Firewall Requirements
What you need to know
Business Digital Voice is a hosted unified communications solution operating in the United States of America.
The service has multiple components including voice, video, desktop and mobile applications, web applications, and service quality tools. These components require communication between devices on the customer’s local area or wireless network connections and servers in the Business Digital Voice infrastructure. For this communication to function properly, customer security devices, such as firewalls, must not block IP addresses and TCP/UDP service ports used by the Business Digital Voice service.
The following topics of this guide provide information needed to properly configure a customer’s firewall to allow all communications between customer devices/applications and Business Digital Voice services.
Note: If a router and/or firewall is “SIP Aware”, that is, it has SIP ALG or similar enabled, we recommend that this functionality be turned OFF for correct operation of the service. See the relevant manufacturer's documentation for more information on how to disable SIP ALG on specific devices.
Help Topics
A. North America - NA - Commercial
All destinations should be configured on the customer’s firewall to ensure continuity of service. All of these service ports should be allowed for all appropriate Business Digital Voice IP subnets. For example, if the Business Digital Voice customer’s service is based in the United States, the service ports and associated protocols listed above should be allowed for the following subnets:
128.177.14.0/24 (Chicago)
128.177.36.0/24 (Dallas)
B. IP Phones, ATAs and IADs
Device |
Protocol |
Destination/DNS |
IP |
Destination Port |
IP Phone / ATA / IAD |
NTP Endpoint clock synchronization |
ntp.broadcloudpbx.net |
199.59.65.181 199.59.66.181 |
UDP 123 |
IP Phone / ATA / IAD |
DNS For resolving configuration server A Records and call control SRV Records |
Supplied Locally |
|
UDP/TCP 53 |
SBC Traffic |
SIP |
Dallas |
128.177.36.10 |
UDP / TCP |
IP Endpoints |
|
|
128.177.36.13 |
8933 |
|
|
|
128.177.36.14 |
|
|
|
|
128.177.36.24 |
|
|
|
|
199.59.65.80 |
|
|
|
Chicago |
128.177.14.10 |
|
|
|
|
128.177.14.13 |
|
|
|
|
128.177.14.14 |
|
|
|
|
128.177.14.24 |
|
|
|
|
199.59.66.80 |
|
|
|
New York |
199.59.71.20 |
|
|
|
Los Angeles |
199.59.70.20 |
|
SBC Traffic |
RTP |
Dallas |
128.177.36.10 |
UDP |
IP Endpoints |
|
|
128.177.36.13 |
19560 to 65535 |
|
|
|
128.177.36.14 |
|
|
|
|
128.177.36.24 |
|
|
|
|
199.59.65.80 |
|
|
|
Chicago |
128.177.14.10 |
|
|
|
|
128.177.14.13 |
|
|
|
|
128.177.14.14 |
|
|
|
|
128.177.14.24 |
|
|
|
|
199.59.66.80 |
|
|
|
New York |
199.59.71.20 |
|
|
|
Los Angeles |
199.59.70.20 |
|
Cisco IP |
HTTPS |
spa.sipflash.com |
128.177.36.192 |
TCP |
Phone |
|
|
128.177.14.192 |
443 |
Polycom IP Phone |
HTTP/HTTPS |
plcm.sipflash.com |
128.177.36.191 128.177.14.191 |
TCP 80 443 |
Snom IP |
HTTPS |
snom.sipflash.com |
128.177.36.193 |
TCP |
Phone |
|
|
128.177.14.193 |
443 |
Yealink IP |
HTTPS |
yealink.sipflash.com |
128.177.36.213 |
TCP |
Phone |
|
|
128.177.14.213 |
443 |
Audiocodes |
HTTPS |
acodes.sipflash.com |
128.177.36.189 |
TCP |
IP Phone |
|
|
128.177.14.194 |
443 |
Aastra/Mitel IP |
HTTPS |
aastra.sipflash.com |
128.177.36.190 |
TCP |
Phone |
|
|
128.177.14.195 |
443 |
Panasonic |
HTTPS |
panasonic.sipflash.com |
128.177.36.218 |
TCP |
IP Phone |
|
|
128.177.14.218 |
443 |
C. Clients and Applications
Device |
Protocol |
Destination/DNS |
IP |
Destination Port |
UC Endpoints (Clients) |
HTTP / HTTPS CAP |
apps.broadcloudpbx.net |
128.177.36.138 128.177.14.181 |
TCP 80 |
|
XMPP |
|
|
443 |
|
BroadCloud |
|
|
1081 |
|
Applications, IM&P, file transfer and desktop sharing |
|
|
