Firewall & Security Guide
In order for IP phones, portals and applications to be able to access the service, some firewalls may need adjusting to allow the traffic through. If the End Customer is running inside to outside rules then ports should be opened to allow the WHC protocols out. There should be no reason for the End Customer to open ports inbound on the firewall.
Please note, whatever device you are using to manage NAT, this should be configured to have a NAT refresh/inactivity timer of not less than 300 seconds
SIP ALG
SIP ALG is the number one issue that will prevent phones registering to the platform and making calls. This is a setting that is quite often turned on automatically on most routers. Please ensure this is turned off on the End Customers router and/or firewalls.
|
Device |
Protocol |
Destination |
Destination Port |
|
IP Phone & ATA Signalling |
SIP |
centrex-bslnws09.yourwhc.co.uk centrex-lnwsbs09.yourwhc.co.uk ipcomms-route62-bs11lnws13. yourwhc.co.uk ipcomms-route62-bs12lnws14. yourwhc.co.uk IP Address Range 217.32.186.0 – 217.32.186.191 IP Address Subnets 62.7.201.128/27 62.7.201.160/27 217.32.186.0/26 217.32.186.64/26 217.32.186.128/26 |
UDP/TCP 5060 – 5075 UDP/TCP 5060 |
|
IP Phone & ATA Media |
RTP |
IP Address Range 217.32.186.0 – 217.32.186.191 IP Address Subnets 62.7.201.128/27 62.7.201.160/271 217.32.186.0/26 217.32.186.64/26 217.32.186.128/26 |
UDP 32767 to 65535 |
|
SIP Trunk Signalling (Dynamic) |
SIP |
sipt-dynamic-bslnws09.yourwhc. co.uk sipt-dynamic-route62-bs11lnws13. yourwhc.co.uk sipt-dynamic-route62-bs12lnws14. yourwhc.co.uk 62.7.201.128/27 62.7.201.160/27 |
UDP/TCP 5060 |
|
SIP Trunk Signalling (Static) |
SIP |
sipt-static-bslnws09.yourwhc. co.uk sipt-static-route62-bs11lnws13. yourwhc.co.uk sipt-static-route62-bs12lnws14. yourwhc.co.uk 62.7.201.128/27 62.7.201.160/27 |
UDP/TCP 5060 |
|
SIP Trunk Media (Dynamic & Static) |
RTP |
62.7.201.128/27 62.7.201.160/27 |
UDP 32767 to 65535 |
|
IP Phone & ATA |
NTP |
0.uk.pool.ntp.org europe.pool.ntp.org |
UDP/TCP 123 |
|
IP Phone & ATA |
DNS |
Supplied locally |
UDP/TCP 53 |
|
Cisco Linksys Download & Configuration |
HTTPS |
dm-linksys.yourwhc.co.uk 193.113.10.34 193.113.11.36 |
TCP 443 |
|
Cisco Small Business Download & Configuration |
HTTPS |
dm-csb.yourwhc.co.uk 193.113.10.33 193.113.11.35 |
TCP 443 |
|
Panasonic Download & Configuration |
HTTPS |
dm.yourwhc.co.uk 193.113.10.10 193.113.11.10 |
TCP 443 |
|
Polycom Download & Configuration |
HTTPS |
dm.yourwhc.co.uk 193.113.10.10 193.113.11.10 |
TCP 443 |
|
Yealink Download & Configuration |
HTTPS |
dm.yourwhc.co.uk 193.113.10.10 193.113.11.10 |
TCP 443 |
|
Polycom Remote Provisioning Server (RPS) |
HTTPS |
52.0.183.240 54.86.39.219 |
TCP 443 |
|
Yealink Remote Provisioning Server (RPS) |
HTTPS |
52.71.103.102 35.156.148.166 |
TCP 443 |
|
2N Intercom Licensing Server |
HTTPS |
licenses.update.2n.cz |
TCP 443 |
|
Device |
Protocol |
Destination |
Destination Port |
|
Business Portal |
HTTPS |
portal.yourwhc.co.uk/ businessportal 193.113.10.13 193.113.11.13 |
TCP 443 |
|
Call Analytics Portal |
HTTPS |
icscallanalytics.yourwhc.co.uk 40.115.5.58 |
TCP 443 |
|
Voice Recording Portal |
HTTPS |
callrecorder.yourwhc.co.uk 193.113.10.32 193.113.11.34 Note browser access is via a redirect from the Business Portal. |
TCP 443 |
Application Port requirements
Please refer to the individual application user guides.