Firewall / NAT Checklist

Owned by Nathaniel Halbrooks
Last updated: Dec 05, 2024 by Kelli Higdon
4 min read

Firewall / NAT Checklist

If you plan on using phones or accessing Switchvox from remote clients, you must forward certain ports back to your PBX. Also, you'll need to enable the "Allow Nat Port Forwarding" option in the Server > Networking > IP Configuration section of your Switchvox Web Admin.

A good resource for documentation on how to forward ports on most routers: www.portforward.com.

Ports by Switchvox 

The following ports are used by Switchvox and need to be forwarded from your firewall or router. We recommend only forwarding the ports required by your implementation. Please note, ports with a pink background are no longer used in the latest version of Switchvox; as such, you are not required to open these ports. 

Transport

Port(s)

Description

Transport

Port(s)

Description

D-Series and P-Series Phones

TCP/UDP

5060

SIP signaling port needed for phones outside your network

TCP/UDP

5061 (SIP TLS)

For SIP TLS port needed for phones outside your network, only if you are using TLS/SRTP transport option

UDP

10000-20000

RTP audio ports needed for phones outside your network 

TCP

443

HTTPS port for API access

TCP

80

HTTP port for  D-Series phone-firmware access

UDP

5062

Direct  port access for D-Series phones for configuration (Deprecated / Not used after Switchvox 6.4)

Sangoma Connect/Talk Mobile 

TCP/UDP
TCP/UDP

5060
5061 (SIP TLS)

SIP signaling ports needed for phones outside your network
TLS port needed for TLS/SRTP transport option

UDP

10000-20000

RTP audio ports needed for phones outside your network 

TLS

5095

SIP signaling to http://cloud-fe.meet.sangoma.com to facilitate audio transfer from Switchvox to Meet when moving a call to the Meet service.

IP Whitelist

Sangoma Connect/Talk SIP Push/Register servers require SIP access to your PBX for the application to work correctly.  If we have a restrictive firewall, please ensure that the following IPs can reach your PBX in TCP/UDP ports 5060 and 5061. For more information, please visit How to Set Up and Manage Switchvox for Sangoma Connect Mobile.
 159.65.167.207
159.65.186.176
159.65.251.173
159.65.252.186
159.65.253.49159.89.179.103
162.243.226.164
165.227.65.164
165.227.115.186
165.227.182.9165.227.184.188
165.227.190.186
165.227.210.221
165.227.223.68
167.99.48.91167.99.119.203
167.99.119.244
104.131.76.244
143.198.53.243
198.199.67.34
159.203.163.250

Legacy Switchvox Mobile Softphones  (Not recommended in 7.6.2 or later, and deprecated in 7.8.2)

TCP/UDP

5060

SIP signaling port needed for phones outside your network

TCP/UDP

55062

SIP signaling port that may be needed for Legacy Mobile Softphones 

UDP

10000-20000

RTP audio ports needed for phones outside your network 

TCP

443

HTTPS port for API access

Desktop Softphones and Switchvox Chat for Mobile

TCP

443

HTTPS port for Desktop client

UDP

10000-20000

RTP audio ports needed for phones outside your network

Web Portal for Admin or User

TCP

80

HTTP port for remote web

TCP

443

HTTPS port for remote web admin, user  and API access

TCP

5222 & 843

Ports for using the Switchboard remotely  (Deprecated / Not used after Switchvox 7.0)

TCP

5269

Port for remote XMPP access (Deprecated / Not used after Switchvox 7.0)

VoIP provider with T.38 Support

UDP

5060

SIP signaling port needed to connect with your VoIP provider outside of your network

UDP

10000-20000

RTP audio ports needed for phones outside your network

UDPTL

4000-4999

UDPTL ports for T.38 faxing over SIP

UDP

4569

IAX Signalling for IAX provider (Deprecated / Not used after Switchvox 7.0)

 
The following ports are used by Switchvox to communicate with devices within the same network. Support does not recommend opening these ports on your router or firewall. If you need a port to be accessed from a remote network, please discuss with your IT Security team to explore options on how to limit the access. 
 

Transport

Port(s)

Description

TCP

143

IMAP , these ports allow customers to see their voicemail on their mail software

TCP

631

Fax Printer

UDP

161

SNMP in order to track alarms on your Switchvox with an SNMP server

TCP/UDP

389

LDAP for use when integrating your Switchvox with a network directory service

TCP/UDP

638

LDAPS for use when integrating your Switchvox with a network directory service

 
Please note, the following ports are used by Switchvox for outgoing connections. Your firewall should allow connections to the Internet on these ports.
 

Transport

Port(s)

Description

UDP

1194

Must be open to outgoing traffic for Digium / Switchvox Technical Support VPN with allow jumbo frames enabled

ICMP 

(any)

ICMP to confirm connectivity to Switchvox servers (In the event that Switchvox is unable to ping, it will report a connection issue.)

TCP

21

FTP when exporting recordings or backups

TCP

22

SFTP when exporting recordings or backups

TCP

25

SMTP when Switchvox sending emails

 
Firewall and Router

When reviewing your firewall or router configuration, first make sure it is up-to-date (running the latest firmware version). Secondly, check to ensure the following features are disabled. After disabling a feature, we recommend restarting the router. 

  • SPI (Stateful Packet Inspection)

  • SIP Transformations  (Sonicwall Firewalls)

  • SIP ALG (SIP Application Layer Gateway)

  • SIP FIXUP (Cisco Firewalls)

  • ALG

  • NAT Filtering

  • SIP Inspection

  • Smart Packet Detection

We also have accumulated a shortlist of specific 3rd party firewall settings for various makes/models that we know can cause issues with the Switchvox software.

Unable to render {include} The included page could not be found.