Here you will find General Info on all OfficeSuite® UC products and features. Need more details? Want to ask your own question? Just register and become a member!

Enabling VoIP calling through a Network Firewall

WindstreamEnterpriseWindstreamEnterprise admin admin
edited June 5 in General Info

(Please be sure to consult your IT professional prior to making any changes to your system/equipment).

If your OfficeSuite UC phones are going to be on the same network as your data, we recommend enabling Flow Control (Local QoS) on the local router / managed switch for the phone IP addresses, in order to prioritize voice traffic. Each OfficeSuite UC phone requires approx. 100Kb/s priority. This will help prioritize traffic for the phones over any bandwidth intensive applications (i.e. streaming, downloading, etc.). 

If you use hubs on the network you will need to replace them immediately with switches. Using hubs will cause the majority of issues with voice packets as hubs are not designed to handle VOIP networks.  

Lastly, if you are using a managed switch the minimum requirements are as follows: 100/full duplex with multi-casting enabled and that IGMP Snooping is disabled.

For the following devices/services: Overhead Paging, Door Buzzers, Cordless Phones, Enhanced Dial Tone, Digital Voice Lines: SIP ALG may cause issues since each manufacturer manipulates SIP headers differently.  If you are using any of these services or related hardware, you will need to disable SIP ALG from the router or firewall before the installation occurs. Once disabled, please be sure to reboot the equipment. If questions remain, please call the manufacturer of the router or firewall for instructions.

The following Router or Firewall Sub-nets will allow phones to communicate with OfficeSuite:

SIL's MBG's - SBC's Provisioning 
Current/Live as of 6/04/2019

SIL 1 through 8
64.115.237.192/27
SIL 11 White Label
64.61.10.240/28
SIL 10 -SBC's IP
216.214.167.32/27
SIL 2, 3, 5, 7, 12 & 13 
216.214.55.0/24
SIL  14 through 18
216.214.57.0/26
ALL
64.61.187.32/27
SIL 1 through 18 (VVX (SBC)  
216.214.56.64/26

216.214.56.128/26
SIL 19 through 23 (VVX (SBC) 
216.214.56.192/26
SBC/EDT 's
216.214.138.224/28
ALL SIL's (VVX Provisioning Servers 
64.115.99.0/24
SIL 19
216.214.54.240/28
SIL 20
72.4.241.0/28
SIL 21 White Label
72.4.242.96/28
SIL 22
72.4.237.64/28
SIL 23
72.4.238.144/28
SIL 24
64.196.250.0/24

Phones must be able to communicate over http/https to the following sites:

Pool.ntp.org
Ztp.polycom.com
RCS.aastra.com

OfficeSuite UC
UDP:
69
5060-5070
9000
20000-31000
32768-38000
TCP:
3998-3999
6800-6802
6880
7900-7999
20000-20001

Polycom VVX Phones and supported SIP devices (Grandstream, Polycom 6000, ATA)
UDP:
53 - DNS
69 - TFTP
123 - NTP
636 - LDAP
5060 – 5070 – SIP registration
8448-8449 Initial Handshake
16384 - 65535 – SIP media (RTP)

TCP:
80 – HTTP
444 – SSNP
443 – HTTPS
636 - LDAP
8448-8449 Initial Handshake

Comments

  • WindstreamEnterpriseWindstreamEnterprise admin admin
    edited October 2017
     
  • WindstreamEnterpriseWindstreamEnterprise admin admin
    edited January 2018
    This reply was created from a merged topic originally titled What should I do when my phone displays “TFTP Server Unavailable”, “Contacting TF.... See post for Enabling VoIP calling through a Network Firewall
  • edited January 2018
    Is this IP phone traffic initiated by the internal phones, headed outbound to those external IPs and ports listed above? Meaning, most folks who allow all outbound internet traffic from their LAN to WAN will need to make no firewall changes. A stateful firewall will allow return traffic that originated from its LAN. Firewall changes would be required if unsolicited traffic originates from external IPs and needs LAN access to the company network.
  • edited January 2018

    I didn't know if you'd get notified or not when I posted below. So I'm also posting a response directly to your text hoping that will notify you!  :-0

    Is this IP phone traffic initiated by the internal phones, headed outbound to those external IPs and ports listed above? Meaning, most folks who allow all outbound internet traffic from their LAN to WAN will need to make no firewall changes. A stateful firewall will allow return traffic that originated from its LAN. Firewall changes would be required if unsolicited traffic originates from external IPs and needs LAN access to the company network.

Sign In or Register to comment.