SIP Firewall Rules

The following information is provided by our Cloud Video Services provider. 

 

For the best results on video calls using the SIP protocol, the following ports should be opened on the Firewall:

A) General firewall rules (recommended)

We recommend using general firewall rules that allow for outgoing traffic, as shown in the table below. This will always work in all regions as well as for future upgrades of our infrastructure. Please supply your network administrator with these details.

We also recommend to turn off any SIP and H.323 application gateways that may be enabled in the firewall.

A. 1) Service network

The following ports need to be open in order for us to provision and service your terminals and soft clients.

REQUIRED SERVICE HOST TRANSPORT PORTS RULE
Mandatory Provisioning and Phone book ANY TCP 80, 389, 443 Outgoing, established

A.  2) Calling network

 Rules to allow call signaling and media to flow through. Only traffic initiated from the inside is to be allowed.

REQUIRED SERVICE HOST TRANSPORT PORTS RULE
Mandatory Call signaling ANY TCP 1720, 2776, 2777, 5060, 5061 Outgoing, established
Mandatory Call media ANY UDP 10000-65535 Outgoing, established

 A. 3) Extra services

These rules are optional, open these for a better service experience.

REQUIRED SERVICE HOST TRANSPORT PORTS RULE
Recommended Network Time Protocol ANY UDP 123 Outgoing, established
Recommended SNMP Traps ANY UDP 162 Outgoing, established


 Alternative rules, limited hosts/networks to open in your firewall. 

B) Scoped down firewall rules

Some security policies may require limiting the list of IP addresses. If this is the case, the following networks should be opened up in your firewall. We recommend opening for the Global network, as this has presence in Europe, the US and most of Asia. However, if your office is located in Saudi Arabia or greater China, we recommend that you open up these networks in addition.

Note that the video servers on these IP addresses work as application layer gateways, and only relay audio/video traffic, so trusting these IP addresses should be safe from a security point of view.

B. 1) Service network (Avizia Cloud specific)

REQUIRED SERVICE HOST TRANSPORT PORTS RULE
Mandatory Provisioning and Phone book 46.137.184.162 TCP 80, 389, 443 Outgoing, established

B. 2) Calling network (Avizia Cloud specific)

You must open for at least one of regions below. For most customers Global will do, unless located in greater China or Saudi Arabia.

REQUIRED REGION NETWORK NETMASK
Mandatory
(for all customers)
Global 
(all 3 segments)
176.121.88.0 255.255.248.0 (/21)
91.240.204.0 255.255.252.0 (/22)
91.240.195.0 255.255.255.0 (/24)
Required for region People's Republic of China
(中国)
218.83.160.8-23
112.65.213.227-238
 
Required for region Greater China
(Hong Kong, Macau, Mongolia and Taiwan)
119.81.168.200 255.255.255.252 (/30)
Required for region Saudi Arabia 78.93.73.144 255.255.255.240 (/28)


with these destination ports open to allow for outbound initiated traffic and its return traffic:

REQUIRED
TRANSPORT
PORTS
RULE
Mandatory TCP 80, 389, 443, 1720, 2776, 2777, 5060, 5061 Outgoing, established
Mandatory UDP 10000-65535 Outgoing, established


B.   3) Extra services (Avizia Cloud Specific)

 These rules are optional, open these for a better service experience.

REQUIRED SERVICE HOST TRANSPORT PORTS RULE
Recommended Network Time Protocol 176.58.109.199 UDP 123 Outgoing, established
Recommended SNMP Traps 46.137.184.162 UDP 162 Outgoing, established

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request