Ref LAN & Firewall Guidelines All Rights Reserved 2010 Claranet Claranet Hosted Voice LAN and Firewall Guidelines for Internet- Only Customers August 2018
Purpose and Audience The experience, call quality and reliability of an IP Voice deployment like Claranet Hosted Voice is highly dependent on the local area network and firewall configurations at the site. The purpose of this document is to present for customers our recommended LAN and firewall settings and configurations that will support the deployment of Hosted Voice. These are based on industry standard practice and our experience from existing customer deployments. The audience for this document is technical network professionals with responsibility for and access to a Hosted Voice customer s LAN and network firewall. Firewall & Security Guide In order for IP phones to be able to access the service, some firewalls may need adjusting to allow the traffic through. If the firewall is running inside to outside rules then ports should be opened to allow the Hosted Voice protocols out. SIP ALG SIP ALG is the number one issue that will prevent phones registering to the platform and making calls. This is a setting that is quite often turned on automatically on most routers. If you have a self-managed Firewall, Switch or router please ensure this is turned off. Firewall Requirements The following table provides a list of all the TCP/UDP ports that are required to be accessible in order for the Handset and ATA to function correctly. Where firewalls are managed by customers or their third parties, it will be the customer s responsibility to take the appropriate steps to get firwall rules and policies updated. NOTE: Please increase TCP time out on your firewall to 60 minutes Phones and Office UC Desktop Client Device Protocol Destination Destination Port Polycom Download & Configuration Polycom Remote Provisioning Server (RPS) Yealink Download & Configuration Yealink Remote Provisioning Server (RPS) dm.yourwhc.co.uk 193.113.10.10 193.113.11.10 52.0.183.240 54.86.39.219 dm.yourwhc.co.uk 193.113.10.10 193.113.11.10 rps.yealink.com 52.71.103.102 35.156.148.166 Cisco Small Business Download & Configuration Signaling dm-csb.yourwhc.co.uk 193.113.10.33 193.113.11.35 SIP 62.7.201.128/27 62.7.201.160/27 UDP/TCP 5060 UDP/TCP 5060
Title 7.0-3 Media RTP 62.7.201.128/27 62.7.201.160/27 UDP 32767 to 65535 NTP 0.uk.pool.ntp.org UDP/TCP 123 DNS europe.pool.ntp.org Supplied locally UDP/TCP 53 If the Receptionist feature or Call Recording and Call Analytics has been ordered you will need to allow the following: Feature Protocol Destination Destination Port Call Analytics Portal icscallanalytics.yourwhc.co.uk 40.115.5.58 Voice Recording Portal callrecorder.yourwhc.co.uk 193.113.10.32 193.113.11.34 Note browser access is via a redirect from the Business Portal. If the UC Desktop application is to be used, the following ports will need to be allowed out in order for the UC Client to function appropriately. For Office UC app to work using WiFi you would also need to allow the same ports Device Protocol Destination Destination Port Application Signaling SIP 62.7.201.128/27 62.7.201.160/27 Application Media RTP 62.7.201.128/27 62.7.201.160/27 Office UC Desktop & Skype for Business Plug-In Downloads Office UC Smartphone and Tablet Downloads n/a downloads.yourwhc.co.uk 193.113.10.27 193.113.11.27 Apple Store Google Play Store Office UC Operation XSI officeuc.yourwhc.co.uk 193.113.10.11 193.113.11.11 Office UC Presence XMPP ums01.yourwhc.co.uk ums02.yourwhc.co.uk 193.113.10.7 193.113.11.7 Office UC Screenshare Proprietary uss01.yourwhc.co.uk uss02.yourwhc.co.uk 193.113.10.8 193.113.11.8 UDP/TCP 5060 UDP 32767 to 65535 n/a TCP 5222 TCP 1081 TCP 5281 TCP 5269 TCP 8443
OFFICE UC Mobile Client Application Protocol Destination Destination Port Application Signaling SIP uc-bslnws09.yourwhc.co.uk 62.7.201.172 62.7.201.140 centrex-ucbs11lnws13.yourwhc.co.uk 213.120.60.140 213.120.60.204 uc-bs12lnws14.yourwhc.co.uk 213.120.60.236 213.120.60.172 UDP/TCP 5060, 5074, 5075, 8933 Application Media RTP 62.7.201.132/27 62.7.201.164/27 213.120.60.132/27 213.120.60.196/27 213.120.60.160/27 213.120.60.224/27 UDP 32767 to 65535
Title 7.0-5 DHCP Configuration DHCP configuration is very important as this is one of the ways that the Phones will learn the VLAN that they reside in and also give enable adminstrators push out the phone confuration URL PLEASE NOTE: THE DHCP OPTIONS NEED TO BE ON THE DATA POOL See example of a sample DHCP configuration below; ip dhcp pool DATA_LAN network 172.16.0.0 255.255.255.0 default-router 172.16.0.1 dns-server 195.8.69.7 195.8.69.12 option 132 ascii "VLAN-A=11;" (For Yealinks) option 144 ascii "VLAN-A=11;"(for Polycoms) ip dhcp pool IPT_PHONES network 10.0.1.0 255.255.255.0 default-router 10.0.1.1 dns-server 195.8.69.7 195.8.69.12 *NOTE: VLAN 11 is the Voice Vlan. Switch Port Configuration Standard switch port configuration recommended by Cisco. Preferred Switch port config: interface GigabitEthernet0/47 description Example switch port config switchport access vlan 10 switchport mode access switchport voice vlan 11 spanning-tree portfast An alternative config which will also work: interface GigabitEthernet0/47 description Example switch port config Switchport mode trunk Switchport trunk allow vlan 10, 11 *Note: VLAN 10 Data, Vlan 11 Voice END OF DOCUMENT