VoIP Firewall: Difference between revisions

Revision as of 10:08, 30 July 2013

This is what we suggest firewall-wise for voip customers:

Firewall Requirements on Voiceless Platform
	Ports	Source
SIP (IPv4)	UDP 5060	81.187.30.110 - 119
SIP (IPv6)	UDP 5060	2001:8b0:30::5060:0/112
RTP (IPv4)	UDP 1024-65535	81.187.30.110 - 119
RTP (IPv6)	UDP 1024-65535	2001:8b0:30::5060:0/112

Firewall Requirements on Legacy 'C' Platform
	Ports	Source
SIP	UDP 5060	81.187.30.110 - 119
RTP	UDP 1024-65535	Everywhere

SIP is the call routing information that creates and manages calls

RTP is the actual audio. On the older call servers it will be as direct as possible the audio can be sent from anywhere on the internet. Using the ne call servers it is only from the same call server as the SIP control messages.

NAT

Avoid using NAT where possible. However, some NAT gateways provide an adequate SIP ALG (e.g. Technicolor TG582), and some devices provide NAT that works with the new call server (e.g. FireBrick 2500/2700 and many simple NAT routers). If NAT works, then well done, but if not we cannot guarantee to be able to make it work.

@@ Line 1: / Line 1: @@
 [[file:Snom710.png|link=:Category:VoIP|Go to the VoIP Category]]
+This is what we suggest firewall-wise for voip customers:
 {| class="wikitable"
@@ Line 43: / Line 43: @@
 |UDP 1024-65535
 |Everywhere
 |}
+'''SIP''' is the call routing information that creates and manages calls
+'''RTP''' is the actual audio. On the older call servers it will be as direct as possible the audio can be sent from anywhere on the internet. Using the ne call servers it is only from the same call server as the SIP control messages.
+==NAT==
+Avoid using NAT where possible. However, some NAT gateways provide an adequate SIP ALG (e.g. Technicolor TG582), and some devices provide NAT that works with the new call server (e.g. FireBrick 2500/2700 and many simple NAT routers). If NAT works, then well done, but if not we cannot guarantee to be able to make it work.