Vocera Platform Internal IP Ports

It is assumed that the following sources or destinations are on the internal network. If a listed item has a source or destination outside the internal network, then it must also be opened in the external firewall.

Important: By default, the signaling gateway ports are dynamically assigned to allow clients to connect. If your organization’s firewall set up blocks clients to connect with the signaling gateway’s randomly selected ports, you can specify a value for signaling gateway ports (TCP and UDP) in the interface.properties.user file. Contact Vocera Technical Support to implement any customizations to the interface.properties.user file.

Platform Ports

Port	Protocol	Source	Destination	Notes
11102	TCP	Artemis Jolokia	Artemis Jolokia	This port establishes connections within the cluster (both private IPs and the VIP) and the ephemeral port range. It is not part of Artemis clustering but used to monitor the health of message queues and has other management capabilities. It is also used for sending audit events from certain components/scripts without using GlassFish.
22	TCP	Any SSH client	Vocera Platform	SSH access. Command line administration.
25	TCP	Vocera Platform	SMTP Server	SMTP feature. Send SMTP messages for audit events.
80	TCP	Cisco or SpectraLink Phones	Vocera Platform	Workflow access from mobile devices.
123	UDP	Vocera Platform	NTP Server	Ensure connection to the NTP server of the user's choice to mitigate time synchronization issues that could adversely impact time-sensitive functionality.
139	UDP	Vocera Platform	Client shared drive	Supports automatic transfer of the system backup files to another location for storage using Server Message Block (SMB) protocol .
161	UDP	SNMP Client	Vocera Platform	SNMP feature. Query Vocera Platform for SNMP parameters.
161	UDP	Vocera Platform	SNMP Manager	SNMP feature. Send SNMP traps for audit events.
443	TCP	Any HTTPS client	Vocera Platform	Web Console and workflow access through HTTPS.
445	UDP	Vocera Platform	Client shared drive	Supports newer version of SMB protocol.
4848	TCP	Glassfish Adminstration	Vocera Platform	Glassfish service uses this port to connect to the client instance.

Clustering Ports

IP packets of type 112 must be allowed for VRRP (Virtual Router Redundancy Protocol).

Port	Protocol	Source	Destination	Notes
1099	JMX/RMI	Active	Standby	Used for monitoring the health of the Artemis queues when Artemis is active on the standby node in Vocera Platform 6.6.1 and above.
1100	JMX/RMI	Active	Standby	Used for monitoring the health of the Artemis queues when Artemis is active on the standby node in Vocera Platform 6.6.1 and above.
22	TCP	Active	Standby	Rsync over SSH. Filesystem replication.
5432	TCP	Standby	Active	Postgres feature. Database replication.
5433	TCP	Standby	Active	Postgres feature. Database replication.
61616	TCP	Active Standby	Standby Active	Apache Artemis feature. JMS broker clustering.
61617	TCP	Active Standby	Standby Active	Apache Artemis feature. JMS broker replication.

Adapter Ports

The following port usage depends on the configured integrations.

