Transcription
pdf
01 TELECOM I FIREWALL GUIDE FIREWALL GUIDE BROADSOFT Any rules added to your firewall, please ensure they are added both inbound and outbound. The range of IP addresses assigned to 01 Telecom is as follows: • 83.137.176.0 – 83.137.183.255 (83.137.176.0 /21) • 185.16.152.0 – 185.16.155.255 (185.16.152.0 /22) All services provided by 01 Telecom will use one of the IP’s listed above, therefore you can open all ports to these IP addresses and all services will work correctly. If you would like to complete your firewall rules in a more granular manner please use the following table based on the services you have taken from 01 Telecom: VOICE NETWORK PROTOCOL IP ADDRESS / FQDN IP PROTOCOL PORT NUMBER / RANGE SIP 83.137.182.120 TCP UDP 5060 UDP TCP 10,000 - 60,000 83.137.182.125 RTP 83.137.182.121 83.137.182.124 83.137.182.126 HTTP d.voice2000.com (83.137.181.45) TCP 80 HTTPS d.voice2000.com (83.137.181.45) TCP 443 LDAP ldap.voice2000.com (83.137.181.46) TCP 389 NTP 83.137.181.51 UDP 123 ntp.voice2000.com (83.137.180.3/83.137.180.4) VERSION 3.0 | 12.14 P.01 01 TELECOM I FIREWALL GUIDE FIREWALL GUIDE BROADSOFT DATA NETWORK - UNITY CLIENT PROTOCOL IP ADDRESS / FQDN IP PROTOCOL PORT NUMBER / RANGE HTTPS portal.unityclient.com (83.137.180.5/83.137.180.6) TCP 443 HTTP portal.unityclient.com (83.137.180.5/83.137.180.6) TCP 80 C12 message.unityclient.com (83.137.180.7/83.137.180.8) TCP 2208 ews.voice2000.com (83.137.182.70/83.137.182.71) DATA NETWORK - ONLINE ADMINISTRATION PROTOCOL IP ADDRESS / FQDN IP PROTOCOL PORT NUMBER / RANGE HTTPS 01telecom.uboss.com (83.137.180.69) TCP 443 VERSION 3.0 | 12.14 P.02 01 TELECOM I FIREWALL GUIDE FIREWALL GUIDE BROADSOFT DATA NETWORK - MONITORING SYSTEM PROTOCOL IP ADDRESS / FQDN IP PROTOCOL PORT NUMBER / RANGE ICMP monitoring.voice2000.com (83.137.180.135) ICMP N/A SNMP monitoring.voice2000.com (83.137.180.135) UDP 161 & 162 NETFLOW monitoring.voice2000.com (83.137.180.135) UDP 2055 PROTOCOL IP ADDRESS / FQDN IP PROTOCOL PORT NUMBER / RANGE SIP 83.137.182.120 UDP 5060 83.137.182.125 TCP 83.137.182.121 UDP 83.137.182.124 TCP DATA NETWORK - UC-ONE SOFTWARE RTP 10,000 - 60,000 83.137.182.126 HTTP 83.137.182.90 TCP 80 HTTPS 83.137.182.90 TCP 443 VERSION 3.0 | 12.14 P.03 01 TELECOM I FIREWALL GUIDE FIREWALL GUIDE BROADSOFT SIP-ALG 01 Telecom require that the internet facing device doing the network address translation (NAT) have SIP-ALG disabled. ROUTER NAT TIMEOUT 01 Telecom require that the internet facing device which does the NAT for the phones have its NAT timeout settings configured to at least one hour (3600 seconds) for both UDP and TCP traffic. PROTOCOL RELEVANCE TO SERVICE Physical VoIP Phones: • SIP – Signalling protocol to control a call • RTP – Packets containing the speech data • FTP – Transfer of configuration files to physical VoIP phones (This provisioning method will be disabled shortly) • HTTP(S) – Secure transfer of configuration files to physical VoIP phones • LDAP – Transfer of corporate directory information • NTP – Clock synchronisation between physical handsets and 01 Telecom time server VERSION 3.0 | 12.14 P.04 01 TELECOM I FIREWALL GUIDE FIREWALL GUIDE BROADSOFT Unity Client: • HTTP(S) – Access to unity web server • C12 – Transport of data from unity and Broadsoft servers Online Administration: • HTTP(S) – Transfer of UBOSS and provisioning web pages Network Monitoring System – used to collect statistics regarding a customer’s WAN link for troubleshooting purposes: • ICMP – Used to verify internet connectivity • SNMP – Used to collect detailed logs from a network device e.g. interface utilization, CPU usage, memory usage • Netflow – Collects IP traffic information (this is not needed for most customers and would be a special request from 01 Telecom) VERSION 3.0 | 12.14 P.05