B. Router / firewall settings

B. Router / firewall settings

In order to communicate with the telephone system, the devices must have the capacity for outbound communication via the following ports:

Protocol Target portPurposeDestinations
TCP

80, 83, 443, 18443 

Provisioningall networks
UDP 123

NTP

all networks
UDP 53DNSCustomer DNS server
UDP

all ports

SIP, RTP, T-38, FMC, etc.

109.68.96.0/21

TCP all ports

SIP/TLS, SIP, FMC

109.68.96.0/21

 

Under no circumstances should type 3 ICMP packets (Destination unreachable) be blocked, or the dynamic determination of the necessary transmission parameters will fail at network level.

Be extremely careful when filtering and block ICMP packets, since this could interfere with basic networking functions.

Using DNS / FQDN-based filter rules is explicitly not recommended;
use these at your own risk!

In some cases the size of the UDP packets transmitted between NFON and customer devices exceed the standard 1500 byte payload.
In this case the packet will need to be fragmented. The customer is responsible for ensuring the internet connection and the network topology behind it
support UDP fragmenting.
We further recommend checking if other functions of the customer’s router interfere with fragmenting UDP packets.
If UDP fragmenting is not allowed, the following functions may not work properly: 
 

  • BLF (busy lamp field)
  • Functions such as Do not Disturb (DND), call forwarding
  • Inbound calls to phones following a series of internal call forwarding

Many routers have proven successful when configured correctly, we therefore do not have a special router which we recommend.

Tips for correct router configuration:

 

-UDP-NAT timeout between 120 and 130 seconds.

-Disabling SIP-ALG, if applicable

-Enabling the “consistent nat” feature (if applicable – e.g. Sonicwall)

-Disabling Store&Forward for connections from / to the telephone system

We highly recommend disabling SIP ALG (SIP Helper) in the firewall for this purpose!

Due to the to some extent extreme complexity we are unable to provide support for telephone system function with SonicWall routers / firewalls!