Helpful Basics
      Back to home
      1. Sinch Voice Knowledge Base
      2. Helpful Basics

      Recommended Firewall Settings

      Recommended settings for Non-managed//Home Users//BYOB customers

      Options 1.) DNS 1 = USE Customer's ISP
      Options 2.) DNS 1 = USE Customer's ISP

      For fully redundant services it is required to utilize a DNS resolver that will resolve SRV/NAPTR records. All FQDNs are Geo-Redundant between our north and south servers. They resolve to more than one IP/port.

      Hosted customers should whitelist the following FQDNs:
      south1.hosted.sip.global
      south2.hosted.sip.global
      blf-south1.hosted.sip.global
      blf-south2.hosted.sip.global

      north1.hosted.sip.global
      north2.hosted.sip.global
      blf-north1.hosted.sip.global
      blf-north2.hosted.sip.global

      generic-south.hosted.sip.global
      generic-north.hosted.sip.global

      mobile.hosted.sip.global

      tls-south1.hosted.sip.global

      tls-north1.hosted.sip.global



      SIP Trunking customers should whitelist the following FQDN:
      reg-gw.hosted.sip.global



      DNS service like OpenDNS or your ISP's DNS can be used if you are not managing your own DNS server.

      If you do manage your own DNS Server then please make sure it is SRV/NAPTR capable.

      We want to make sure the following (however it references it is OFF)
      SIP INSPECTION, SIP Transformations, SIP Aware, SIP ALG, SIP/Session Helper, or SIP PASSIVE (disable any version of this)

      UPNP should be disabled

      Networks QOS (quality of service) should be configured to prioritize the traffic for your phones over data traffic. Specifically we use DSCP Value 46 also known as EF (expedited forwarding).

      Enabling and opening the following UDP and TCP Ports and IP ranges:
      80
      443
      XMPP port: 5222

      Note: The following ports need to not only be open for UDP and TCP, but also Pinhole Timeout Value needs updated from 30 to 300.

      5060
      5061
      5075
      5077
      4444
      44444

      The following ports are used at random to set up RTP streams for audio/media/voice paths:

      RTP Port Range: 1024 to 65535 (random)

      All of these IP ranges need to be open as well for services provided by Inteliquent/Voyant to function properly:

      Network Pop Usage
      198.174.211.0/24 Plymouth ATLAS and Provisioning
      198.74.62.80/28 Plymouth Configuration servers
      198.174.62.0/24  Plymouth DMZ can include USS/UMS, XSPs for Device management and Clients, etc
      137.192.1.0/24 Plymouth DMZ can include USS/UMS, XSPs for Device management and Clients, etc
      137.192.76.0/24 Dallas DMZ can include USS/UMS, XSPs for Device management and Clients, etc
      137.192.77.0/24 Dallas DMZ can include USS/UMS, XSPs for Device management and Clients, etc
      204.220.52.0/24 Plymouth DMZ can include USS/UMS, XSPs for Device management and Clients, etc
      204.220.62.0/24 Dallas DMZ can include USS/UMS, XSPs for Device management and Clients, etc
      206.144.2.0/24 Plymouth DMZ can include USS/UMS, XSPs for Device management and Clients, etc
      206.144.244.0/24 Dallas DMZ can include USS/UMS, XSPs for Device management and Clients, etc
      137.192.78.0/24 Dallas SBC 6300 Carrier and Access
      137.192.80.0/24 Plymouth SBC 6300 Carrier and Access



      subnet:
      255.255.255.240 = /28
      255.255.255.0 = /24