061 — Guide to configure your router and your firewall
To configure your router or firewall to use the Ubity solution, you must follow the instructions below.
1 Registering phones
Have the phones register on our servers in SIP (UDP port 5060) and uses the voice RTP (UDP ports).
2 Parameters relating to VoIP
Switch off all parameters and/or the section relating to VoIP.
No need for the router helps us by substituting local IP address of the phones/PBX by your public IP address, or make sure that the phones have always the same public source port (Consistent NAT). Almost all of our clients are behind NAT and have all mechanisms in place to manage effectively (this applies particularly to SonicWall firewalls).
QoS should be on IP address range of destination and the transport protocol. Prioritizing voice packets should be on everything ‘UDP’ and the destination IP address range 188.8.131.52/24.
4 Duration of inactive UDP sessions
The maximum duration of the inactive UDP sessions (UDP session timeout) should be higher than 60 seconds. Our equipment send keep-alive packets to your phone to determine if they still meet, and if so within what time (latency). This mechanism has the advantage of refreshing the NAT bindings used by phones by passing traffic, which allows us to keep in touch with telephones behind NAT.
5 Prioritize ICMP requests
It is recommended to prioritize (same as voice) ICMP requests from our monitoring server, the IP address 184.108.40.206, to be certain that the losses do not come from the fact that such requests are ignored during peak periods because they are considered non-priority.
6 Prevent firewall from blocking outbound traffic by default
If your firewall blocks outbound traffic by default, here are the rules you must add to output on our IP addresses (220.127.116.11/24) and to the Internet:
- SIP TCP/UDP 5060 et 5061 (signalisation) RTP UDP 10000 à 50000 (voix)
- T.38 UDP 50001 à 55000 (fax)
- HTTP 80 (configuration)
- HTTPS 443 (configuration)
- Syslog UDP 514 (debug)
- XMPP TCP 5222 (clavardage)
- NTP vers ca.pool.ntp.org (mise à jour de l’heure)
7 SIP ALG Parameters
“SIP ALG” parameters should be deactivated. Note that this can bare another name, depending on the brand of router/firewall used.
Note: This can bare another name, depending on the brand of router/firewall used.
Note: These rules could be liable to change in the near future.