Network Requirements
General required network conditions
The key measurement metrics for ensuring optimum voice /video quality over IP includes packet loss, delay and jitter.
Packet loss
The IP Telephony industry usually recommends maximum packet loss figures of around 0.25% as being the most that the average human hear can tolerate without losing sense of a conversation.
Delay
The International Telecommunications Union (ITU) defines a standard for one-way delay as being a maximum of 150 milliseconds before the user starts to perceive the delay.
Jitter
Jitter refers to the mis-spacing of the arrival of packets at the called party telephone end point. Excessive jitter will cause frying sounds to be heard on the call, and should therefore note exceed 15 milliseconds.
DHCP
The DHCP requirements are discussed
here
Connection types
Escaux UCS system to Escaux UCS system connection
One voice communication using ILBC encoding and transported in an Inter-Asterisk eXchange (IAX) trunk corresponds with a packet of 90 bytes (IP header + IP payload) sent every 30 ms.
Softphone to Escaux UCS system connection
The softphone can communicate with the Escaux UCS system via the G.711 or ILBC codec. The ILBC codec uses audio compression, resulting in a lower bandwidth requirement. This lower bandwidth consumption can come with the cost of a slightly less good audio quality. Inside a LAN network, where bandwidth is ubiquitous, the G.711 codec is recommended. See hereunder "G.711 codec" or "ILBC codec" for quantitative criteria.
IP Phone to Escaux UCS system connection
IP phones can communicate with the Escaux UCS system via the G.711 or ILBC codec (this depends on the type of IP phone). The ILBC codec uses audio compression, resulting in a lower bandwidth requirement. This lower bandwidth consumption can come with the cost of a slightly less good audio quality. Inside a LAN network, where bandwidth is ubiquitous, the G.711 codec is recommended. See hereunder "G.711 codec" or "ILBC codec" for quantitative criteria.
Voice codecs & bandwidth
The following table provides information about the bandwidth on the Ethernet layer that 1 VoIP call will generate.
Codec & Bit Rate (Kbps) |
Codec Sample Interval (ms) |
Voice Payload Size (Bytes) |
Packets Per Second (PPS) |
Bandwidth Ethernet (Kbps) |
G.711 (64 Kbps) |
20 |
160 |
50 |
87,2 |
G.729 (8 Kbps) |
20 |
20 |
50 |
31,2 |
ILBC (13.33Kbps) |
30 |
50 |
33,3 |
28,8 |
More detailed calculations can be done at
http://www.bandcalc.com/
Video codecs & bandwidth
The bandwidth taken by video data for net.Desktop is configurable when media links are configured between SOPs. By default, 128 Kbps is used in the IP payload for one-way video connection through net.Desktop .
Firewall configuration
Introduction
SOP connectivity
Standard firewall configuration
When your
SOP is operational, it will contact the
SMP by using your internet connection for a number of reasons. This requires opening up some ports on your firewall from the inside (LAN) to the outside (internet).
It is likely however that you don't have to change anything on your firewall. Most firewall configurations allow all traffic from the LAN to the internet.
In case of a high availability setup (active-standby or active-active) all the IP addresses used by the SOPs must be permitted.
The following firewall configuration is required:
From |
To |
Protocol |
Port |
Explanation |
SOP |
* |
TCP |
SSH (22) |
Used for authenticated and encrypted management of the SOP |
SOP |
* |
TCP |
HTTP (80) |
Used to query which SMP the SOP should use. |
SOP |
* |
TCP |
HTTPS (443) |
Software and security updates for the SOP. |
SOP |
Customer's SMTP server |
TCP |
SMTP (25) |
Used for voicemail-to-email |
SOP |
* |
UDP |
NTP (123) |
Used for time synchronization |
SOP |
* |
UDP |
DNS (53) |
Used to convert hostnames to IP addresses |
Management network |
SOP |
TCP |
HTTP (80) |
Manage audio prompts, music on hold files and call recordings |
Management network |
SOP |
TCP |
HTTPS (443) |
Manage audio prompts, music on hold files and call recordings |
![ALERT! ALERT!](../rsrc/System/DocumentGraphics/warning.png)
HTTP connectivity proxied through your corporate proxy server is NOT supported.
