Firewall Best Practices

When installing phones at an office, or when installing a new firewall for existing phones, there are some general steps to take to ensure good VoIP service:

  • Ensure that the modem is in Bridge mode, or if that is not an option, set so that it does not do any routing.
  • Disable SIP ALG. This is sometimes called the SIP Module, SIP Transformations, SIP Helper, SIP Proxy, etc. If an option is labeled SIP, it's likely best to disable it.
  • Add firewall rules to allow ALL traffic to and from Cytracom servers (IP range
  • Increase UDP timeout to a minimum of 180 seconds for Global and firewall rules relating to Cytracom services (relative cause of BLF and MWI issues).
  • Add QoS to prioritize traffic, targeting everything being sent from the phones to our system at the above IP range.
  • Keep firmware up to date. While it's usually not imperative to update a firewall every time a new firmware version is released, this should be a go-to step when troubleshooting any widespread problem.

These are general guidelines, and the details will often vary from one firewall to another. Feel free to contact Support if needed:

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request