pdf

Transcription

pdf
01 TELECOM I FIREWALL GUIDE
FIREWALL GUIDE
BROADSOFT
Any rules added to your firewall, please ensure they are added both inbound and outbound. The range of IP addresses assigned to 01 Telecom is as follows:
• 83.137.176.0 – 83.137.183.255 (83.137.176.0 /21)
• 185.16.152.0 – 185.16.155.255 (185.16.152.0 /22)
All services provided by 01 Telecom will use one of the IP’s listed above, therefore you can open all ports to these IP addresses and all services will work correctly.
If you would like to complete your firewall rules in a more granular manner please use the following table based on the services you have taken from 01 Telecom:
VOICE NETWORK
PROTOCOL
IP ADDRESS / FQDN
IP PROTOCOL
PORT NUMBER / RANGE
SIP
83.137.182.120
TCP
UDP
5060
UDP
TCP
10,000 - 60,000
83.137.182.125
RTP
83.137.182.121
83.137.182.124
83.137.182.126
HTTP
d.voice2000.com (83.137.181.45)
TCP
80
HTTPS
d.voice2000.com (83.137.181.45)
TCP
443
LDAP
ldap.voice2000.com (83.137.181.46)
TCP
389
NTP
83.137.181.51
UDP
123
ntp.voice2000.com (83.137.180.3/83.137.180.4)
VERSION 3.0 | 12.14
P.01
01 TELECOM I FIREWALL GUIDE
FIREWALL GUIDE
BROADSOFT
DATA NETWORK - UNITY CLIENT
PROTOCOL
IP ADDRESS / FQDN
IP PROTOCOL
PORT NUMBER / RANGE
HTTPS
portal.unityclient.com (83.137.180.5/83.137.180.6)
TCP
443
HTTP
portal.unityclient.com (83.137.180.5/83.137.180.6)
TCP
80
C12
message.unityclient.com (83.137.180.7/83.137.180.8)
TCP
2208
ews.voice2000.com (83.137.182.70/83.137.182.71)
DATA NETWORK - ONLINE ADMINISTRATION
PROTOCOL
IP ADDRESS / FQDN
IP PROTOCOL
PORT NUMBER / RANGE
HTTPS
01telecom.uboss.com (83.137.180.69)
TCP
443
VERSION 3.0 | 12.14
P.02
01 TELECOM I FIREWALL GUIDE
FIREWALL GUIDE
BROADSOFT
DATA NETWORK - MONITORING SYSTEM
PROTOCOL
IP ADDRESS / FQDN
IP PROTOCOL
PORT NUMBER / RANGE
ICMP
monitoring.voice2000.com (83.137.180.135)
ICMP
N/A
SNMP
monitoring.voice2000.com (83.137.180.135)
UDP
161 & 162
NETFLOW
monitoring.voice2000.com (83.137.180.135)
UDP
2055
PROTOCOL
IP ADDRESS / FQDN
IP PROTOCOL
PORT NUMBER / RANGE
SIP
83.137.182.120
UDP
5060
83.137.182.125
TCP
83.137.182.121
UDP
83.137.182.124
TCP
DATA NETWORK - UC-ONE SOFTWARE
RTP
10,000 - 60,000
83.137.182.126
HTTP
83.137.182.90
TCP
80
HTTPS
83.137.182.90
TCP
443
VERSION 3.0 | 12.14
P.03
01 TELECOM I FIREWALL GUIDE
FIREWALL GUIDE
BROADSOFT
SIP-ALG
01 Telecom require that the internet facing device doing the network address translation (NAT) have SIP-ALG disabled.
ROUTER NAT TIMEOUT
01 Telecom require that the internet facing device which does the NAT for the phones have its NAT timeout settings configured to at least one hour (3600 seconds) for both UDP and TCP
traffic.
PROTOCOL RELEVANCE TO SERVICE
Physical VoIP Phones:
• SIP – Signalling protocol to control a call
• RTP – Packets containing the speech data
• FTP – Transfer of configuration files to physical VoIP phones (This provisioning method will be disabled shortly)
• HTTP(S) – Secure transfer of configuration files to physical VoIP phones
• LDAP – Transfer of corporate directory information
• NTP – Clock synchronisation between physical handsets and 01 Telecom time server
VERSION 3.0 | 12.14
P.04
01 TELECOM I FIREWALL GUIDE
FIREWALL GUIDE
BROADSOFT
Unity Client:
• HTTP(S) – Access to unity web server
• C12 – Transport of data from unity and Broadsoft servers Online Administration:
• HTTP(S) – Transfer of UBOSS and provisioning web pages
Network Monitoring System – used to collect statistics regarding a customer’s WAN link for troubleshooting purposes:
• ICMP – Used to verify internet connectivity
• SNMP – Used to collect detailed logs from a network device e.g. interface utilization, CPU usage, memory usage
• Netflow – Collects IP traffic information (this is not needed for most customers and would be a special request from 01 Telecom)
VERSION 3.0 | 12.14
P.05