![ALERT! ALERT!](../rsrc/System/DocumentGraphics/warning.png)
MTU (Maximum Transmission Unit) should be 1500 bytes or higher.
Strict firewall configuration
The strict firewall configuration is suitable for customers where the recommended firewall configuration is not possible due to their security policy. In comparison with the recommended firewall configuration, the strict firewall configuration has additional restrictions on outgoing connections.
Please note that the current IP ranges 213.246.219.64/27 & 213.246.255.232/29 & 217.111.215.88/29 & 188.118.34.80/32 & 188.118.34.81/32 & 188.118.34.120/32 & 188.118.34.121/32 could change or that IP ranges might be added or removed in the future. You will be informed if and when this happens and will need to change your firewall configuration.
From |
To |
Protocol |
Port |
Explanation |
SOP |
213.246.219.64/27 & 213.246.255.232/29 & 217.111.215.88/29 & 188.118.34.80/32 & 188.118.34.81/32 & 188.118.34.120/32 & 188.118.34.121/32 |
TCP |
SSH (22) |
Used for authenticated and encrypted management of the SOP |
SOP |
213.246.219.64/27 & 213.246.255.232/29 & 217.111.215.88/29 & 188.118.34.80/32 & 188.118.34.81/32 & 188.118.34.120/32 & 188.118.34.121/32 |
TCP |
HTTP (80) |
Used to query which SMP the SOP should use. |
SOP |
213.246.219.64/27 & 213.246.255.232/29 & 217.111.215.88/29 & 188.118.34.80/32 & 188.118.34.81/32 & 188.118.34.120/32 & 188.118.34.121/32 |
TCP |
HTTPS (443) |
Software and security updates for the SOP. |
SOP |
Customer's SMTP server |
TCP |
SMTP (25) |
Used for voicemail-to-email |
SOP |
Customer's NTP server(s) |
UDP |
NTP (123) |
Used for time synchronization |
SOP |
Customer's DNS server(s) |
UDP |
DNS (53) |
Used to convert hostnames to IP addresses |
Management network |
SOP |
TCP |
HTTPS (443) |
Manage audio prompts, music on hold files and call recordings |
Management network |
SOP |
TCP |
HTTP (80) |
Manage audio prompts, music on hold files and call recordings |
![ALERT! ALERT!](../rsrc/System/DocumentGraphics/warning.png)
HTTP connectivity proxied through your corporate proxy server is NOT supported.
![ALERT! ALERT!](../rsrc/System/DocumentGraphics/warning.png)
MTU (Maximum Transmission Unit) should be 1500 bytes or higher.
SIP trunk connectivity to a telecom operator
From |
To |
Protocol |
Port |
Explanation |
SOP |
Provider's SIP proxy server |
UDP |
SIP (5060) |
Used for SIP Protocol |
Provider's SIP proxy server |
SOP |
UDP |
SIP (5060) |
Used for SIP Protocol |
SOP |
Provider's media gateway |
UDP |
1024-65535 |
Used for RTP media traffic (1) |
Provider's media gateway |
SOP |
UDP |
1024-65535 |
Used for RTP media traffic |
(1) this range can be modified according to the SIP provider's requirements.
Network Address Translation is not supported.
![ALERT! ALERT!](../rsrc/System/DocumentGraphics/warning.png)
Please consult our
Security recommendation guide before implementing firewall changes.
Inter-SOP connectivity (clustering + active / active)
Protocol |
Port |
Explanation |
TCP |
SSH (22) |
Cluster synchronisation (prompts, music-on-hold files) |
UDP |
SIP (5060) |
Mesh SIP trunks |
UDP |
10000-20000 |
RTP voice traffic |
TCP |
HTTP (80) |
Inter-sop API requests |
TCP |
HTTPS (443) |
Inter-sop API requests |
TCP |
4445 |
Application management server sync (phone statuses, profile parameters,...) |
There is no specific requirements for an active-active setup.
