How to configure your firewall and router

Christina Dechent
Christina Dechent
  • Updated

Firewall/Router configuration

Usually, if you configure your SIP phone clients like recommended in this article Connecting-Phones-via-SIP then no changes need to be made to your router and firewall. The client will look for its own way to pass your NAT and Firewall settings. 

However, in some cases, it would be necessary to make changes to your firewall and router settings. This would be the case if you encounter problems with sip clients not being able to register with our sip proxy or calls getting dropped or if you can't hear audio on one or both sides. If this is the case, please change the following settings in your firewall or router.

Allow incoming traffic from babelforce networks

Allow all traffic coming from babelforce servers to pass through your firewall. Depending on in which region you have opened your babelforce account please whitelist the following domains :

EU region:

Service Protocol Port Domain 
SIP TCP/UDP 5066

sip.services.babelforce.com

RTP UDP 12000-13000 sip.services.babelforce.com
STUN TCP/UDP 3478 stun.babelforce.com

Custom region:

Service Protocol Port Domain /
SIP TCP/UDP  5066 sip.ENVIRONMENT.babelforce.com
RTP UDP 12000-13000  sip.ENVIRONMENT.babelforce.com
STUN UDP 3478 stun.babelforce.com

 

NOTE: For Custom environment make sure to replace the work "ENVIRONMENT" by the name of your environment.

UDP / NAT / Advanced SIP settings

Not all firewalls support the configuration of the following features. If your firewall allows you to change these settings, we highly recommend it!

  • set UDP-NAT or UDP connection timeout to 180 sec (sometimes this is referred to as UDP inactivity / session / port timeout) 
  • turn on consistent NAT if possible
  • disable any kind of SIP transformations, like for example: SIP ALG (Application Layer Gateway), SIP SPI (Stateful Packet Inspection), and SIP helper or transformations

You can find a high-level description of how network traversal works for SIP here: How to set up your network for babelforce VoIP and SIP

 

NOTE- Please note that you need to whitelist the domain names listed in the article only. You shall not whitelist the static IP addresses to which the domain names resolve at the moment because the linked IP addresses are subject to change on a regular basis. For example, if you do maintenance work in your clusters, you can change them at any time.

Was this article helpful?

/

Comments

0 comments

Please sign in to leave a comment.