Cytracom UCaaS: Firewall Best Practices

Topic

This article outlines the recommended guidelines for smooth installation and optimal VoIP performance.

Environment

  • Cytracom UCaaS

Description

It is essential to follow some general steps to ensure good Voice over Internet Protocol (VoIP) service when installing phones at an office or a new firewall for existing phones. 

Modem Configuration

  • Ensure that the modem is set to bridge mode. Some modems will have IP passthrough.
  • Disable SIP ALG (SIP Module, SIP Transformations, SIP Helper, SIP Proxy, etc.). If an option is labeled SIP, it is best to disable it, as these options are primarily helpful for on-premise VoIP systems and can severely hinder cloud-based VoIP traffic

Firewall Rules

  • Add firewall rules to allow all traffic to Cytracom servers. The following IP ranges and fully qualified domain names (FQDNs) should be included in the firewall rules:
    • Registration & Nodes IP ranges:
      • FQDN:
        • register.cytracom.net
        • kr1.cytracom.net
      • IP ranges:
        • 209.105.249.194 - 209.105.249.252 CIDR: 209.105.249.194/26
        • 184.175.130.161 - 184.175.130.186 CIDR: 184.175.130.161/27
        • 3.208.72.128 - 3.208.72.158  CIDR: 3.208.72.128/27
        • 205.142.242.20 - 205.142.243.254 CIDR: 205.142.242.20/23
    • Updates, Configuration, Services, and Mobile:
      • Firmware:
        • IP: 54.227.140.71
        • FQDN: fw.cytracom.com, firmware.cytracom.net
      • Configuration:
        • IP: 3.208.72.130
        • FQDN: tftp.cytracom.net, provision.cytracom.net
      • Mobile Registration:
        • IP: 3.208.72.146
        • FQDN: mr1.cytracom.net
      • Presence:
        • IP: 3.208.72.135
        • FQDN: blf.cytracom.net
      • FTP (if call recording is used and uploaded to a locally or cloud-hosted storage solution):
        • IP: 18.211.94.44
      • Desktop:
        • IP: 52.20.32.65
        • FQDN: desktop.cytracom.net

UDP Timeout

  • Increase the UDP timeout to a minimum of 180 seconds for global and firewall rules relating to Cytracom services. This is necessary to avoid issues with BLF and MWI.

Quality of Service (QoS)

  • Implement QoS to prioritize traffic, targeting everything sent from the phones to the Cytracom system using the above IP range. This can be achieved through DSCP marking (46) or a guaranteed 100 kbps per device.

Firmware Maintenance

  • Keep the firmware up to date. While it is not necessary to update the firewall every time a new firmware version is released, this step should be taken when troubleshooting any widespread problems.

These guidelines may vary depending on the firewall being used. Consult the router and firewall guides for more detailed information on configuring routers and firewalls. Contact the Cytracom Support Team for additional assistance.

Customers with Cytracom ControlOne Agents

In addition to the best practices above, follow the guidelines in Cytracom ControlOne: Required executables, services, and allowlisting to ensure your Agents can connect from behind your firewall. 

Additional Resources

 

Was this article helpful?
6 out of 11 found this helpful