BT Cloud Voice Firewalls and LAN You need to make sure that your BT Cloud Voice service connects to our network across your internal data network so you can make and receive consistently high quality calls. Firewalls Because there are so many different types of firewalls available, you re best off contacting your firewall provider to find out how to configure yours to work best with BT Cloud Voice. So here we re just giving you the requirements for BT Cloud Voice. It may be that you don t need to do anything at all: your IP handset may register on the network without you having to do any further configuration. Or if you re using our Business Hub 5 on its default settings and without a second firewall, you ll find that your Cloud Voice will be fine. But if this isn t the case, and you re unable to make calls, then you ll need to make a few changes to your firewall so BT Cloud Voice can connect with our network. We recommend that you consult your firewall provider before you make any changes (so you can be sure that you don t inadvertently expose your network to any security risks). LAN BT Cloud Voice has these network requirements - If you re wanting to use address translation o You ll need access to the protocols and ports detailed in ports. Depending on the type of firewall you ve got, you may not need to open any ports: if your firewall is running inside-to-outside rules, then you ll need to open the ports; there shouldn t be any reason to open ports that are inbound on the firewall. If your router or firewall is SIP-aware or SIP ALG-enabled, you must turn it off (so the device doesn t interfere with any signalling). British Telecommunications plc Page 1 of 5
Prioritisation of VoIP traffic The BT Business Internet Access service prioritises your SIP signalling and VoIP traffic over other traffic. To make sure you always get good quality calls, your LAN should also prioritise VoIP traffic. BT s SIP platform has the following IP addresses: 147.152.35.101 213.120.60.133, 147.152.35.109 213.120.60.139 213.120.60.197 62.7.201.139 213.120.60.203 62.7.201.171 BT s platform has the following media (RTP) IP addresses: 147.152.35.100 62.7.201.164 147.152.35.108 213.120.60.132 62.7.201.132 213.120.60.196 Prioritise traffic to and from these addresses over other competing traffic in your LAN infrastructure: 1. The incoming and outgoing BT SIP and VoIP (RTP) traffic should take priority over other traffic through the firewall. 2. If the SIP signalling and VoIP traffic traverses your LAN and competes with other traffic then it should take priority over that other traffic. British Telecommunications plc Page 2 of 5
Ports Service Ports Device Protocol Outbound Destination Destination Port Devices & apps (including ATA and ) signalling SIP 147.152.35.101/29 147.152.35.109/29 62.7.201.171/27 62.7.201.139/27 213.120.60.133/27 213.120.60.197/27 _sip_udp.ipcommsbtblnwsbs09.bt.com _sip_tcp.ipcommsbtblnwsbs09.bt.com _sip_udp.ipcomms-btb-uclnwsbs09.bt.com _sip_tcp.ipcomms-btb-uclnwsbs09.bt.com _sip_udp.ipcomms-btb-centrexlnwsbs09.bt.com _sip_tcp.ipcomms-btb-centrexlnwsbs09.bt.com _sip._udp.ipcomms-btb-uclnws13bs11.bt.com _sip._tcp.ipcomms-btb-uclnws13bs11.bt.com _sip._udp.ipcomms-btb-centrexlnws13bs11.bt.com _sip._tcp.ipcomms-btb-centrexlnws13bs11.bt.com UDP/TCP 5060 to 5075 UDP/TCP 8893 Devices & apps media RTP 147.152.35.100/29 147.152.35.108/29 62.7.201.132/27 62.7.201.164/27 213.120.60.132/27 213.120.60.196/27 UDP 32766 to 65535 IP Phone (including ATA) NTP europe.pool.ntp.org uk.pool.ntp.org UDP/TCP 123 cn.pool.ntp.org (used by some phone types following a factory reset before BT config is downloaded) IP Phone (including ATA) DNS Supplied Locally UDP/TCP 53 British Telecommunications plc Page 3 of 5
Handsets Cisco HTTPS 193.113.10.33 193.113.11.35 (dm-csb.yourwhc.co.uk) Cisco 112 Fax HTTPS https://dm- csb.yourwhc.co.uk/dms/cisco_spa- 112_Fax/$MA.xml Cisco 122 Fax HTTPS https://dm- csb.yourwhc.co.uk/dms/cisco_spa- 122_Fax/$MA.xml Cisco Linksys Download & Configuration Polycom Panasonic Yealink Applications Application and Client operation HTTPS 193.113.10.34 193.113.11.36 (dm-linksys.yourwhc.co.uk) HTTPS 193.113.10.27 193.113.11.27 (dmclients-ipcomms.bt.com) XSI 193.113.10.11 193.113.11.11 (btbc-ipcomms.bt.com) Presence XMPP + 193.113.10.7 (ums01-ipcomms.bt.com) 193.113.11.7 (ums02-ipcomms.bt.com) TCP 5222 TCP 1081 TCP 5281 TCP 5269 Screen share BT Cloud Voice Toolbar operation 193.113.10.8 (uss01-ipcomms.bt.com) 193.113.11.8 (uss02-ipcomms.bt.com) TCP 8443 TCP 2209 BT Cloud Voice Reception Console CRM Integrator/Connect British Telecommunications plc Page 4 of 5
CRM Integrator/Connect Licence check Device Protocol Outbound Destination Destination Port HTTPS 193.113.10.13 193.113.11.13 (ccusage-ipcomms.bt.com) Web Portal BT Cloud Voice Business Portal HTTPS 193.113.10.13 193.113.11.13 (btcloudvoice.bt.com) Call Recording Portal HTTPS 193.113.10.32 193.113.11.34 Note browser will be redirected from business portal. Additional Settings - These settings should be applied as well for BT Cloud Voice. Please remember to reboot all related devices after any changes are made Nat Refresh - Should be set to 300 (also known as UDP as per the below): 1. Firewall => Advanced => Scroll down to "UDP": Increase UDP timeout to 300 [Sonicwall] sometimes this setting can be found in: 2. Firewall Settings =>Flood Protection=>Scroll down to UDP Settings : Increase UDP time out to 300 SIP Transformations sections should be DISABLED. (This setting is also known as SIP ALG). * If any one way transmission is experienced, please disable Packet Acceleration Stun Server: There is no stun server integration with BT Cloud Voice. SIP ALGs STUN servers are mainly for peer to peer SIP and are not needed for client/server SIP using SBCs. A STUN (Session Traversal of User Datagram Protocol [UDP] Through Network Address Translators [NATs]) server allows NAT clients (i.e. IP Phones behind a firewall) to setup phone calls to a VoIP provider hosted outside of the local network. Important stuff You should be able to use your BT Cloud Voice to make and receive good quality phone calls. However, you ll only be able to do that if your internal network is properly set up. If it isn t, your call quality won t be top-notch. If you report a fault to us and we find that the fault is down to a problem with equipment that you own, then charges will be raised related to the issue. All the information in this document is for general guidance only. We recommend that you contact the company handling your firewall and switch, or an IT consultant for anything to do with configuring your LAN or firewall. British Telecommunications plc Page 5 of 5