Jump to:
Note the following items pertaining to your network in order to use Plug & Play:
General
- Please inform your IT department of the scheduled start date and check beforehand if router or firewall configurations are required.
- In general, every end device requires its own IP address which can be issued either manually from the respective device or via a DHCP server.
- When using a DHCP server please be sure you have sufficient IP addresses available for assignment. The DHCP server may not propagate option 66. It might be necessary to deactivate an excisting DHCP conflict database for the telephones.
Settings for switches
- Generally we anticipate te use of Spanning Tree Protocol for your switches. With an activated Spanning tree, all ports that are used with telephones and similar devices need to be configured accordingly. Depending on the switch provider and firmware, the recommended option for configuration is "edge mode" or "PortFast". These options allow for an instant connection of the device without blocking the connection for 30 seconds initially. Deactivate load-depending Spanning Tree for Cisco switches (PVST + Mode).
- Deactivate proxy ARP mechanisms and set up a protection against MAC spoofing.
Setting for router and firewall
- Port forwarding does not need to be set up. Do not set up port forwarding on the ports specified on the following pages!
- Based on the assumption that firewalls are stateful and answers in open TCP and UDP sessions are accepted, note the following settings:
- Any current SIP ALG as well as Store&Forward must be deactivated!
- Use an IDS/IPS and make sure it has no negative effect on the telephony. You might need to adjust settings or deactivate the system.
- We recommend a protection against ICMP redirect, route injection and DoS.
- Using network address translation (NAT) a UDP-NAT timeout of more than 130 seconds is necessary.
- Activation of a consistant NAT mode (required especially for SonicWall!)
- Please inform your email provider to whitelist our network (109.68.96.0/21), otherwise it could be possible that you can not receive your emails.
- Once encryption is activated for a customer, all devices approved for encryption will automatically be switched to this setting. It is not possible to selectively approve individual devices of this type for encryption or to exclude them from it. Billing will always only include the encryption compatible devices.
Ports used:
In order to communicate with the telephone system, the end devices must be able to communicate outbound via the following ports:
| Protocol | Target port | Purposes | Targets |
| TCP | 80, 83, 443, 18443 | Provisioning | all networks |
| UDP | 123 | NTP | all networks |
| UDP | 53 | DNS | Customer DNS server |
| UDP | all ports | SIP, RTP, T-38, FMC, etc. | 109.68.96.0/21 |
| TCP | all ports | SIP/TLS, SIP, FMC | 109.68.96.0/21 |
Though Firewalls are usually covered by a configuration of 109.68.96.0/21, the following information applies to Proxy users: They often work with URIs. It is essential to instruct a Proxy to put through certain requests, namely to define as exeptions:
*.cloud-cfg.com
*.cloudya.com
109.68.96.0/21
ICMP packets type 3 (Destination unreachable) may not be blocked under any circumstances! Otherwise the dynamic determination of necessary transmission parameters may fail at network level.
Filtering and blocking of ICMP packets should be done very carefully, since elementary network operation functionalities may be disrupted.
Many routers have proven to be compatible when installed correctly, therefore we do not recommend a specific route
Tips for a successful configuration
-UDP-NAT timeout for about 120-130 seconds
-Deactivation of SIP-ALG
-Activation of the consistent nat feature if applicable
-Deactivation of Store&Forward for NFON connections
We strongly recommend deactivating SIP ALG (SIP Helper...) on the router!
Since SonicWall routers / firewalls have a highly complex structure, we cannot provide support regarding the functionality in combination with the PBX.