Skip to main content
help center

How do I need to configure my firewall for easybell VoIP and SIP trunking?

In this article we provide a detailed explanation of how the correct firewall settings should look like in order to ensure a smooth use of easybell voice connections or the Cloud Telefonanlage.

The procedure differs depending on which telephony configuration you want to implement. Due to the variety of firewall systems on the market, we have kept the information as precise as necessary, but as general as possible.

No matter which installation variant is involved, it is always an advantage to prioritize the Voice over IP data traffic in the network. Many router and firewall solutions offer the QoS (Quality of Service) function for this purpose, which should be activated and configured for SIP and RTP data if possible.

Port Sharing

SIP-Port RTP-Port secure SIP sRTP
Phone numbers & Trunks 5060 (UDP) oder 5064 (TCP) 20000 - 50000 (UDP) 5061 (TLS) 20000 - 50000 (TLS)
easybell Cloud Telefonanlage 5060 (UDP) 20000 - 50000 (UDP) 5061 (TLS) 20000 - 50000 (TLS)
easybell VoIP to go App 5060 (UDP) 10000 - 20000 (UDP) - -

Please make sure the following services are disabled:

  • NAT (Network Address Translation)
  • SIP-ALG (SIP Application-Layer-Gateway)
  • IGMP-Snooping (Internet Group Management Protocol Monitor)
  • ICMP (Internet Control Message Protocol)

Notes

  • Never activate port forwarding!
  • Restrict the releases for outgoing connections to the internal IPs of the PBX/telephones.
  • Restrict the access rights for incoming connections to the registrar used (sip.easybell.de, secure.sip.easybell.de, pbx.easybell.de, secure.pbx.easybell.de).
  • Do not connect telephones and telephone systems via WLAN.
  • If possible, do not configure telephones in subnets.
  • Prioritise VoIP data traffic (QoS).
  • Pay attention to the additional notes of the firewall configuration of the telephone system manufacturer.