Please note that while this guide doesn’t encompass every firewall model, it covers configurations that apply to the majority of modern commercial firewalls.

Fundamental Firewall Configurations

SIP ALG

Ensure that SIP ALG (Session Initiation Protocol Application Layer Gateway) is disabled. SIP ALG can interfere with the handling of SIP packets, leading to issues such as one-way audio or call drops. For instance, if a customer experiences erratic call behavior, disabling SIP ALG is a fundamental troubleshooting step.

Load Balancing

If employing multiple WANs, it’s imperative to prevent load balancing for the phones. Establish a rule ensuring that phones only failover between circuits. This requirement arises because the UCaaS system registers the IP of the phones, and having them switch IPs would prevent the phone from downloading essential data such as directories and configuration files.

Traffic Prioritization

As a best practice, create a rule that allows and prioritizes all traffic to and from Tele Express servers. While the majority of communication utilizes port 5060, some services may run on different ports. In most cases, RTP (Real-time Transport Protocol) doesn't face issues with firewalls; however, if necessary, open ports in the range 20000-27999 for RTP traffic. Be aware that these ranges may vary.

1. Prioritize and allow all traffic to/from the following FQDNs/IPs:

   • core2-nj.5060.cloud (64.21.2.1)
   • core2-fl.5060.cloud (8.12.10.23)
   • core-lv.5060.cloud (64.58.238.1)

2. Allow all traffic to/from the provisioning server: p1.5060.cloud (64.21.2.4).

3. (Optional) Enable option 66 for automated configuration: http://p1.5060.cloud/cfg