audio Outbound
7200-7263 UDP Badge Vocera Server Audio Recording Inbound
7892 - 9100 1 UDP Vocera Server Badge/VSTG Audio Outbound
3306 TCP MySQL Signaling (Listening) Inbound
5251 TCP Vocera Server Cluster Signaling (Listening) Inbound
5555-5556 UDP Badge Vconfig (Vch) Signaling during Discovery Bidirectional
5555-5556 TCP Badge Vconfig (Vch) Signaling during Discovery Bidirectional
7023 TCP Nuance Watcher Telnet Client (Listening) Inbound
7890 UDP Nuance Watcher (Listening) Inbound
27000 TCP Nuance License Manager (Listening) Inbound
5059, 5058 TCP Nuance Speech Server (allows UDP connections) (Listening) Inbound
8200 TCP Nuance Recognition Server (Listening) Inbound
32768-60999 TCP

Vina (iOS only)

Signaling Gateway Bidirectional
32768-60999 UDP

Vina (Android only)

Signaling Gateway Bidirectional

SIP Telephony Gateway Ports

This section provides information on ports supported for Vocera SIP Telephony Gateway (VSTG).

Note: Support for VSTG is added in Vocera Platform version 6.1.0 and later releases.
Port Number Protocol Source Destination/Feature Direction
5060 UDP IP PBX Vocera SIP Telephony Gateway Signaling Bidirectional
5300-55552 UDP Vocera Platform Vocera SIP Telephony Gateway Audio Outbound

9200 - 9399

4000 - 4049

UDP IP PBX Vocera SIP Telephony Gateway Audio (RTP/RTCP) Outbound
Any free port UDP Vocera Platform Vocera SIP Telephony Gateway Signaling Outbound

Badge Ports

Port Number Protocol Source Destination/Feature Direction
5002 UDP Badge Server Signaling Bidirectional
5200 UDP Vocera SIP Telephony Gateway Badge Audio Outbound
5400 UDP Badge Updater Outbound
5555-5556 UDP Badge Updater Signaling Bidirectional
5555-5556 UDP Badge Vconfig (Vch) Signaling during Discovery Bidirectional
5555-5556 TCP Badge Vconfig (Vch) Signaling during Discovery Bidirectional

Vina Ports

Port Number Protocol Source Destination Feature Purpose
5222 TCP Vina

Vocera Platform

Vocera Edge

Firewall pinhole

Port forwarding

XMPP Client to server XMPP traffic for all data, messaging, presence. Communication with Edge proxy or other customer configured port 5222 access will off-premise.
32768-60999 TCP

Vina (iOS only)

Vocera Platform Signaling Gateway Call signaling and notifications
32768-60999 UDP

Vina (Android only)

Vocera Platform Signaling Gateway Call signaling and notifications
5800-5899 UDP Vina Vina RTP Client to client VoIP

Vocera Analytics Ports

This section provides information on ports supported for Vocera Analytics.

Port Number Protocol Source Destination Direction
9445 TCP Voice Server (Remote Agent) (Listening) Inbound
4040 TCP VA Server Spark UI Inbound
7778 TCP VA Server (VMP Flume agent) Spark Bidirectional
7779 TCP VA Server (Engage Flume agent) Spark Bidirectional
7780 TCP Voice Server (VS Flume Agent) Spark Bidirectional
8443 (default) or user defined TCP VA Server (Reporting service) (Listening) Inbound
3306 TCP Maria DB Signaling (Listening) Inbound

Legend

* These are the default values. The installer can choose a different port when configuring the adapter.

** These are the default values. The installer can choose a different port or add more ports when configuring the adapter.