1. Cytracom
  2. Partners
  3. Firewall/Routers

Firewall Best Practices

It is essential to follow some general steps to ensure good Voice over Internet Protocol (VoIP) service when installing phones at an office or a new firewall for existing phones. This article outlines the recommended guidelines for smooth installation and optimal VoIP performance.

  1. Modem Configuration
  • Ensure that the modem is set to Bridge mode. Some modems will have IP passthrough.
  • Disable SIP ALG (SIP Module, SIP Transformations, SIP Helper, SIP Proxy, etc.). If an option is labeled SIP, it is best to disable it, as these options are primarily helpful for on-premise VoIP systems and can severely hinder cloud-based VoIP traffic.
  1. Firewall Rules
  • Add firewall rules to allow all traffic to Cytracom servers. The following IP ranges and fully qualified domain names (FQDNs) should be included in the firewall rules:
    • Registration & Nodes IP ranges:
      • FQDN: register.cytracom.net, kr1.cytracom.net
      • IP range: 209.105.249.194-209.105.249.252, 184.175.130.161-184.175.130.186, 3.208.72.128-3.208.72.158
    • Updates, Configuration, Services, and Mobile:
      • Firmware: IP: 54.227.140.71, FQDN: fw.cytracom.com or firmware.cytracom.net
      • Configuration: IP: 3.208.72.130, FQDN: tftp.cytracom.net or provision.cytracom.net
      • Mobile Registration: IP: 3.208.72.146, FQDN: mr1.cytracom.net
      • Presence: IP: 3.208.72.135 and 209.105.249.251, FQDN: blf.cytracom.net and pres.cytracom.net
      • FTP (if call recording is used and uploaded to a locally or cloud-hosted storage solution): IP: 18.211.94.44
      • Desktop: IP: 52.20.32.65, FQDN: desktop.cytracom.net
  1. UDP Timeout
  • Increase the UDP timeout to a minimum of 180 seconds for global and firewall rules relating to Cytracom services. This is necessary to avoid issues with BLF and MWI.
  1. Quality of Service (QoS)
  • Implement QoS to prioritize traffic, targeting everything sent from the phones to the Cytracom system using the above IP range. This can be achieved through DSCP marking (46) or a guaranteed 100 kbps per device.
  1. Firmware Maintenance
  • Keep the firmware up to date. While it is not necessary to update the firewall every time a new firmware version is released, this step should be taken when troubleshooting any widespread problems.

These general guidelines may vary slightly depending on the firewall being used. Please have a look at the detailed router and firewall guides for more detailed information on configuring routers and firewalls. If you need additional support, please do not hesitate to contact the Cytracom Support team at support@cytracom.com.

Articles in this section

See more
Was this article helpful?
6 out of 10 found this helpful