Network Address Translation is not supported.
SMP Phone status & reboot
Phones |
Web Interface User PC -> Phones |
Reboot feature SOP -> Phones |
Brands |
Prefix |
Protocol |
Port |
Protocol |
Port |
Aastra |
SDR |
HTTP |
80 |
HTTP |
80 |
Budgetone |
SDB |
- |
- |
- |
- |
Cisco |
SDC |
HTTP |
80 |
HTTP |
80 |
Cisco |
SDS |
HTTP |
80 |
HTTP |
80 |
Grandstream |
SDG3 |
HTTP |
80 |
HTTP |
80 |
Hitachi |
SDA |
- |
- |
- |
- |
Mitel |
SDM |
HTTP |
80 |
SIP |
5060 |
Polycom |
SDP |
HTTP |
80 |
SIP |
5060 |
Snom |
SDO1-7 |
HTTP |
80 |
SIP |
5060 |
Swiss Voice |
SDW |
- |
- |
- |
- |
Thomson |
SDT |
- |
- |
- |
- |
Unidata |
SDU |
HTTP |
8080 |
- |
- |
' - ' Reboot and access to web interface aren't supported.
Escaux Connect for UEP 1.1
- A domain name
- A valid certificate for the domain
From |
To |
Protocol |
Port |
Internet |
ISAP |
TCP |
HTTP (80) |
Internet |
ISAP |
TCP |
HTTPS (443) |
Internet |
ISAP |
TCP |
WebSocket (8088) |
UEP |
WebRTC |
UDP |
SIP (5060) |
WebRTC |
UEP |
UDP |
SIP (5060) |
UEP |
WebRTC |
UDP |
RTP (10000-20000) |
WebRTC |
UEP |
UDP |
RTP (10000-20000) |
PBX |
UEP |
TCP |
HTTP (80) |
PBX |
UEP |
TCP |
SIP (5060) |
PBX |
UEP |
TCP |
RTP (10000-20000) |
Connect Me
This application was formally known as Escaux Connect or Fuzer Connect.
Client
Recommended
For basic functionality:
From |
To |
Protocol |
Port |
Comment |
Client |
Customer's DNS server |
UDP |
53 (DNS) |
|
Client |
Internet |
TCP |
80 (HTTP) |
Optional : Only used to redirect to HTTPS |
Client |
Internet |
TCP |
443 (HTTPS) |
|
For softphone functionality:
From |
To |
Protocol |
Port |
Comment |
Client |
The IP range is dependent on your deployment |
UDP |
The port range is dependent on your deployment |
Only for UEP on customer premises |
Client |
* |
UDP |
All high ports: 1024-65535 (RTP) |
Cloud based customers |
For mediabridge direct media (point-to-point video & screen sharing):
From |
To |
Protocol |
Port |
Client |
* |
UDP |
All high ports: 1024-65535 (RTP) |
For mediabridge relayed media (point-to-point video & screen sharing via TURN server):
From |
To |
Protocol |
Port |
Client |
Internet |
UDP |
49152-65535 (TURN relay) |
Client |
Internet |
UDP |
3478 (TURN) |
Client |
Internet |
TCP |
5349 (TURN over TLS) |
Strict
The strict firewall configuration is suitable for customers where the recommended firewall configuration is not possible due their security policy. In comparison with the recommended firewall configuration, the strict firewall configuration has additional restrictions on outgoing connections.
Please note that the current IP ranges 213.246.219.64/27 & 213.246.255.232/29 & 217.111.215.88/29 & 188.118.34.80/32 & 188.118.34.81/32 & 188.118.34.120/32 & 188.118.34.121/32 could change or that IP ranges might be added or removed in the future. You will be informed if and when this happens and will need to change your firewall configuration.
