Prerequisites for a Xelion deployment
General requirements:
- Reliable high speed Internet Connection.
- Email Access - ideally each user should have a unique and valid email address as this is used to create a user name.
- Content Filtering - VoIP traffic should not be subject to deep packet inspection / SSL Inspection.
- Ideally DHCP should be available. Please advise prior to installation if static IP Addressing is required and provide network details.
- VLAN - please advise prior to installation if the IP Phones are to be connected to a specific network and provide network details.
- SIP ALG must be disabled (also known as SIP Transformation, SIP Helper or SIP Inspection)
- Double NAT configurations are not supported (where a router is daisy chained behind another NAT device)
- UDP Session Timer should be set to a minimum of 180 seconds.
- MTU Value - this should be set to the maximum value that your ISP supports. (Typically 1492 or 1500 bytes).
Check the Useful Links section at the end of this article - there are several resources that you may find useful.
Firewall Rules:
Egress traffic must be permitted to the following URLs and/or IP addresses.
Important Notes:
⚠️Services are built into Public Cloud services. Please make sure that your firewall is configured to use DNS lookups regularly.
⚠️ Do not configure inbound firewall rules that allow direct access to handsets (SIP, HTTP UI etc). Direct traffic to the handset either directly via public IP address or via NAT may lead to the handset being compromised and open to fraud.
⚠️ Please make sure that your firewall is configured not to use uPnP from your VOIP VLAN or network.
⚠️ If you are operating a stateless firewall make sure you have return traffic rules configured for traffic flows. - Most modern firewalls are stateful and will not require any return firewall rules.
Source IP Address | URL | Source Port | Destination IP Address | Destination Port | Purpose |
LAN Network or Voice VLAN | b4bmt01.xelion.com | 1023 - 65535 | 52.31.77.253 | TCP 80 TCP 443 TCP + UDP 5060 - 5069 TCP 1791 TCP 389 TCP 636 UDP 10000 - 20000 | HTTP Config & Web GUI HTTPS Config & Web GUI SIP + SIP TLS Soft Phone LDAP LDAP (Encrypted) RTP |
LAN Network or Voice VLAN | rps.yealink.com rpscloud.yealink.com | 1023 - 65535 | 52.29.124.181 3.124.165.251 51.11.241.228 20.19.96.56 20.19.96.56 20.242.144.0 20.242.144.1 | TCP 80 TCP 443 | Redirect to provisioning server |
LAN Network or Voice VLAN | 1023 - 65535 | 8.8.8.8 8.8.4.4 | TCP + UDP 53 | Google DNS | |
LAN Network or Voice VLAN | 1023 - 65535 | 1.1.1.1 1.0.0.1 | TCP + UDP 53 | Cloudflare DNS | |
LAN Network or Voice VLAN | uk.pool.ntp.org | 1023 - 65535 | 80.87.128.222 81.21.65.169 85.199.214.102 85.199.214.98 | UDP 123 | Network Time Protocol |
LAN Network or Voice VLAN | pool.ntp.org | 1023 - 65535 | 202.28.93.5 194.239.208.213 185.177.150.85 91.121.165.46 | UDP 123 | Network Time Protocol |
Web Content Filtering / SSL Filtering:
Please add add the following URLs to the list of permitted destinations if your organisation uses a Web Filtering service.
Please exclude the following URLs from HTTPS inspection.
b4bmt01.xelion.com
rps.yealink.com
rpscloud.yealink.com
Useful Links:
Related Articles
Prerequisites for a VoIPSure deployment
General requirements: Reliable high speed Internet Connection. Email Access - each user must have a unique and valid email address. The user must be able to retrieve their emails from wherever they intend using the VoIP service as onboarding ...Prerequisites for a VoIPSure V2 deployment
General requirements: Reliable high speed Internet Connection. Email Access - each user must have a unique and valid email address. The user must be able to retrieve their emails from wherever they intend using the VoIP service as onboarding ...Hosted VoIP Firewall Requirements
Firewall Traffic to/from to the following IP Addresses must be permitted. Source IP Address Source Port Destination IP Addresses Destination Ports LAN Network or Voice VLAN 1023 - 65535 194.50.55.0/24 194.50.56.0/24 52.29.124.181 3.124.165.251 ...Panasonic NS SIP Trunk Requirements
Panasonic NS700 SIP Trunk Requirements 1. Introduction The purpose of this document is to define the firewall and general router configuration necessary to implement Voice over Internet Protocol (VoIP) communications using a Panasonic PBX across a ...NEC SV9100 SIP Trunk Requirements
Introduction The purpose of this document is to define the firewall and general router configuration necessary to implement Voice over Internet Protocol (VoIP) communications on a NEC SV9100 PBX across a local area network. Disclaimer: The ...