2208 8443 |
|
|
|
|
5222 |
|
|
|
|
5280 to 5281 |
|
|
|
|
52644 to 52645 |
SBC Traffic |
SIP |
Dallas |
128.177.36.10 |
TCP |
UC Endpoints |
|
|
128.177.36.13 |
8933 |
|
|
|
128.177.36.14 |
|
|
|
|
128.177.36.24 |
|
|
|
|
199.59.65.83 |
|
|
|
Chicago |
128.177.14.10 |
|
|
|
|
128.177.14.13 |
|
|
|
|
128.177.14.14 |
|
|
|
|
128.177.14.24 |
|
|
|
|
199.59.66.83 |
|
|
|
New York |
199.59.71.21 |
|
|
|
Los Angeles |
199.59.70.21 |
|
SBC Traffic |
RTP |
Dallas |
128.177.36.10 |
UDP |
UC Endpoints |
|
|
128.177.36.13 |
19560 to 65535 |
|
|
|
128.177.36.14 |
|
|
|
|
128.177.36.24 |
|
|
|
|
199.59.65.80 |
|
|
|
Chicago |
128.177.14.10 |
|
|
|
|
128.177.14.13 |
|
|
|
|
128.177.14.14 |
|
|
|
|
128.177.14.24 |
|
|
|
|
199.59.66.83 |
|
|
|
New York |
199.59.71.21 |
|
|
|
Los Angeles |
199.59.70,21 |
|
WebRTC (Guest Client) |
HTTPS Desktop Sharing |
apps.broadcloudpbx.net |
128.177.36.138 128.177.14.181 |
TCP 8443 |
WebRTC (Guest Client) |
XMPP / TLS IM&P |
apps.broadcloudpbx.net |
128.177.36.138 128.177.14.181 |
TCP 5222 |
WebRTC |
SIP |
wrs.broadcloudpbx.net |
128.177.36.131 |
TCP |
(Guest Client) |
|
|
128.177.14.132 |
8060 |
|
|
|
|
8070 |
|
|
wrs02.broadcloudpbx.net |
199.59.65.207 |
|
|
|
|
128.177.14.207 |
|
WebRTC |
RTP |
wrs.broadcloudpbx.net |
128.177.36.131 |
UDP |
(Guest Client) |
|
|
128.177.14.132 |
16000 to 19000 |
|
|
wrs02.broadcloudpbx.net |
199.59.65.207 |
|
|
|
|
128.177.14.207 |
|
D. DNS/NTP Service
Device |
Protocol |
Destination/DNS |
IP |
Destination Port |
NTP |
NTP Optional use of BroadCloud provided public NTP service |
ntp.broadcloudpbx.net |
199.59.65.181 199.59.66.181 |
UDP 123 |
DNS |
DNS Optional use of BroadCloud provided DNS service for VPN customers |
No DNS |
199.59.65.181 199.59.66.181 |
UDP/TCP 53 |
E. PacketSmart
Device |
Protocol |
Destination/DNS |
IP |
Destination Port |
PacketSmart Server |
HTTP / HTTPS Firmware upgrades |
load.packetsmart.broadsoft.com |
128.177.36.233 199.19.195.250 |
TCP 80 443 |
PacketSmart Server |
HTTP / HTTPS Portal Access / Data reporting |
packetsmartbeta.broadsoft.com |
128.177.36.230 |
TCP 80 443 |
PacketSmart Server |
HTTP / HTTPS Data reporting |
packetsmartusa.broadsoft.com |
128.177.36.226 |
TCP 80 443 |
PacketSmart Server |
HTTP / HTTPS Portal Access |
packetsmart.broadsoft.com |
128.177.36.231 |
TCP 80 443 |
PacketSmart Server |
HTTP / HTTPS Portal Access / Data reporting |
packetsmartapac.broadsoft.com |
128.177.36.229 |
TCP 80 443 |
PacketSmart Server |
HTTP / HTTPS Portal Access / Data reporting |
packetsmartsa.broadsoft.com |
128.177.36.228 |
TCP 80 443 |
PacketSmart Server |
HTTP / HTTPS Report Portal Access |
packetsmartreports.broadsoft.co m |
128.177.36.232 |
TCP 80 443 |
PacketSmart MediaSink Server (Assessment call target) |
SIP Limited Use: Applies to the Site Survey with Packetsmart Assessment |
No DNS |
128.177.36.182 128.177.36.183 128.177.36.181 128.177.36.185 |
TCP / UDP 5060 to 5061 |
PacketSmart MediaSink Server (Assessment call target) |
RTP Limited Use: Applies to the Site Survey with Packetsmart Assessment |
No DNS |
128.177.36.182 128.177.36.183 128.177.36.181 128.177.36.185 |
UDP 15000 to 16000 |
PacketSmart MediaSink Server (Assessment call target) |
TRACEROUTE Limited Use: Applies to the Site Survey with Packetsmart Assessment |
No DNS |
128.177.36.182 128.177.36.183 128.177.36.181 128.177.36.185 |
UDP 33434 to 33534 |
F. Web Portal Access
Device |
Protocol |
Destination/DNS |
IP |
Destination Port |
All User |
HTTP / HTTPS Service Provider Portal Dashboards |
examinet.adpt-tech.com |
128.177.36.152 |
TCP |
Computers (includes ExamiNet) |
examinetbeta.broadcloudpbx. com |
128.177.36.186 |
80 443 |
|
|
examinet.broadcloud.eu |
85.119.57.240 |
|
|
|
examinet.broadcloud.com.au |
199.59.64.142 |
|