For basic functionality:
From |
To |
Protocol |
Port |
Comment |
Client |
Customer's DNS server |
UDP |
53 (DNS) |
|
Client |
213.246.219.64/27 & 213.246.255.232/29 & 217.111.215.88/29 & 188.118.34.80/32 & 188.118.34.81/32 & 188.118.34.120/32 & 188.118.34.121/32 |
TCP |
80 (HTTP) |
Optional : Only used to redirect to HTTPS |
Client |
213.246.219.64/27 & 213.246.255.232/29 & 217.111.215.88/29 & 188.118.34.80/32 & 188.118.34.81/32 & 188.118.34.120/32 & 188.118.34.121/32 |
TCP |
443 (HTTPS) |
|
For softphone functionality:
From |
To |
Protocol |
Port |
Comment |
Client |
The IP range is dependent on your deployment |
UDP |
The port range is dependent on your deployment |
Only for UEP on customer premises |
Client |
213.246.219.64/27 & 213.246.255.232/29 & 217.111.215.88/29 & 188.118.34.80/32 & 188.118.34.81/32 & 188.118.34.120/32 & 188.118.34.121/32 |
UDP |
All high ports: 1024-65535 (RTP) |
Cloud based customers |
For mediabridge direct media (point-to-point video & screen sharing):
From |
To |
Protocol |
Port |
Client |
* |
UDP |
All high ports: 1024-65535 (RTP) |
For mediabridge relayed media (point-to-point video & screen sharing via TURN server):
From |
To |
Protocol |
Port |
Client |
Internet |
UDP |
49152-65535 (TURN relay) |
Client |
Internet |
UDP |
3478 (TURN) |
Client |
Internet |
TCP |
5349 (TURN over TLS) |
Server
Eth0
From |
To |
Protocol |
Port |
Comment |
ISAP |
OAuth |
TCP |
7380 |
oAuth requests |
Eth0 (backend - Escaux)
From |
To |
Protocol |
Port |
CDG |
All FMU |
UDP |
SIP 5060 |
All FMU |
CDG |
UDP |
SIP 5060 |
CDG |
All FMU |
UDP |
RTP range 10000 - 20000 |
CDG |
LS |
UDP |
SIP 5060 |
LS |
CDG |
UDP |
SIP 5060 |
CDG |
CAG |
UDP |
SIP 5060 |
CAG |
CDG |
UDP |
SIP 5060 |
CDG |
|
|
Standard SOP connectivity |
With HLR connectivity:
From |
To |
Protocol |
Port |
CDG |
CAG |
UDP |
SIP 5060 |
CAG |
CDG |
UDP |
SIP 5060 |
Eth1 (provider)
If the connection with the provider is not SIP but ISUP, this section is irrelevant.
Minimum rules on Escaux interface:
From |
To |
Protocol |
Port |
CAG |
All FMU |
UDP |
SIP 5060 |
All FMU |
CAG |
UDP |
SIP 5060 |
CAG |
LS |
UDP |
SIP 5060 |
LS |
CAG |
UDP |
SIP 5060 |
CAG |
CDG |
UDP |
SIP 5060 |
CDG |
CAG |
UDP |
SIP 5060 |
CAG |
|
|
Standard SOP connectivity |
With HLR connectivity:
From |
To |
Protocol |
Port |
CAG |
CDG |
UDP |
SIP 5060 |
CDG |
CAG |
UDP |
SIP 5060 |
SIGTRAN link with provider:
![ALERT! ALERT!](../rsrc/System/DocumentGraphics/warning.png)
SCTP not yet managed by the firewall.
