Firewall & Security Guide
Firewall & Security Guide
In order for IP phones, portals and applications to be able to access the service, some firewalls may need adjusting to allow the traffic through. If the End Customer is running inside to outside rules then ports should be opened to allow the WHC protocols out. There should be no reason for the End Customer to open ports inbound on the firewall.
Please note, whatever device you are using to manage NAT, this should be configured to have a NAT refresh/inactivity timer of not less than 300 seconds
SIP ALG
SIP ALG is the number one issue that will prevent phones registering to the platform and making calls. This is a setting that is quite often turned on automatically on most routers. Please ensure this is turned off on the End Customers router and/or firewalls.
CPE Port requirements
|
Device |
Protocol |
Destination |
Destination Port |
|
IP Phone & ATA Signalling |
SIP |
centrex-bslnws09.yourwhc.co.uk centrex-lnwsbs09.yourwhc.co.uk ipcomms-route62-bs11lnws13.yourwhc.co.uk ipcomms-route62-bs12lnws14.yourwhc.co.uk IP Address Range 217.32.186.0 – 217.32.186.191 IP Address Subnets 62.7.201.128/27 62.7.201.160/27 217.32.186.0/26; 217.32.186.64/26; 217.32.186.128/26 |
UDP/TCP 5060 – 5075
UDP/TCP 5060 |
|
IP Phone & ATA Media |
RTP |
IP Address Range 217.32.186.0 – 217.32.186.191 IP Address Subnets 62.7.201.128/27 62.7.201.160/27 217.32.186.0/26; 217.32.186.64/26; 217.32.186.128/26 |
UDP 32767 to 65535 |
|
SIP Trunk Signalling (Dynamic) |
SIP |
sipt-dynamic-bslnws09.yourwhc.co.uk sipt-dynamic-route62-bs11lnws13.yourwhc.co.uk sipt-dynamic-route62-bs12lnws14.yourwhc.co.uk 62.7.201.128/27 62.7.201.160/27 217.32.186.0/26 217.32.186.64/26 217.32.186.128/26 |
UDP/TCP 5060 |
|
SIP Trunk Signalling |
SIP |
sipt-static-bslnws09.yourwhc.co.uk sipt-static-route62-bs11lnws13.yourwhc.co.uk sipt-static-route62-bs12lnws14.yourwhc.co.uk
|
UDP/TCP 5060 |
|
SIP Trunk Media (Dynamic & Static) |
RTP |
62.7.201.128/27 62.7.201.160/27 217.32.186.0/26 217.32.186.64/26 217.32.186.128/26 |
UDP 32767 to 65535 |
|
IP Phone & ATA |
NTP |
0.uk.pool.ntp.org europe.pool.ntp.org |
UDP/TCP 123 |
|
IP Phone & ATA |
DNS |
Supplied locally |
UDP/TCP 53 |
|
Cisco Linksys Download & Configuration |
HTTPS |
dm-linksys.yourwhc.co.uk 193.113.10.34 193.113.11.36 |
TCP 443 |
|
Cisco Small Business Download & Configuration |
HTTPS |
dm-csb.yourwhc.co.uk 193.113.10.33 193.113.11.35 |
TCP 443 |
|
Panasonic Download & Configuration |
HTTPS
|
dm.yourwhc.co.uk 193.113.10.10 193.113.11.10 |
TCP 443
|
|
Polycom Download & Configuration |
HTTPS
|
dm.yourwhc.co.uk 193.113.10.10 193.113.11.10 |
TCP 443
|
|
Yealink Download & Configuration |
HTTPS |
dm.yourwhc.co.uk 193.113.10.10 193.113.11.10 |
TCP 443
|
|
Polycom Remote Provisioning Server (RPS) |
HTTPS |
52.0.183.240
54.86.39.219 |
TCP 443 |
|
Yealink Remote Provisioning Server (RPS) |
HTTPS |
52.71.103.102
|
TCP 443 |
|
2N Intercom Licensing Server |
HTTPS |
licenses.update.2n.cz |
TCP 443 |
Web Portal Port requirements
|
Device |
Protocol |
Destination |
Destination Port |
|
Business Zone |
HTTP/HTTPS |
btwholesale.com/businesszone 62.239.224.3 |
TCP 443
|
|
Business Portal |
HTTPS |
portal.yourwhc.co.uk/businessportal
|
TCP 443
|
|
Call Analytics Portal |
HTTPS |
icscallanalytics.yourwhc.co.uk 40.115.5.58 |
TCP 443 |
|
Service Assurance (Emperix) |
HTTPS |
https://svmpnwv1.nat.bt.com 10.35.138.148 |
TCP 443
|
|
Voice Recording Portal |
HTTPS |
callrecorder.yourwhc.co.uk 193.113.10.32 193.113.11.34 Note browser access is via a redirect from the Business Portal. |
TCP 443 |
Subscribe to Article
Email Article to Friend
Export to PDF