Prerequisites for a Xelion deployment

Prerequisites for a Xelion deployment

General requirements:

  • Reliable high speed Internet Connection.
  • Email Access - ideally each user should have a unique and valid email address as this is used to create a user name.
  • Content Filtering - VoIP traffic should not be subject to deep packet inspection / SSL Inspection.
  • Ideally DHCP should be available. Please advise prior to installation if static IP Addressing is required and provide network details.
  • VLAN - please advise prior to installation if the IP Phones are to be connected to a specific network and provide network details.
  • SIP ALG must be disabled (also known as SIP Transformation, SIP Helper or SIP Inspection)
  • Double NAT configurations are not supported (where a router is daisy chained behind another NAT device)
  • UDP Session Timer should be set to a minimum of 180 seconds.
  • MTU Value - this should be set to the maximum value that your ISP supports. (Typically 1492 or 1500 bytes).
Check the Useful Links section at the end of this article - there are several resources that you may find useful.

Firewall Rules:

Egress traffic must be permitted to the following URLs and/or IP addresses.

 Important Notes:
⚠️Services are built into Public Cloud services. Please make sure that your firewall is configured to use DNS lookups regularly. 
⚠️ Do not configure inbound firewall rules that allow direct access to handsets (SIP, HTTP UI etc). Direct traffic to the handset either directly via public IP address or via NAT may lead to the handset being compromised and open to fraud. 
⚠️ Please make sure that your firewall is configured not to use uPnP from your VOIP VLAN or network.
⚠️ If you are operating a stateless firewall make sure you have return traffic rules configured for traffic flows. - Most modern firewalls are stateful and will not require any return firewall rules.


Source IP Address
URL
Source Port
Destination IP Address
Destination Port
Purpose
LAN Network or Voice VLAN
b4bmt01.xelion.com
1023 - 65535
52.31.77.253
TCP 80
TCP 443
TCP + UDP 5060 - 5069
TCP 1791
TCP 389
TCP 636
UDP 10000 - 20000
HTTP Config & Web GUI
HTTPS Config & Web GUI
SIP + SIP TLS
Soft Phone
LDAP
LDAP (Encrypted)
RTP






LAN Network or Voice VLAN
rps.yealink.com
rpscloud.yealink.com
1023 - 65535
52.29.124.181
3.124.165.251
51.11.241.228
20.19.96.56
20.19.96.56
20.242.144.0
20.242.144.1
TCP 80
TCP 443
Redirect to provisioning server






LAN Network or Voice VLAN

1023 - 65535
8.8.8.8
8.8.4.4
TCP + UDP 53
Google DNS






LAN Network or Voice VLAN

1023 - 65535
1.1.1.1
1.0.0.1
TCP + UDP 53
Cloudflare DNS






LAN Network or Voice VLAN
uk.pool.ntp.org
1023 - 65535
 80.87.128.222
 81.21.65.169
 85.199.214.102
 85.199.214.98
 UDP 123Network Time Protocol






LAN Network or Voice VLAN
pool.ntp.org
1023 - 65535
 202.28.93.5
 194.239.208.213
 185.177.150.85
 91.121.165.46
 UDP 123
Network Time Protocol

Web Content Filtering / SSL Filtering:


Please add add the following URLs to the list of permitted destinations if your organisation uses a Web Filtering service.
Please exclude the following URLs from HTTPS inspection.

b4bmt01.xelion.com
rps.yealink.com
rpscloud.yealink.com

Useful Links:

SonicWall Firewalls
Sophos Firewalls ALG
DrayTek NAT
DrayTek QOS
DrayTek UDP Session Timer
BT Business Hub
MikroTik Routers
Double NAT Explanation
Establishing the optimal MTU size


    • Related Articles

    • Prerequisites for a VoIPSure deployment

      General requirements: Reliable high speed Internet Connection. Email Access - each user must have a unique and valid email address. The user must be able to retrieve their emails from wherever they intend using the VoIP service as onboarding ...

    • Prerequisites for a VoIPSure V2 deployment

      General requirements: Reliable high speed Internet Connection. Email Access - each user must have a unique and valid email address. The user must be able to retrieve their emails from wherever they intend using the VoIP service as onboarding ...

    • Hosted VoIP Firewall Requirements

      Introduction The purpose of this document is to define the firewall and general router configuration necessary to implement B4BC’s Voice over Internet Protocol (VoIP) communications on a local area network. Firewall Traffic to/from to the following ...

    • Panasonic NS SIP Trunk Requirements

      Panasonic NS700 SIP Trunk Requirements 1. Introduction The purpose of this document is to define the firewall and general router configuration necessary to implement Voice over Internet Protocol (VoIP) communications using a Panasonic PBX across a ...

    • NEC SV9100 SIP Trunk Requirements

      Introduction The purpose of this document is to define the firewall and general router configuration necessary to implement Voice over Internet Protocol (VoIP) communications on a NEC SV9100 PBX across a local area network. Disclaimer: The ...