IC Knowledge Base

Firewall & Security Guide


Firewall & Security Guide

In order for IP phones, portals and applications to be able to access the service, some firewalls may need adjusting to allow the traffic through.  If the End Customer is running inside to outside rules then ports should be opened to allow the WHC protocols out. There should be no reason for the End Customer to open ports inbound on the firewall.

Please note, whatever device you are using to manage NAT, this should be configured to have a NAT refresh/inactivity timer of not less than 300 seconds

SIP ALG

SIP ALG is the number one issue that will prevent phones registering to the platform and making calls.  This is a setting that is quite often turned on automatically on most routers.  Please ensure this is turned off on the End Customers router and/or firewalls. 

CPE Port requirements

Device

Protocol

Destination

Destination Port

IP Phone & ATA Signalling

SIP

centrex-bslnws09.yourwhc.co.uk

centrex-lnwsbs09.yourwhc.co.uk

ipcomms-route62-bs11lnws13.yourwhc.co.uk

ipcomms-route62-bs12lnws14.yourwhc.co.uk

IP Address Range

217.32.186.0 – 217.32.186.191

IP Address Subnets

62.7.201.128/27

62.7.201.160/27

217.32.186.0/26;

217.32.186.64/26;

217.32.186.128/26

 

 

 

 

UDP/TCP 5060 – 5075

 

 

 

UDP/TCP 5060

IP Phone & ATA Media

RTP

IP Address Range

217.32.186.0 – 217.32.186.191

IP Address Subnets

62.7.201.128/27

62.7.201.160/27

217.32.186.0/26;

217.32.186.64/26;

217.32.186.128/26

UDP 32767 to 65535

SIP Trunk Signalling (Dynamic)

SIP

sipt-dynamic-bslnws09.yourwhc.co.uk

sipt-dynamic-route62-bs11lnws13.yourwhc.co.uk

sipt-dynamic-route62-bs12lnws14.yourwhc.co.uk

62.7.201.128/27

62.7.201.160/27

217.32.186.0/26

217.32.186.64/26

217.32.186.128/26

UDP/TCP 5060

SIP Trunk Signalling
(Static)

SIP

sipt-static-bslnws09.yourwhc.co.uk

sipt-static-route62-bs11lnws13.yourwhc.co.uk

sipt-static-route62-bs12lnws14.yourwhc.co.uk

  1. 7.201.128/27
  2. 7.201.160/27
  3. 217.32.186.0/26
  4. 217.32.186.64/26
  5. 217.32.186.128/26

UDP/TCP 5060

SIP Trunk Media (Dynamic & Static)

RTP

62.7.201.128/27

62.7.201.160/27

217.32.186.0/26

217.32.186.64/26

217.32.186.128/26

UDP 32767 to 65535

IP Phone & ATA

NTP

0.uk.pool.ntp.org

europe.pool.ntp.org

UDP/TCP 123

IP Phone & ATA

DNS

Supplied locally

UDP/TCP 53

Cisco Linksys Download & Configuration

HTTPS

dm-linksys.yourwhc.co.uk

193.113.10.34

193.113.11.36

TCP 443

Cisco Small Business Download & Configuration

HTTPS

dm-csb.yourwhc.co.uk

193.113.10.33

193.113.11.35

TCP 443

Panasonic

Download & Configuration

HTTPS

 

dm.yourwhc.co.uk

193.113.10.10

193.113.11.10

TCP 443

 

Polycom

Download & Configuration

HTTPS

 

dm.yourwhc.co.uk

193.113.10.10

193.113.11.10

TCP 443

 

Yealink

Download & Configuration

HTTPS

dm.yourwhc.co.uk

193.113.10.10

193.113.11.10

TCP 443

 

Polycom Remote Provisioning Server (RPS)

HTTPS

52.0.183.240

 

54.86.39.219

TCP 443

Yealink Remote Provisioning Server (RPS)

HTTPS

52.71.103.102 

  1. 156.148.166

 

TCP 443

2N Intercom Licensing  Server

HTTPS

licenses.update.2n.cz   

TCP 443

Web Portal Port requirements

Device

Protocol

Destination

Destination Port

Business Zone

HTTP/HTTPS

btwholesale.com/businesszone

62.239.224.3

TCP 443

 

Business Portal

HTTPS

portal.yourwhc.co.uk/businessportal

  1. 113.10.13
  2. 113.11.13

TCP 443

 

Call Analytics Portal

HTTPS

icscallanalytics.yourwhc.co.uk

40.115.5.58

TCP 443

Service Assurance (Emperix)

HTTPS

https://svmpnwv1.nat.bt.com

10.35.138.148

TCP 443

 

Voice Recording Portal

HTTPS

callrecorder.yourwhc.co.uk

193.113.10.32

193.113.11.34

Note browser access is via a redirect from the Business Portal.

TCP 443

0 (0)
Article Rating (No Votes)
Rate this article
Attached Files
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Name
Email
Security Code Security Code
Related Articles RSS Feed
ictalk3 Common Questions / FAQs
Viewed 1830 times since Mon, May 13, 2019
SIP Response Codes
Viewed 2204 times since Mon, May 13, 2019
Guide for customers migrating from IPVS to IC-talk3
Viewed 2333 times since Mon, Sep 9, 2019
Wireshark tracing for fault finding
Viewed 3232 times since Mon, May 13, 2019
Internet Central Limited, Innovation Centre 2, Keele Science Park, Keele, Staffordshire ST5 5NH
Registered Office: Ivy House Foundry, Hanley, Stoke-on-Trent, ST1 3NR
Registered in England: Reg No. 03079542 VAT Reg No. GB 278 923 705
Contact Us |Terms & Conditions |Legal, Privacy and Cookies
All prices exclude VAT E.&O.E © 2015 Internet Central

All trademarks and logos appearing on the site are the property of their respective owners