SIP link with provider: on the provider interface:
From |
To |
Protocol |
Port |
CAG |
MSS |
UDP |
SIP 5060 |
MSS |
CAG |
UDP |
SIP 5060 |
From |
To |
Protocol |
Port |
LS |
CAG |
UDP |
SIP 5060 |
CAG |
LS |
UDP |
SIP 5060 |
LS |
CDG |
UDP |
SIP 5060 |
CDG |
LS |
UDP |
SIP 5060 |
LS |
|
|
Standard SOP connectivity |
From |
To |
Protocol |
Port |
Internet |
ISAP |
TCP |
HTTP (80) |
Internet |
ISAP |
TCP |
HTTPS (443) |
Internet |
ISAP |
TCP |
SSH (22) |
ISAP |
UEP |
TCP |
HTTP 80 (CardDAV) |
ISAP |
UEP |
TCP |
HTTP 7080 (Connect Me) |
ISAP |
UEP |
TCP |
HTTP 8080 (UEP API) |
ISAP |
UEP |
TCP |
HTTP 9080 (Authentication API) |
ISAP |
File Depot |
TCP |
HTTP 5080 (File Depot API) |
ISAP |
WebRTC |
TCP |
HTTP 2080 (WebRTC API) |
ISAP |
WebRTC |
TCP |
WebSocket 8088 (SIP over Websocket) |
ISAP |
|
|
Standard SOP connectivity |
WebRTC
From |
To |
Protocol |
Port |
Internet |
WebRTC |
UDP |
RTP port range 10000-20000 (NATed by the firewall). Other ranges can be used. |
WebRTC |
Internet |
UDP |
RTP port range 10000-20000 (NATed by the firewall). Other ranges can be used. |
WebRTC |
UEP |
UDP |
SIP 5060 |
UEP |
WebRTC |
UDP |
SIP 5060 |
WebRTC |
UEP |
UDP |
RTP range (10000-20000) |
WebRTC |
UEP |
TCP |
HTTP 8000 |
WebRTC |
|
|
Standard SOP connectivity |
From |
To |
Protocol |
Port |
GCM (FCM) |
UEP |
UDP |
SIP port 5060 |
UEP |
GCM (FCM) |
UDP |
SIP port 5060 |
GCM (FCM) |
UEP |
TCP |
HTTP port 8000 (UEP-API) |
GCM (FCM) |
ISAP |
TCP |
SSH port 22 |
ISAP |
GCM (FCM) |
TCP |
HTTP port 2080 (FCM-API) |
GCM (FCM) |
Internet |
TCP |
HTTPS port 443 |
GCM (FCM) |
|
|
Standard SOP connectivity |
Three different FMU modes are considered here:
- standalone mode (FMU directly connected to the customer (UEP))
- gateway mode 1 interface (when the UEP is in the Escaux solution)
- gateway mode 2 interfaces (when the UEP is on the client => FMU plays the role of the border route).
Standalone mode: with this mode FMU is directly connected to the customer (no UEP)
![ALERT! ALERT!](../rsrc/System/DocumentGraphics/warning.png)
2 interfaces are necessary because itÂ’s a border router: one for the customer (eth0) and the second for Escaux side (eth1)
Eth0 (customer):
From |
To |
Protocol |
Port |
FMU |
PABX |
UDP |
SIP port 5060 to 9061 |
PABX |
FMU |
UDP |
SIP port 5060 to 9061 |
FMU |
PABX |
UDP |
RTP ranges (10000-20000) |
FMU primary |
FMU failover |
UDP |
SIP port 5060 |
FMU failover |
FMU primary |
UDP |
SIP port 5060 |
Eth1 (Escaux - management):
From |
To |
Protocol |
Port |
FMU |
CDG |
UDP |
SIP port 5060 |
CDG |
FMU |
UDP |
SIP port 5060 |
FMU |
CDG |
UDP |
RTP ranges (10000-20000) |
FMU |
CAG |
UDP |
SIP port 5060 |
CAG |
FMU |
UDP |
SIP port 5060 |
FMU primary |
FMU failover |
UDP |
SIP port 5060 |
FMU failover |
FMU primary |
UDP |
SIP port 5060 |
FMU |
|
|
Standard SOP connectivity |
Gateway mode 1 interface: in this case there is only one interface, this mode is used when the UEP is in the Escaux solution (UEP is in the cloud).
From |
To |
Protocol |
Port |
FMU |
UEP |
UDP |
SIP port 5060 and 5061 |
UEP |
FMU |
UDP |
SIP port 5060 and 5061 |
FMU |
UEP |
UDP |
RTP ranges (10000-20000) |
FMU |
CDG |
UDP |
SIP port 5060 |
CDG |
FMU |
UDP |
SIP port 5060 |
FMU |
CDG |
UDP |
RTP ranges (10000-20000) |
FMU |
CAG |
UDP |
SIP port 5060 |
CAG |
FMU |
UDP |
SIP port 5060 |
FMU primary |
FMU failover |
UDP |
SIP port 5060 |
FMU failover |
FMU primary |
UDP |
SIP port 5060 |
FMU |
|
|
Standard SOP connectivity |
Gateway mode 2 interfaces : this mode is used when the UEP is on the client and the FMU plays the role of the border router.
