Recommended Firewall rules on SBK Voice clients network side

Applicable for all SBK Voice clients

Apply for outbound traffic (1)  -   Source : ALL (2)
Application Destination ports Protocol Destination IP QoS Tag (6)

SIP : Signaling

5060 TCP
192.47.253.0/24



DSCP=46 - COS=5

5060 UDP
5061 (3) TCP / TLS
RTP : Media 10000 - 27999 (4) UDP 192.47.253.0/24 DSCP=46 - COS=5
Reserved 9002 (5)  TCP 192.47.253.0/24 DSCP=46 - COS=5  
HTTPS 8001 (7)  TCP 192.47.253.0/24  
HTTP 80 TCP ANY (8)

HTTPS 443

 

(1) It is assumed that you have a stateful firewall that will automatically allow the reverse flow. If not, you will need to allow all high ports inbound from our IP addresses, as the destination ports on your end will be random.  

(2) Recommended to make sure that the rules will be applied to any phone (physical or soft) no matter it’s IP on your network.

(3) SIP-TLS is used for SBK Mobile APP.

(4) If your firewall has a reliable SIP-ALG, simply opening the main SIP port might be sufficient and those ports will be dynamically opened. However, if you experience audio issues (one-way audio or no audio at all), we recommend either allowing the indicated port range or deactivate SIP-ALG.

(5) Used for SBK Mobile WEB (Webphone).

(6) Important to implement the CoS on Layer2 and Layer3 

(7) Websocket for portal live updates.

(8) If you do not allow direct internet access to all web addresses, we can supply the specific URLs that must be allowed. Note that the IPs used will be subject to change, so filtering by destination IP is not recommended.

 

SBK Voice client with CPE: Add following rules

Apply for outbound traffic (1)   -   Source : CPE IP on client LAN
Application Destination ports Protocol Destination IP
NTP 123 UDP *.pool.ntp.org (9)
IPSec IKE 500 TCP / UDP 192.47.253.0/24
IPSec ESP 50 IP
206.47.197.112/29
206.47.197.120/29
4500
UDP 172.231.98.246
75.98.142.222
DNS 53 TCP / UDP 8.8.8.8
8.8.4.4

 

(9) If you prefer to use your NTP server, this can be arranged.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.