Port	Protocol	Source	Destination	Notes
25	TCP	SMTP Client	Vocera Platform	Email (incoming) feature. These are the default values. The installer can choose a different port when configuring the adapter. Inbound SMTP messages for the Incoming Email interface
25	TCP	Vocera Platform	SMTP Server	Email (outgoing) feature. These are the default values. The installer can choose a different port when configuring the adapter. Outbound SMTP messages from the Outgoing Email interface.
80	TCP	Multiple inbound integrations	Vocera Platform	Available for inbound adapter integration\ support for HTTP when HTTPS is not supported.
80	TCP	Vocera Platform	Multiple outbound integrations	Available for outbound adapter integration\ support for HTTP when HTTPS is not supported.
80	TCP	Cisco or SpectraLink Phones	Vocera Platform	Workflow access from mobile devices.
389	TCP	Vocera Platform	LDAP Server	LDAP feature. Authentication and user synchronization through LDAP.
443	TCP	Multiple inbound integrations	Vocera Platform	Inbound adapter integrations that support HTTPS. For example, ResponderSync, Hill-Rom Clinical API, SOAP Publisher.
443	TCP	Vocera Platform	Multiple outbound integrations	Outbound adapter integrations that support HTTPS. For example, ResponderSync, Hill-Rom Clinical API, SOAP Publisher.
443	TCP	Any HTTPS client	Vocera Platform	Web Console and workflow access through HTTPS.
636	TCP	Vocera Platform	LDAP Server	LDAP feature. Authentication and user synchronization through LDAP over SSL.
1322	TCP	Vocera Platform	Unite Connectivity Manager (UCM)	Ascom Unite Connectivity Manager (UCM) feature. Push interactive messages to Ascom devices.
2000	UDP	Carescape Network	Vocera Platform	Carescape feature. These are the default port values. The installer can choose a different port when configuring the adapter. Time synchronization.
5000-5004	TCP	UCM	Vocera Platform	Ascom feature. These are the default port values. The installer can choose a different port when configuring the adapter. UCM responses to message delivery.
5005	TCP	VMI Client	Vocera Platform	Vocera Messaging Interface (VMI) feature. These are the default values. The installer can choose a different port when configuring the adapter. Inbound VMI integrations.
5007	TCP	VMI Client	Vocera Platform	Vocera Messaging Interface (VMI) feature. These are the default values. The installer can choose a different port when configuring the adapter. Inbound VMI integrations using TLS.
5050	TCP	EarlySense Gateway	Vocera Platform	These are the default values. The installer can choose a different port when configuring the adapter.
5222	TCP	Vina	Vocera Platform	XMPP feature. Client to server XMPP traffic for all data, messaging, presence.
5251	TCP	VAI Data	Vocera Platform	Voice Group Sync feature. Communication of Vocera Administration Interface (VAI) data; used for polls, and to import Groups and Users.
6661-6664	TCP	HL7	Vocera Platform	HL7 (ADT) feature. These are the default values. The installer can choose a different port or add more ports when configuring the adapter. Inbound HL7 ADT messages through LLP.
7000,8000-8010	TCP	HL7	Vocera Platform	HL7 (Alarms) feature. These are the default values. The installer can choose a different port or add more ports when configuring the adapter. Inbound HL7 Philips, Capsule or IHE compliant Alarm messages through LLP.
7001	UDP	Carescape Network	Vocera Platform	Carescape feature. These are the default values. The installer can choose a different port when configuring the adapter. Monitor Alarm Messages.
7676	HTTP	OpenMQ	Vocera Platform	Port is used by client connections.
8080	HTTP	Vocera Platform	Vocera Platform	Used by Tomcat. Used also for telecom ports.
8443	HTTP	Vocera Platform	Vocera Platform	Used by Tomcat. Used for telecom and internt ports.
9443	HTTPS	Vocera Platform	Vocera Platform	Austco feature. Request to register a subscription.
9443	WSS	Vocera Platform	Austco	Austco feature. Persistent connection to receive Austco alerts.
12000	TCP	Navicare Server	Vocera Platform	Navicare feature. Inbound Hill-Rom Navicare messages.
70001	UDP	Carescape Network	Vocera Platform	Carescape feature. Device discovery.

Voice Service Ports

Port	Protocol	Source	Destination	Direction	Notes
5001	TCP	Vocera SIP Telephony Gateway	Vocera Server	Outbound	Type: Signaling Note: The 5001 port is only used when connecting external Windows VSTG to the Vocera Platform nodes.
5002	UDP	Badge	Vocera Server	Bidirectional	Type: Signaling
5062	UDP	Nuance Speech Server	Voice Server	Bidirectional	Type: Signaling Not opened on firewall
5200	UDP	Badge	Badge / Voice Server / Vocera SIP Telephony Gateway	Bidirectional	Type: Audio
5400	UDP	Badge/Badge Properties Editor (BPE)	Badge Log Collector	Bidirectional	Type: Signaling
5500	UDP	Smartbadge	Vocera Server	Outbound	Type: Secure Signaling Signaling between the Vocera Server and Vocera Smartbadge using the underlying TLS/SSL protocol.
7200-7263	UDP	Badge	Vocera Server	Inbound	Type: Audio Recording
7892 - 9100	UDP	Vocera Server	Badge/VSTG	Outbound	For Vocera Platform 6.5 and below: Type: Audio Only even-numbered ports are used. The range is configurable in the NSSserver.cfg file available at \opt\vocera\nuance\config
7500 - 8220	UDP	Vocera Server	Badge/VSTG	Outbound	For Vocera Platform 6.6 and above: Type: Audio Only even-numbered ports are used. The range is configurable in the NSSserver.cfg file available at \opt\vocera\nuance\config
5251	TCP	Vocera Server Cluster	(Listening)	Inbound	Type: Signaling
5555-5556	UDP	Badge	Vconfig	Bidirectional	Type: Vocera Configuration Utility (Vconfig), Signaling during Discovery
5555-5556	TCP	Badge	Vconfig	Bidirectional	Type: Vconfig (Vch) Signaling during Discovery
7023	TCP	Nuance Watcher Telnet Client	(Listening)	Inbound
6666-6669, 7890, 8919	TCP	Nuance Watcher	(Listening)	Inbound
9919	UDP	Nuance Watcher	(Listening)	Inbound
27000	TCP	Nuance License Manager	(Listening)	Inbound
5059, 5058	TCP	Nuance Speech Server	(Listening)	Inbound	This source allows UDP connections. Important: Do not use a port from the ephemeral range (32768-60999) as an incoming/outgoing adapter port as it can cause a collision/outage.
8200	TCP	Nuance Recognition Server	(Listening)	Inbound	The source is nuance-server.exe.
32768-60999	TCP	Vina (iOS only)	Signaling Gateway	Bidirectional
32768-60999	UDP	Vina (Android only)	Signaling Gateway	Bidirectional	Important: Do not use a port from the ephemeral range (32768-60999) as an incoming/outgoing adapter port as it can cause a collision/outage.
32768-60999	UDP/TCP	Nuance Voice Service	Voice Server	Bidirectional	Important: Do not use a port from the ephemeral range (32768-60999) as an incoming/outgoing adapter port as it can cause a collision/outage.

