In order to facilitate the opening of client firewalls or the addition of routes for our equipment, here is the firewall opening matrix
*It is assumed that you have a stateful firewall that will automatically allow the reverse flow. If not, you will need to allow all high ports inbound from our IP addresses, as the destination ports on your end will be random.
- Source ports are assumed to be random high ports
- When applicable, QoS tags should be supplied to the phones by your switches via an LLDP-MED network policy, and your network elements must be configured to enforce these tags with priority queuing.
- If you do not allow direct internet access to all web addresses, we can supply the specific URLs that must be allowed. Note that the IPs used will be subject to change, so filtering by destination IP is not recommended.
- If you don't use our CPEs and prefer to use your NTP this can be arranged.
- SIP-TLS is optional. It will not work out of the box on most phones.
- IMPORTANT- If yuou have a reliable SIP ALG in your firewall, opening SIP might be sufficient and these ports will open dynamically. If you have audio issues (One-Way sound or no soud at all), then we suggest you allow this range in your firewall. OR DEACTIVATE SIP ALG.