Eth0 (client)
From |
To |
Protocol |
Port |
FMU |
UEP |
UDP |
SIP port 5060 and 5061 |
UEP |
FMU |
UDP |
SIP port 5060 and 5061 |
FMU primary |
FMU failover |
UDP |
SIP port 5060 |
FMU failover |
FMU primary |
UDP |
SIP port 5060 |
FMU |
UEP |
UDP |
RTP ranges (10000-20000) |
Eth1 (Escaux Management)
From |
To |
Protocol |
Port |
FMU |
CDG |
UDP |
SIP port 5060 |
CDG |
FMU |
UDP |
SIP port 5060 |
FMU |
CDG |
UDP |
RTP ranges (10000-20000) |
FMU |
CAG |
UDP |
SIP port 5060 |
CAG |
FMU |
UDP |
SIP port 5060 |
FMU primary |
FMU failover |
UDP |
SIP port 5060 |
FMU failover |
FMU primary |
UDP |
SIP port 5060 |
FMU |
|
|
Standard SOP connectivity |
From |
To |
Protocol |
Port |
UEP |
Gateways (WebRTC/APN/GCM/FMU) |
UDP |
SIP port 5060 |
Gateways (WebRTC/APN/GCM/FMU) |
UEP |
UDP |
SIP port 5060 |
UEP |
Gateways (WebRTC/APN/GCM/FMU) |
UDP |
RTP ranges (10000-20000) |
UEP |
PABX |
UDP |
SIP port 5060 |
UEP |
PABX |
UDP |
RTP ranges (10000-20000) |
UEP |
PABX |
TCP |
HTTP port 80 |
UEP |
SMP-Web* |
TCP |
HTTPS port 443 |
UEP |
|
|
Standard SOP connectivity |
User agent - SOP
net.Desktop connectivity
If the users have the net.Desktop application running on their computer and a firewall is present between the users' LAN and the SOP, the following firewall configuration is required:
Protocol |
From |
To |
Destination port(s) |
Explanation |
TCP |
Client |
SOP |
4445 |
net.Desktop - sop event communication |
TCP |
Client |
SOP |
4446 |
net.Desktop - sop other communication |
TCP |
Client |
SOP |
4559 |
Outgoing FAX server communication |
TCP |
Client |
SOP |
25 |
Outgoing FAX server communication (new since 2.28 when using quick fax) |
UDP |
Client:5060-5070 |
SOP |
5060 |
SIP net.Desktop User Agent |
UDP |
Client:5060-5070 |
Client |
5060-5070 |
SIP chat peer to peer |
UDP |
Client:4569 |
Client |
4569 |
Peer to peer video |
Note that there must be a direct IP route between the net.Desktop clients' IPs for the clients to be able to chat. Therefore, net.Desktop clients will not be able to communicate if
Network Address Translation is used.
net.Console connectivity
From |
To |
Protocol |
Destination port(s) |
Explanation |
SOP (1) |
Phone |
TCP |
HTTP (80) |
API requests to phone |
SOP |
Phone |
UDP |
SIP (5060) |
SIP signaling |
Phone |
SOP |
SIP |
SIP (5060) |
SIP signaling |
SOP |
Phone |
UDP |
10000-20000 |
RTP traffic. The port range can be limited through the resource configuration of certain phones |
Phone |
SOP |
UDP |
10000-20000 |
RTP traffic. The port range can be limited through the resource configuration of certain phones. |
Client |
SOP |
TCP |
SIP over TCP (3040) |
Control connection |
SOP (1) |
Client |
TCP |
SIP over TCP (3040) |
Control connection |
(1) For active/standby architectures, consider the active and standby IP addresses
net.Supervisor connectivity
Protocol |
From |
To |
Destination port(s) |
Explanation |
TCP |
Client |
SOP |
4445 |
net.Supervisor - sop event communication |
TCP |
Client |
SOP |
HTTP (80) |
SOP API requests |
Desk phone connectivity
Local phone and local SOP
A connection between a desk phone and a locally hosted SOP should be unfirewalled.
