Get superfast AT&T Fiber internet
wbrower137's profile

1 Message

Tuesday, January 30th, 2024 6:50 PM

Need port forwarding on BGW320 for ATT Cell Booster

In order to configure and properly use a new AT&T Cell Booster (Model SS2FII Femtocell Multi-band SOHO), AT&T service call told me to unblock these Ports on my AT&T router (BGW320-500): 

UDP 500

UDP 4500


ESP 50

On the BGW320 device configuration, I could navigate to Firewall --> NAT and set up services to forward the first two (500 and 4500) but setting up

a) Port 123 gave a warning message (your device will or may not work properly if setting this up), and b) I do not understand "ESP 50" - it was for emergency services protocol, but port 50 looks like an old email port. There is no protocol called ESP for servicing and opening Port 50 seems not correct for the intent.

It's not clear why I have to talk to two AT&T departments to solve issues with two pieces of AT&T equipment. I'm willing to. It also seems nuts that these two AT&T devices cannot be configured to work together more automatically.



ACE - Expert


35K Messages

3 months ago

The Cell Booster will operate as a client and establish the necessary connections going outbound.  It should not be necessary to setup Port Forwarding for outside connections.  ESP is for setting up an IPSEC connection, and again, the Cell Booster should be setting up the IPSEC tunnel outbound.

You would have done better posting this in the Cell Booster area of the Wireless Forum, but it can say here as a pointer over there for anyone else coming at it trying to change the settings in the Gateway:  Refer to this post, and particularly the Link in @OttoPylot 's signature for the guide.

ACE - Expert


24.2K Messages

3 months ago

@wbrower137  The gateway should have all of those ports open. But again, this is AT&T. From my Cell Booster Tech Guide:

DHCP enabled.

                        NOTE: For installations where static assignment of an IP address is desired, the use of MAC Binding and static DHCP

                        Reservation is suggested. Static IP is not supported.

            Public DNS is reachable .

            MTU size is set to 1500 or higher.

            MAC address filtering is either turned off or allows the MAC address of the AT&T Cell Booster.

            IPSec Pass-Through is enabled.

            Block Fragmented Packets is disabled.


Ports that must remain open (public and private):


123/UDP - for NTP traffic and timing.

500/UDP - for IPSec Phase I prior to NAT detection, after which 4500/UDP is used.

4500/UDP - for IPSec NAT Traversal (for all signaling, data, and voice traffic).

ESP Protocol 50 (data confidentiality and authentication via IPSec).


Unimpeded inbound and outbound traffic on UDP ports 500 and 4500 and/or ESP Protocol 50 is required to establish a secure IPSec tunnel.

AT&T Cell Booster uses NTP for timing synchronization and requires UDP port 123 to be open for this traffic. NAT duties handled by only one device if you have a separate router and modem instead of a gateway (modem/router combo).

In the past, with the MicroCell, port forwarding to the required ports, as well as a statically assigned address based on the MAC address improved reliability. That shouldn't be necessary now with the Cell Booster (still a femtocell like the MicroCell was) but it can't hurt. I use Comcast as my ISP (with my own modem and router) and setting up the Cell Booster was truly just plug and play when I was testing it for AT&T. Mine is now back in the closet because I found that WiFi-C (WiFi Calling) was much more reliable so I only bring my Cell Booster out every few months to keep my account active and to receive any updates that may be available. Read thru my Tech Guide. The link is in my sig line (first link).


Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.