Enabling VoIP calling through a Network Firewall

WindstreamEnterprise
WindstreamEnterprise Administrator admin
edited May 2023 in OfficeSuite

Please be sure to consult your IT professional prior to making any changes to your system/equipment.

If your OfficeSuite UC phones are going to be on the same network as your data, we recommend enabling Flow Control (Local QoS) on the local router / managed switch for the phone IP addresses, in order to prioritize voice traffic. Each OfficeSuite UC phone requires approx. 100Kb/s priority. This will help prioritize traffic for the phones over any bandwidth intensive applications (i.e. streaming, downloading, etc.). 

If you use hubs on the network you will need to replace them immediately with switches. Using hubs will cause the majority of issues with voice packets as hubs are not designed to handle VOIP networks.  

Lastly, if you are using a managed switch the minimum requirements are as follows: 100/full duplex with multi-casting enabled and that IGMP Snooping is disabled.

For the following devices/services: Overhead Paging, Door Buzzers, Cordless Phones, Enhanced Dial Tone, Digital Voice Lines: SIP ALG may cause issues since each manufacturer manipulates SIP headers differently.  If you are using any of these services or related hardware, you will need to disable SIP ALG from the router or firewall before the installation occurs. Once disabled, please be sure to reboot the equipment. If questions remain, please call the manufacturer of the router or firewall for instructions.

The following Router or Firewall Sub-nets will allow phones to communicate with OfficeSuite as well as the domain of *.windstream.com should be allowed for Desktop and Mobile apps.

Note: Add “ONLY” the IP addresses, domains, and ports pertaining to your OfficeSuite Site's SIL server and the OfficeSuite devices you use.

How to determine your OfficeSuite SIL server number.

Example: OS Site built in SIL 3 with Mitel desk phones, Poly Trio conference phone, and Yealink cordless phones require the following subnets allowed in firewall

SIL 3: 64.115.237.192/2764.196.250.0/24

Mitel RCS: 216.191.234.139, domain: rcs.aastra.com

Poly Trio and Yealink cordless: 216.214.56.64/26, 64.115.99.0/24, domains: *.windstream.com, *.broadviewnet.com, ztp.polycom.com, pool.ntp.org, *.yealink.com

Ports: From table 2 for Minet, VVX, BST, Web browsing

PDF version of the following tables attached at bottom

Table 1a: Off-Net required IP Gateways, IP Subnets & Domains



Table 1b: Off-Net required IP Gateways, IP Subnets & Domains



Table 2: Off-Net Required Ports


For OS WE Connect Applications,

We recommend whitelisting the following wildcard domains from the web security gateway’s SSL inspection

*.windstream.com
*.broadviewnet.net
*.counterpath.com
*.softphone.com

Current License Server Domains (unchanged):

secure.counterpath.com

secure-east.softphone.com

secure-west.counterpath.com

 

Revised License Server IP table (new IP addresses added March 8, 2023):

216.93.246.170 (current)

69.90.51.170 (current)

40.78.10.175 (current)

52.183.45.217 (new additional)

52.250.216.127 (new additional)

198.204.63.15 (new additional)

173.244.45.15 (new additional)

20.80.16.37/32 (application authentication, chat, etc.)

20.168.236.124/32 (application authentication, chat, etc.)


For HD Meeting Products IP & Port details, Please ref following URL.  

https://communities.windstreamenterprise.com/OfficeSuite-UC/discussion/7723746/officesuite-hd-meeting-traffic-flows-ip-address-and-port-ranges#latest

For OfficeSuite Live Products IP & Port details, Please ref following URL. 

https://communities.windstreamenterprise.com/OfficeSuite-UC/discussion/7724644/officesuite-live-ip-address-and-port-info#latest

This discussion has been closed.

Categories