Applicable for all SBK Voice clients:
| Apply for outbound traffic (1) | |||
| Application | Destination ports | Protocol | Destination IP |
SIP : Signaling | 5060 | TCP | 192.47.253.0/24 |
| UDP | |||
| 5061 (2) | TCP | ||
| RTP : Media | 10000 - 27999 (3) | UDP | |
| Specific for SBK Apps | 9002 (4) | TCP | |
| 8001 (5) | TCP | ||
| 4998 (6) | UDP | ||
| TCP | |||
| 24998 (7) | TCP | ||
| 443 (8) | TCP | ||
| HTTP | 80 | TCP | ANY (9) |
| HTTPS | 443 | ||
(1) It is assumed that you have a stateful firewall that will automatically allow the reverse flow. If not, you will need to allow all high ports inbound from our IP addresses, as the destination ports on your end will be random.
(2) SIP-TLS for SBK Mobile APP.
(3) If your firewall has a reliable SIP-ALG, simply opening the main SIP port might be sufficient and those ports will be dynamically opened. However, if you experience audio issues (one-way audio or no audio at all), we recommend either allowing the indicated port range or deactivate SIP-ALG.
(4) WebRTC for SBK Mobile WEB (Webphone).
(5) Websocket for portal live updates.
(6)(7) SIP Push handling (calls and messaging).
(8) Apps registration.
(9) If you do not allow direct internet access to all web addresses, we can supply the specific URLs that must be allowed. Note that the IPs used will be subject to change, so filtering by destination IP is not recommended.
SBK Voice client with CPE: Add following rules:
| Apply for outbound traffic (1) - Source : SBK CPE IP | |||
| Application | Destination ports | Protocol | Destination IP |
| IPSec ESP | 50 | IP | 192.47.253.248/24 206.47.197.112/24 173.231.98.246/32 75.98.142.222/32 |
| IPSec IKE | 500 | UDP | |
| 4500 | UDP | ||
| ALL | ICMP | ||
| DNS | 53 | TCP/UDP | 8.8.4.4 |
| 8.8.8.8 | |||
| NTP | 123 | TCP | *.pool.ntp.org (10) |
(10) If you prefer to use your NTP server, this can be arranged.
Comments
0 comments