The VOIspeed phone system uses communication ports for every process that requires the receiving and sending of data. For the application to work effectively therefore you need to avoid that the network equipment (firewall and router) blocks the traffic on these ports.
WARNING: the uncontrolled unblocking of a company’s router/firewall ports exposes the network to attacks, therefore this activity must be performed by expert personnel, only when necessary. If you need to open some ports (for remote users or VoIP operators) it is important to specify the IP addresses that will contact the phone server.
DISABLE SIP ALG
When you use a VoIP PBX like VOIspeed using your own router to interconnect terminals remotely or register a VoIP account you must always disable the SIP ALG function. Furthermore, it is necessary that NAT dynamic sessions are equal or greater than 60 seconds. If you are uncertain about this, run our test software and send us the results after having run it for about 5 minutes from a network machine that surfs the internet through the router you want to certify.
The UCloud platform is managed directly by Teamsystem Communication, therefore access to the phone system is always guaranteed. However, for outgoing calls, the phone extensions in companies could be blocked by strict firewall policies:
|Application||Port/ Range||Protocol||Port/ range||Protocol|
|SIP Terminals||SIP *||UDP|
|SIP Gateway||SIP gateway *||UDP|
|UI for PC||HTTP *||TCP/UDP|
|UI for PC (other ports)||443||TCP||3542||TCP|
* Note: The SIP listening ports for terminals in the UCloud environment, the SIP gateway and the UI are different for each company. Therefore you need to identify the necessary ports within the phone system. Go to the Configuration –> Company menu and in the Properties panel, note the address of the SIP Port, the SIP Gateway Port and the HTTP Port respectively.
In particular, if there are problems with communication between company extensions of different offices (not calling Peer to Peer) you will need to unblock all the traffic from / by the IP address of the VOIspeed UCloud server.
In the section of general business settings there is also a screen with suggestions about how to configure correctly your own router/firewall.
PLATFORM ON PREMISES
For the local network to function, the firewall of the server machine should be configured to unblock the pbx service application in the Public, Private and Domain environments. It is not normally necessary to create advanced rules for specific ports.
In case you need to connect phone system’s remote devices (telephones and general user interface), you need to create a WAN route between phone servers or simply access the web administration interface of the phone system, where it is essential to open ports on the router behind which the PBX is located.
NB: opening the port of the NAT of the router, means unblocking the ports where a firewall is active, and above all re-addressing the same ports to the private IP of the VOIspeed server. In other words, it is necessary to route the traffic received from the router from the outside world on port X to the private IP of the PBX at the same port X.
The following devices require firewall ports to be opened:
- SIP devices
- HTML5 GUI
- Windows GUI
The following port links to open to allow VOIspeed 6 On Premises to function correctly are as follows:
|VoIP||5004-5060||UDP 5060 is used for registration and UDP 5004 to 5069 are used for RTP streams (voice).|
|GUI Windows||5063 and 3543||UDP and TCP 5063 and 3543|
|GUI HTML5||5064 and 3542||UDP and TCP 5064. TCP 3542.|
|WAN||5061-5062||5061 and 5062 for both UDP and TCP and UDP range from 5004-5064.|
|HTTP PBX interface||3542 + 3543||TCP 3542 for WEB admin and TCP 3543 for Apache/PBX.|
VOIspeed 6 allocates a UDP port for every VOIP call. The calls that are added to the active calls are allocated on ports of a distance of+3 from the current port: for example, from port 5004 used for the first call, the second call occupies from 5007, the third the 5010, and so on (and then a mechanism which frees and recycles the ports of the conversations that have finished. Therefore to calculate the range of the number of simultaneous conversations managed by the switchboard must be considered. A fairly reliable criteria is to take the number of users of the PBX and multiply it by 3: The value obtained is a good estimate for the upper limit of the range of UDP ports for audio streams. For example, a mechanism that frees and recycles the ports of conversations that have finished.
- 10 users -> 30 ports: range 5004-5034
- 20 users -> 60 ports: range 5004 – 5065 (a port needs to be increased because 5060 is already used for alerts)
- 30 users -> 90 ports: range 5004-5095 (a port needs to be increased because 5060 is already used for alerts)
You need to open the Firewall ports on your router to allow the traffic to PBX in case if you are logging remotely, accessing web interface of the server remotely or creating WAN route between two servers.