This is an old revision of the document!


troubleshooting:firewall_nat:start

NAT and Firewall Settings for VoIP

For secure deployment of an IP-PBX please see - Recommendations for secure deployment of an IP-PBX - Version 2

Asterisk

  • Forward Ports 5060 UDP for SIP to your Asterisk server (please note newer versions of Asterisk may use 5160 UDP by default)
  • Forward ports 10000 to 20000 UDP for RTP (Voice) to your Asterisk server.

This configuration assumes you are using the default RTP ports 10000-20000.

FreeSWITCH

  • Forward port 5060 UDP to your FreeSWITCH server.
  • Forward ports 10000 to 40000 UDP to your FreeSWITCH server.

This assumes you are using the FreeSWITCH default RTP range 10000-40000.

FreeSWITCH will also need to be able to access DNS (port 53 UDP) and NTP (port 123 UDP, for time). These ports should not be forwarded but your firewall should allow this traffic to pass through if required.

Other IP-PBX

Refer to your documentation for which RTP ports you need to forward.

Softphones

Do not configure any port forwarding as the SureVoIP Hosted platform handles network address translations (NAT) automatically.

If you need to allow a range of ports, please allow port 5060 UDP and TCP.

RTP ports from the SureVoIP Hosted platform will be in the range 10000 to 40000.

Your internal RTP port will vary depending on which softphone client you are using.This is normally configurable from the advanced configuration page.

  • Ensure SIP ALG is Off (See here for guidance on what SIP ALG is and how to disable it)
  • Ensure STUN or ICE is Off or any NAT traversal settings

See our softphone setup guides for guidance on connecting your software to SureVoIP

Deskphones

Allow ports 5060 UDP and 10000 to 40000 UDP to pass through your firewall to access your phones. Please do not use port forwarding.

Your internal ports may differ depending on your phone model. This is normally configurable from the advanced settings page.

  • Ensure SIP ALG is Off (See here for guidance on what SIP ALG is and how to disable it.)
  • Ensure STUN is Off or any NAT traversal settings.

See our phones setup guides for more info on setting up your phones to connect to SureVoIP.