SIP Telephony Gateway Ports

Port	Protocol	Source	Destination	Direction	Notes
4000-4049, 9200-9399	UDP	IP PBX	Vocera SIP Telephony Gateway	Bidirectional	Type: Audio (RTP/RTCP)
5060	UDP	IP PBX	Vocera SIP Telephony Gateway	Bidirectional	Type: Signaling
5300-5555	UDP	Vocera Platform	Vocera SIP Telephony Gateway Audio	Bidirectional	Only even-numbered ports are used. The range is configurable in the NSSserver.cfg file available at \vocera\nuance\SpeechServer\config
Any free port	UDP	Vocera Platform	Vocera SIP Telephony Gateway	Bidirectional	Type: Signaling

Badge Ports

Port	Protocol	Source	Destination	Direction	Notes
5002	UDP	Badge	Vocera Server	Bidirectional	Type: Signaling
5200	UDP	Badge	Badge / Voice Server / Vocera SIP Telephony Gateway	Bidirectional	Type: Audio
5400	UDP	Badge	Badge Log Collector	Outbound	Badge Log Collector service updates firmware build and badge properties.
5555-5556	UDP	Badge	Badge Log Collector	Bidirectional	Type: Signaling
5555-5556	UDP	Badge	Vconfig	Bidirectional	Type: Vconfig (Vch) Signaling during Discovery
5555-5556	TCP	Badge	Vconfig	Bidirectional	Type: Vconfig (Vch) Signaling during Discovery

Smartbadge Ports

Port	Protocol	Source	Destination	Direction	Notes
5002	UDP	Smartbadge	Vocera Server	Bidirectional	Type: Signaling
5200	UDP	Badge	Badge / Voice Server / Vocera SIP Telephony Gateway	Bidirectional	Type: Audio
5222	TCP	Smartbadge	Vocera Platform	Bidirectional	XMPP feature Client to server XMPP traffic for all data, messaging, presence.
5400	UDP	Smartbadge	Badge Log Collector	Outbound	Badge Log Collector service updates firmware build and badge properties.
5555-5556	UDP	Smartbadge	Badge Log Collector	Bidirectional	Type: Signaling
5555-5556	UDP	Smartbadge	Vconfig	Bidirectional	Type: Vconfig (Vch) Signaling during Discovery
5555-5556	TCP	Smartbadge	Vconfig	Bidirectional	Type: Vconfig (Vch) Signaling during Discovery
32768-60999	UDP	Smartbadge	Vocera Platform	Bidirectional	Signaling Gateway feature. Call signaling and notifications.

Vina Ports

Port	Protocol	Source	Destination	Notes
5222	TCP	Vina	Vocera Platform Vocera Edge Firewall pinhole Port forwarding	XMPP feature Client to server XMPP traffic for all data, messaging, presence. Communication with Edge proxy or other customer configured port 5222 access will off-premise.
5800-5899	UDP	Vina	Vina	RTP feature Client to client VoIP.
32768-60999	TCP	Vina (iOS only)	Vocera Platform	Signaling Gateway feature Call signaling and notifications.
32768-60999	UDP	Vina (Android only)	Vocera Platform	Signaling Gateway feature. Call signaling and notifications.

Vocera Analytics Ports

Port	Protocol	Source	Destination	Direction	Notes
3306	TCP	Vocera Platform Cluster Nodes	(Listening) Maria DB	Inbound	Vocera Platform Adapter Connects to Maria DB
4040	TCP	VA Server	Spark UI	Inbound
7778	TCP	VA Server (VMP Flume agent)	Spark	Bidirectional
7779	TCP	VA Server (Engage Flume agent)	Spark	Bidirectional
7780	TCP	Voice Server (VS Flume Agent)	Spark	Bidirectional
8443	TCP	VA Server (Reporting service)	Reporting service	Inbound	This is a default or user-defined port.
9445	TCP	Voice Server (Remote Agent)	Browser	Inbound

Enhanced Voice

The following table lists the ports that must be opened for the Enhanced Voice feature.

Port	Protocol	Source	Destination	Direction	Notes
443	TCP / HTTP/2 / GRPC	Voice Service	Cloud Recognition Service	Outbound
6080	TCP / HTTP	Operational/Monitoring	Automatic Speech Recognition (ASR) Broker	Inbound
6102-6822	UDP / RTP	Badge	ASR Broker	Bidirectional	For Vocera Platform 6.5 and below: The range includes only even-numbered ports.
8250-8970	UDP / RTP	Badge	ASR Broker	Bidirectional	For Vocera Platform 6.6 and above: The range includes only even-numbered ports.