Network Address Translation is not supported.
Polycom phone over internet
Recommended:
From |
To |
Protocol |
Port |
Explanation |
Phone |
* |
UDP |
NTP (123) |
Time synchronization |
Phone |
* |
TCP |
SIP over TLS (The specific port(s) depend on your specific implementation. Please contact your project manager to know which one(s).) |
Used for call signalling |
Phone |
* |
UDP |
(S)RTP (The specific port(s) depend on your specific implementation. Please contact your project manager to know which one(s).) |
Used for call voice |
Phone |
* |
UDP |
DNS (53) |
Used to convert hostnames to IP addresses |
Phone |
* |
TCP |
HTTPS (443) |
Connection towards the Pure Cloud provisioning domain |
Strict:
The strict firewall configuration is suitable for customers where the recommended firewall configuration is not possible due to their security policy. In comparison with the recommended firewall configuration, the strict firewall configuration has additional restrictions on outgoing connections.
Please note that the current IP ranges 213.246.219.64/27 & 213.246.255.232/29 & 217.111.215.88/29 & 188.118.34.80/32 & 188.118.34.81/32 & 188.118.34.120/32 & 188.118.34.121/32 could change or that IP ranges might be added or removed in the future. You will be informed if and when this happens and will need to change your firewall configuration.
From |
To |
Protocol |
Port |
Explanation |
Phone |
Customer's NTP server(s) |
UDP |
NTP (123) |
Time synchronization |
Phone |
213.246.219.64/27 & 213.246.255.232/29 & 217.111.215.88/29 & 188.118.34.80/32 & 188.118.34.81/32 & 188.118.34.120/32 & 188.118.34.121/32 |
TCP |
SIP over TLS (The specific port(s) depend on your specific implementation. Please contact your project manager to know which one(s).) |
Used for call signalling |
Phone |
213.246.219.64/27 & 213.246.255.232/29 & 217.111.215.88/29 & 188.118.34.80/32 & 188.118.34.81/32 & 188.118.34.120/32 & 188.118.34.121/32 |
UDP |
(S)RTP (The specific port(s) depend on your specific implementation. Please contact your project manager to know which one(s).) |
Used for call voice |
Phone |
Customer's DNS server(s) |
UDP |
DNS (53) |
Used to convert hostnames to IP addresses |
Phone |
213.246.219.64/27 & 213.246.255.232/29 & 217.111.215.88/29 & 188.118.34.80/32 & 188.118.34.81/32 & 188.118.34.120/32 & 188.118.34.121/32 |
TCP |
HTTPS (443) |
Connection towards the Pure Cloud provisioning domain |
net.Buzz connectivity
From |
To |
Protocol |
Port |
Explanation |
PC client |
SOP |
TCP |
HTTP (80) |
Authentication and provisioning |
PC client |
SOP |
TCP |
LDAP (389) |
Corporate directory via default LDAP directory (optional) |
PC client |
Customer's LDAP server |
TCP |
LDAP (389) |
Corporate directory via customer LDAP directory (optional) |
PC client |
SOP |
UDP |
SIP (5060) |
SIP control channel |
PC client |
secure.counterpath.com (alternatively but not recommended, 69.90.51.170 & 216.93.246.170 & 137.135.52.175 ) |
TCP |
HTTPS (443) |
Licensing server |
SOP |
PC Client |
UDP |
SIP (5060) |
SIP control channel |
PC client |
SOP |
UDP |
RTP (port range 30000-31000 by default) |
RTP traffic |
SOP |
PC client |
UDP |
RTP (port range 10000-20000 by default) |
RTP traffic |
Network Address Translation is not supported.
Counterpath Eyebeam & Bria connectivity
See the firewall requirements for net.Buzz