For outgoing traffic:
Create a rule for all UDP and TCP ports for Telavox networks 80.83.208.0/20.
For this rule, there should be a Timeout (TTL) of at least 3720 seconds, as our phones contact us every 3600 seconds. If you can not increase your TTL, contact our support and we can reduce the registration interval on the phones to 120 seconds.
For incoming traffic:
No rules are needed here because the session is initiated from within the network. Disable all ALG / SIP functions and Application Control on the traffic to Flow if this is in the firewall. These usually do more harm than good.
Complete information about our network:
Address: 80.83.208.0
Netmask: 255.255.240.0 = 20
Wildcard: 0.0.15.255
Network: 80.83.208.0/20
Broadcast: 80.83.223.255
HostMin: 80.83.208.1
HostMax: 80.83.223.254
Hosts / Net: 4094
If you bought a Gigaset or Yealink phone from us, you also need to open up traffic to their server so that they can retrieve their settings correctly. The addresses of these are:
Gigaset:
148.251.91.32 - 148.251.91.63 (148.251.91.32/27)
148.251.246.96 - 148.251.246.127 (148.251.246.96/27)
148.251.243.128 - 148.251.243.159 (148.251.243.128/27)
Yealink:
52.29.124.181
3.124.165.251
More info
Protocol
Below are the protocols used by equipment supplied by Telavox, as well as a description of their function. Different terminal types use different protocols, e.g. HTTPS is preferred for downloading software over e.g. TFTP and HTTP, but in cases where the terminal does not support HTTPS, one of the others is used. We do not recommend blocking traffic to and from terminals based on ports and / or protocols, but rather chooses to trust all traffic to and from our networks. We also do not undertake to use only the protocols below for the future, so a restriction of permitted traffic through firewalls based on the following risks affecting delivered services in the event that the specification below changes. Note that the ports listed in all cases are receiver ports, as a rule rather than exceptions, the equipment uses randomly selected sender ports.
FTP
File Transfer Protocol, RFC959, TCP ports 21 and 20. Used to download terminal configuration and software.
DNS
Domain Name Server, RFC1035, TCP / UDP port 53. DNS functionality is part of a working IP network and the terminals provided by Flow will not work unless they have access to a working DNS. In the case where the DNS is located outside the firewall, the firewall must allow the terminals to look it up.
Our provisioned phones are configured with Google's DNS 8.8.8.8 and 8.8.4.4
HTTP
Hyper Text Transfer Protocol, RFC2616, TCP port 80. Used to download terminal configuration and software. No specific configuration is normally required for HTTP to work satisfactorily as this is one of the most commonly used protocols on the Internet.
HTTPS
Hyper Text Transfer Protocol over Secure Socket Layer, RFC2818, TCP port 443. Used to download terminal configuration and software.
TFTP
Trivial File Transfer Protocol, RFC1350, UDP port 69 and dynamically allocated ports for data transfer. Used to download terminal configuration and software.
SNTP / NTP
Simple Network Time Protocol, RFC1305 / RFC1361, UDP port 123. Used to set the time / clock in the terminal.
SIP
Session Initiation Protocol, RFC3261, UDP port 5060. Used to hook up and down calls. SIP traffic runs between our SIP server and the phone. This is by far the most important protocol for your telephony to work.
RTP
Real Time Transfer Protocol, RFC1889, UDP port 1024-65535. The audio stream between the terminal and the phone during a call flows as RTP. The port used is randomized when a call is initiated. All terminals supplied by Telavox use symmetrical RTP, which means that the receiver and sender port for the RTP stream are the same for both incoming and outgoing audio stream. This means that the audio stream that goes from the terminal to us opens the session in the firewall to also allow incoming voice stream over the same session.
SRTP
Secure Real-Time Transfer Protocol. Still transported over UDP but both parties of the call have exchanged keys during the connection of the call in the SIP dialogue to enable encryption.
RTCP
Real Time Control Protocol, RFC3550, UDP port 1024-65535. Some terminals generate RTCP packets that are used in the communication between RTP endpoints to convey local statistics and call data such as information about jitter and any packet losses. This is selected as the RTP port + 1, ie. if the RTP stream passes port 12480, RTCP will use UDP port 12481.
WSS web socket
WSS used by our softphone "Flow desktop" and uses port 8443 against "push servers" and port 443 for SIP.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article