Matrice d'ouverture de firewall et routes réseau sans CPE

In order to facilitate the opening of client firewalls or the addition of routes for our equipment, here is the firewall opening matrix

 

Screenshot 2023-10-03 at 2.08.10 PM.png

 

*It is assumed that you have a stateful firewall that will automatically allow the reverse flow. If not, you will need to allow all high ports inbound from our IP addresses, as the destination ports on your end will be random.

  1. Source ports are assumed to be random high ports
  2. When applicable, QoS tags should be supplied to the phones by your switches via an LLDP-MED network policy, and your network elements must be configured to enforce these tags with priority queuing.
  3. If you do not allow direct internet access to all web addresses, we can supply the specific URLs that must be allowed. Note that the IPs used will be subject to change, so filtering by destination IP is not recommended.
  4. If you don't use our CPEs and prefer to use your own NTP server, this can be arranged.
  5. SIP-TLS is optional. It will not work out of the box on most phones.
  6. IMPORTANT- If you have a reliable SIP ALG in your firewall, opening SIP might be sufficient and these ports will open dynamically. If you have audio issues (one-way sound or no sound at all), then we suggest you allow this range in your firewall and DEACTIVATE the SIP ALG altogether.
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.