3rd Party Firewall Rules: Difference between revisions
No edit summary |
No edit summary |
||
| (11 intermediate revisions by 2 users not shown) | |||
| Line 2: | Line 2: | ||
= Networking = | = Networking = | ||
Step one would be, can you see our servers? You can check here: https:// | Step one would be, can you see our servers? You can check here: https://nova.vestednetworks.com/webtest/webtest.php | ||
After you have confirmed that our servers are reachable via HTTPS/SSL ports, you will need to make sure some more VoIP specific ports are open on your network. | After you have confirmed that our servers are reachable via HTTPS/SSL ports, you will need to make sure some more VoIP specific ports are open on your network. | ||
| Line 17: | Line 17: | ||
* '''Primary Addresses:''' 216.58.152.240/28 | * '''Primary Addresses:''' 216.58.152.240/28 | ||
* '''Secondary Addresses:''' 74.63.180.0/28 | * '''Secondary Addresses:''' 74.63.180.0/28 | ||
* '''Tertiary Address:''' 47.190.60.136 | |||
==== Fax Traffic ==== | ==== Fax Traffic ==== | ||
| Line 44: | Line 45: | ||
==== RTP (Streaming Audio and Video for calls) ==== | ==== RTP (Streaming Audio and Video for calls) ==== | ||
* '''UDP/TCP, in/out:''' 20000- | * '''UDP/TCP, in/out:''' 20000-34000 | ||
</blockquote> | </blockquote> | ||
| Line 67: | Line 68: | ||
=== Allow === | === Allow === | ||
<blockquote> | <blockquote> | ||
==== | ==== Node/Signaling Traffic ==== | ||
* ''' | * '''TCP, in/out:''' 8001 | ||
</blockquote> | </blockquote> | ||
| Line 75: | Line 76: | ||
== Advanced Routing Options == | == Advanced Routing Options == | ||
Not all firewalls, gateways, or modems will have these options visible. You may have to contact your ISP in order to make sure they have these options disabled on your incoming connection. | Not all firewalls, gateways, or modems will have these options visible. You may have to contact your ISP in order to make sure they have these options disabled on your incoming connection. | ||
=== Allow === | |||
<blockquote> | |||
==== Settings ==== | |||
* (LAN) Ping | |||
</blockquote> | |||
=== Disable === | === Disable === | ||
| Line 99: | Line 107: | ||
* Consistent NAT | * Consistent NAT | ||
* UDP Timeout to 120 | * UDP Timeout to 120 | ||
</blockquote> | |||
== MikroTik Management Through SonicWall == | |||
The following ports must be allowed through the SonicWall firewall for remote MikroTik management. | |||
For security, only allow these ports from trusted management [[#IP Addresses|IP addresses]] only. | |||
=== Allow === | |||
<blockquote> | |||
==== Management ports ==== | |||
* '''TCP:''' 8291, 8421 | |||
</blockquote> | |||
=== Enable === | |||
<blockquote> | |||
==== SonicWall Rules ==== | |||
* WAN to LAN Access Rule for the required MikroTik management ports | |||
* NAT Policy forwarding the required MikroTik management ports to the internal MikroTik IP address | |||
</blockquote> | </blockquote> | ||
Latest revision as of 15:16, 17 June 2026
This page is part of the Network and QoS guides.
Networking
Step one would be, can you see our servers? You can check here: https://nova.vestednetworks.com/webtest/webtest.php
After you have confirmed that our servers are reachable via HTTPS/SSL ports, you will need to make sure some more VoIP specific ports are open on your network.
IP Addresses
The easiest way is to allow any ports to and from the following IP addresses to pass through your firewall.
If you cannot open all ports to the following addresses, you must open the ports listed below to the following IPs .
Allow
Voice/Video Traffic
- Primary Addresses: 216.58.152.240/28
- Secondary Addresses: 74.63.180.0/28
- Tertiary Address: 47.190.60.136
Fax Traffic
- ATA: ataserver.ipfax.net & ataini.ipfax.net
DNS Routes
- Primary Addresses: 8.8.8.8
- Secondary Addresses: 1.1.1.1
Voice/Video Ports
If you cannot open all ports to an IP address, you may need to open specific ports through your firewall.
The following ports must be allowed to pass through your firewall to ensure proper function of your phone systems.
Allow
SIP (SIP Handshaking)
- UDP/TLS/TCP, in/out: 5060, 5061, 5062
WebSockets (NOVA Web Softphone, Mobile App)
- TCP, in/out: 9002
RTP (Streaming Audio and Video for calls)
- UDP/TCP, in/out: 20000-34000
Web Portal and Fax Ports
The following ports must be allowed to pass through your firewall for users to connect to the web portal and to use faxing.
Allow
HTTP
- TCP, out: 80, 8080
HTTPS/SSL
- TCP, out: 443, 8443
Nova Integrator
The following ports must be allowed to pass through your firewall for users to connect to the integrator.
Allow
Node/Signaling Traffic
- TCP, in/out: 8001
Advanced Routing Options
Not all firewalls, gateways, or modems will have these options visible. You may have to contact your ISP in order to make sure they have these options disabled on your incoming connection.
Allow
Settings
- (LAN) Ping
Disable
Settings
- SIP-ALG
- H.225
Sonic Wall Specific Routing
Disable
Settings
- SIP Transformations
Enable
Settings
- Consistent NAT
- UDP Timeout to 120
MikroTik Management Through SonicWall
The following ports must be allowed through the SonicWall firewall for remote MikroTik management.
For security, only allow these ports from trusted management IP addresses only.
Allow
Management ports
- TCP: 8291, 8421
Enable
SonicWall Rules
- WAN to LAN Access Rule for the required MikroTik management ports
- NAT Policy forwarding the required MikroTik management ports to the internal MikroTik IP address
VoIP Bandwidth Requirements
Our default compression uses 90kbps up & down for one single call.
Example: 6 active calls is roughly 540kbps up & down reserved. This would be a normal use case for ~20 seats with an average use of 30%.