Network and Firewall Configuration
Firewall
Depending on the structure of your network and your security requirements, firewall rules may be necessary to allow traffic.
sipcall SIP Servers
| Description | Value | Network (IP range) | Remarks |
|---|---|---|---|
| Signaling: SIP | Port 5060/UDPPort 5060/TCP | 212.117.203.0/24 | existing VoIP network |
| Audio and video stream: RTP | UDP port range 10000-60000 | 212.117.203.0/24 | existing VoIP network |
| Signaling: SIP | Port 5060/UDPPort 5060/TCP | 212.117.204.0/24 | new VoIP network |
| Audio and video stream: RTP | UDP port range 10000-60000 | 212.117.204.0/24 | new VoIP network |
| Encrypted signaling: SIPS | Port 5061/TCP (TLS) | 212.117.204.0/24 | new VoIP network |
| Encrypted audio and video stream: SRTP | UDP port range 10000-60000 | 212.117.204.0/24 | new VoIP network |
| Signaling: SIP | Port 5060/UDPPort 5060/TCP | 2a03:380::5000/116 | IPv6 VoIP network |
| Audio and video stream: RTP | UDP port range 10000-60000 | 2a03:380::5000/116 | IPv6 VoIP network |
| Signaling: SIP | Port 5060/UDPPort 5060/TCP | 2a03:380::6000/116 | IPv6 VoIP network |
| Audio and video stream: RTP | UDP port range 10000-60000 | 2a03:380::6000/116 | IPv6 VoIP network |
| Encrypted Signaling: SIPS | Port 5061/TCP (TLS) | 2a03:380::6000/116 | IPv6 VoIP network |
| Encrypted Audio and video stream: SRTP | UDP port range 10000-60000 | 2a03:380::6000/116 | IPv6 VoIP network |
sipcall App Provisioning
| Description | Value | IP |
|---|---|---|
| Provisioning API | Port 443/TCP | 212.117.221.164 |
Router
To ensure that you can receive incoming calls, the router must forward the call to the SIP phone. There are two ways to achieve this:
NAT Keepalive Method
Your SIP device sends a packet to the sipcall server every 20-30 seconds. This keeps the WAN port on your router/firewall dynamically open, allowing the incoming call to pass through the router/firewall and reach the SIP device.
This method is preferred and is included in all our installation guides.
To prevent so-called Ghost Calls, configure firewall rules that block unauthorized access and allow signaling only from our SIP servers (source IP restriction).
Port Forwarding Method
A static port forwarding rule is set up on the router to forward traffic to the internal IP of your SIP device.
All packets arriving at the configured WAN port of the router are forwarded to the SIP device, including SIP requests from IPs other than those of the sipcall servers.
For this reason, this method should only be used in combination with a source IP restriction on the firewall.
RTP Port Range
The RTP port range can be configured on your SIP device. This setting is usually named "Audio Port Range" or "RTP Port Range." If you do not want to use the default port range, you can adjust it on your SIP device. Please consider the following:
- The port range should be set above 10,000 to avoid conflicts with other services.
- At least two ports should be available per active call.
For example, if you have 10 phones or users on a PBX and want to allow each user to initiate a 3-way conference, the PBX should have at least 60 ports available.
SIP-ALG
Many routers/firewalls have a SIP-ALG function that does not comply with SIP standards.
If you experience issues with voice transmission, such as no audio, SIP-ALG may be interfering negatively.
To maintain optimal voice quality, the target address for voice data during call setup is directly set to the IP address of the gateway or the called VoIP connection.
Some SIP-ALG implementations replace this IP address with the SIP server address, causing the voice data to be sent to the wrong IP address and not reaching the intended recipient.
If you encounter such issues, SIP-ALG must be disabled on the router.
Disable SIP-ALG.
Depending on the manufacturer, this setting may be labeled as SIP processing, SIP-ALG, SIP Application Layer Gateway, or SIP Helper.