Prerequisites for a VoIPSure deployment
General requirements:
- Reliable high speed Internet Connection.
- Email Access - each user must have a unique and valid email address. The user must be able to retrieve their emails from wherever they intend using the VoIP service as onboarding information is sent to the end user via email.
- Content Filtering - VoIP traffic should not be subject to deep packet inspection / SSL Inspection.
- Ideally DHCP should be available. Please advise prior to installation if static IP Addressing is required and provide network details.
- VLAN - please advise prior to installation if the IP Phones are to be connected to a specific network and provide network details.
- SIP ALG must be disabled (also known as SIP Transformation, SIP Helper or SIP Inspection)
- Double NAT configurations are not supported (where a router is daisy chained behind another NAT device)
- UDP Session Timer should be set to a minimum of 180 seconds.
- MTU Value - this should be set to the maximum value that your ISP supports. (Typically 1492 or 1500 bytes).
Check the Useful Links section at the end of this article - there are several resources that you may find useful.
Firewall Rules:
Egress traffic must be permitted to the following URLs and/or IP addresses.
Important Notes:
⚠️Services are built into Public Cloud services. Please make sure that your firewall is configured to use DNS lookups regularly.
⚠️ Do not configure inbound firewall rules that allow direct access to handsets (SIP, HTTP UI etc). Direct traffic to the handset either directly via public IP address or via NAT may lead to the handset being compromised and open to fraud.
⚠️ Please make sure that your firewall is configured not to use uPnP from your VOIP VLAN or network.
⚠️ If you are operating a stateless firewall make sure you have return traffic rules configured for traffic flows. - Most modern firewalls are stateful and will not require any return firewall rules.
Source IP Address | URL | Source Port | Destination IP Address | Destination Port | Purpose |
LAN Network or Voice VLAN | *.callswitch.net | 1023 - 65535 | Use the "nslookup" command to establish the IP Address of your server. We currently use the following URLs. Your services will be hosted on one of these servers. mt625.callswitch.net mt724.callswitch.net mt743.callswitch.net mt843.callswitch.net | TCP 80 TCP 443 TCP + UDP 5060 - 5069 TCP 5222 - 5223 TCP 10001 TCP 10005 TCP 10007 TCP 10009 TCP 11389 TCP 11636 TCP 4000 - 4999 UDP 10000 - 20000 | HTTP Config & Web GUI HTTPS Config & Web GUI SIP + SIP TLS Jabber (Depreciated from V6) Presence Presence / Login Proxy Login Proxy Login Proxy LDAP LDAP (Encrypted) T38 Fax RTP |
LAN Network or Voice VLAN | *.provisioning.callswitch.net | 1023 - 65535 | 138.68.182.89 | TCP 80 TCP 443 | Provisioning |
LAN Network or Voice VLAN | rps.yealink.com rpscloud.yealink.com | 1023 - 65535 | 52.29.124.181 3.124.165.251 52.29.124.181 3.124.165.251 51.11.241.228 20.19.96.56 20.19.96.56 20.242.144.0 20.242.144.1 | TCP 80 TCP 443 | Redirect to provisioning server |
LAN Network or Voice VLAN | fm.grandstream.com euacs.gdms.cloud | 1023 - 65535 | 52.221.130.73 3.71.171.8 | TCP 80 TCP 443 | Redirect to provisioning server |
LAN Network or Voice VLAN | fdps.fanvil.com | 1023 - 65535 | 119.28.67.228 | TCP 80 TCP 443 | Redirect to provisioning server |
LAN Network or Voice VLAN | filestore.callswitch.net | 1023 - 65535 | 46.43.1.104 | TCP 80 TCP 443 | Phone wallpapers |
| LAN Network or Voice VLAN | sfu-chi.commsware.com | 1023 - 65535 | 162.251.129.101 | TCP 5222 TCP 5500 TCP 5900 TCP 8088 TCP 8181 | Jabber (Depreciated from V6) CallSwitch Meeting CallSwitch Meeting CallSwitch Meeting CallSwitch Meeting |
LAN Network or Voice VLAN | 1023 - 65535 | 8.8.8.8 8.8.4.4 | TCP + UDP 53 | Google DNS | |
LAN Network or Voice VLAN | 1023 - 65535 | 1.1.1.1 1.0.0.1 | TCP + UDP 53 | Cloudflare DNS | |
LAN Network or Voice VLAN | uk.pool.ntp.org | 1023 - 65535 | 80.87.128.222 81.21.65.169 85.199.214.102 85.199.214.98 | UDP 123 | Network Time Protocol |
LAN Network or Voice VLAN | pool.ntp.org | 1023 - 65535 | 202.28.93.5 194.239.208.213 185.177.150.85 91.121.165.46 | UDP 123 | Network Time Protocol |
Web Content Filtering / SSL Filtering:
Please add add the following URLs to the list of permitted destinations if your organisation uses a Web Filtering service.
Please exclude the following URLs from HTTPS inspection.
*.callswitch.net/*
rps.yealink.com
rpscloud.yealink.com
fm.grandstream.com
fdps.fanvil.com
Communicator Client:
Desktop Edition -
- Communicator is supported on current versions of Apple and Windows operating systems. Linux is not supported.
- Administrator level access is required in order to install Communicator.
- If Communicator is to be used as a Soft Phone, then the host computer must be equipped with speakers and a microphone. A good quality USB communications headset is ideal.
- A Web Cam is required to use the Meeting feature.
- In order to install Communicator from an MSI package, the following are the prerequisites and must be installed before the MSI package:
- 1. Microsoft Visual C++ 2015 Redistributable (X86)
- 2. Microsoft .NET Framework 4 (or above) (optional - if the user wants to use functionalities like the Outlook plugin)
Mobile Edition -
- The Mobile version of Communicator is supported on current versions of IOS and Android (excluding Go Edition). Legacy systems such as Blackberry, Symbian or Windows Mobile are not supported.
- A valid user account for either the Apple App Store or the Google Play Store is needed to install Communicator onto a mobile phone.
Power Source:
One of the following power sources is required to power an IP Telephone (or a combination thereof) -
- POE Switch in data cabinet (preferred)
- Individual Power Packs or POE Injectors
Useful Links:
Related Articles
Prerequisites for a VoIPSure V2 deployment
General requirements: Reliable high speed Internet Connection. Email Access - each user must have a unique and valid email address. The user must be able to retrieve their emails from wherever they intend using the VoIP service as onboarding ...Prerequisites for a Xelion deployment
General requirements: Reliable high speed Internet Connection. Email Access - ideally each user should have a unique and valid email address as this is used to create a user name. Content Filtering - VoIP traffic should not be subject to deep packet ...Hosted VoIP Firewall Requirements
Introduction The purpose of this document is to define the firewall and general router configuration necessary to implement B4BC’s Voice over Internet Protocol (VoIP) communications on a local area network. Firewall Traffic to/from to the following ...Panasonic NS SIP Trunk Requirements
Panasonic NS700 SIP Trunk Requirements 1. Introduction The purpose of this document is to define the firewall and general router configuration necessary to implement Voice over Internet Protocol (VoIP) communications using a Panasonic PBX across a ...NEC SV9100 SIP Trunk Requirements
Introduction The purpose of this document is to define the firewall and general router configuration necessary to implement Voice over Internet Protocol (VoIP) communications on a NEC SV9100 PBX across a local area network. Disclaimer: The ...