Print Friendly, PDF & Email

Firewall Requirements

What you need to know

Business Digital Voice is a hosted unified communications solution operating in the United States of America.

The service has multiple components including voice, video, desktop and mobile applications, web applications, and service quality tools. These components require communication between devices on the customer’s local area or wireless network connections and servers in the Business Digital Voice infrastructure. For this communication to function properly, customer security devices, such as firewalls, must not block IP addresses and TCP/UDP service ports used by the Business Digital Voice service.

The following topics of this guide provide information needed to properly configure a customer’s firewall to allow all communications between customer devices/applications and Business Digital Voice services.

Note: If a router and/or firewall is “SIP Aware”, that is, it has SIP ALG or similar enabled, we recommend that this functionality be turned OFF for correct operation of the service. See the relevant manufacturer's documentation for more information on how to disable SIP ALG on specific devices.

Help Topics

 

A. North America - NA - Commercial

All destinations should be configured on the customer’s firewall to ensure continuity of service. All of these service ports should be allowed for all appropriate Business Digital Voice IP subnets. For example, if the Business Digital Voice customer’s service is based in the United States, the service ports and associated protocols listed above should be allowed for the following subnets:

128.177.14.0/24 (Chicago)

128.177.36.0/24 (Dallas)


Back to Top

B. IP Phones, ATAs and IADs

Device

Protocol

Destination/DNS

IP

Destination Port

IP Phone / ATA / IAD

NTP

Endpoint clock synchronization

ntp.broadcloudpbx.net

199.59.65.181

199.59.66.181

UDP 123

IP Phone / ATA / IAD

DNS

For resolving configuration server A Records and call control SRV Records

Supplied Locally

 

UDP/TCP 53

SBC Traffic

SIP

Dallas

128.177.36.10

UDP / TCP

IP Endpoints

 

 

128.177.36.13

8933

 

 

 

128.177.36.14

 

 

 

 

128.177.36.24

 

 

 

 

199.59.65.80

 

 

 

Chicago

128.177.14.10

 

 

 

 

128.177.14.13

 

 

 

 

128.177.14.14

 

 

 

 

128.177.14.24

 

 

 

 

199.59.66.80

 

 

 

New York

199.59.71.20

 

 

 

Los Angeles

199.59.70.20

 

SBC Traffic

RTP

Dallas

128.177.36.10

UDP

IP Endpoints

 

 

128.177.36.13

19560 to 65535

 

 

 

128.177.36.14

 

 

 

 

128.177.36.24

 

 

 

 

199.59.65.80

 

 

 

Chicago

128.177.14.10

 

 

 

 

128.177.14.13

 

 

 

 

128.177.14.14

 

 

 

 

128.177.14.24

 

 

 

 

199.59.66.80

 

 

 

New York

199.59.71.20

 

 

 

Los Angeles

199.59.70.20

 

Cisco IP

HTTPS

spa.sipflash.com

128.177.36.192

TCP

Phone

 

 

128.177.14.192

443

Polycom IP Phone

HTTP/HTTPS

plcm.sipflash.com

128.177.36.191

128.177.14.191

TCP 80

443

Snom IP

HTTPS

snom.sipflash.com

128.177.36.193

TCP

Phone

 

 

128.177.14.193

443

Yealink IP

HTTPS

yealink.sipflash.com

128.177.36.213

TCP

Phone

 

 

128.177.14.213

443

Audiocodes

HTTPS

acodes.sipflash.com

128.177.36.189

TCP

IP Phone

 

 

128.177.14.194

443

Aastra/Mitel IP

HTTPS

aastra.sipflash.com

128.177.36.190

TCP

Phone

 

 

128.177.14.195

443

Panasonic

HTTPS

panasonic.sipflash.com

128.177.36.218

TCP

IP Phone

 

 

128.177.14.218

443


Back to Top

C. Clients and Applications

Device

Protocol

Destination/DNS

IP

Destination Port

UC Endpoints (Clients)

HTTP / HTTPS CAP

apps.broadcloudpbx.net

128.177.36.138

128.177.14.181

TCP 80

 

XMPP

 

 

443

 

BroadCloud

 

 

1081

 

Applications, IM&P, file transfer and desktop sharing

 

 

2208

8443

 

 

 

 

5222

 

 

 

 

5280 to 5281

 

 

 

 

52644 to 52645

SBC Traffic

SIP

Dallas

128.177.36.10

TCP

UC Endpoints

 

 

128.177.36.13

8933

 

 

 

128.177.36.14

 

 

 

 

128.177.36.24

 

 

 

 

199.59.65.83

 

 

 

Chicago

128.177.14.10

 

 

 

 

128.177.14.13

 

 

 

 

128.177.14.14

 

 

 

 

128.177.14.24

 

 

 

 

199.59.66.83

 

 

 

New York

199.59.71.21

 

 

 

Los Angeles

199.59.70.21

 

SBC Traffic

RTP

Dallas

128.177.36.10

UDP

UC Endpoints

 

 

128.177.36.13

19560 to 65535

 

 

 

128.177.36.14

 

 

 

 

128.177.36.24

 

 

 

 

199.59.65.80

 

 

 

Chicago

128.177.14.10

 

 

 

 

128.177.14.13

 

 

 

 

128.177.14.14

 

 

 

 

128.177.14.24

 

 

 

 

199.59.66.83

 

 

 

New York

199.59.71.21

 

 

 

Los Angeles

199.59.70,21

 

WebRTC (Guest Client)

HTTPS

Desktop Sharing

apps.broadcloudpbx.net

128.177.36.138

128.177.14.181

TCP 8443

WebRTC (Guest Client)

XMPP / TLS

IM&P

apps.broadcloudpbx.net

128.177.36.138

128.177.14.181

TCP 5222

WebRTC

SIP

wrs.broadcloudpbx.net

128.177.36.131

TCP

(Guest Client)

 

 

128.177.14.132

8060

 

 

 

 

8070

 

 

wrs02.broadcloudpbx.net

199.59.65.207

 

 

 

 

128.177.14.207

 

WebRTC

RTP

wrs.broadcloudpbx.net

128.177.36.131

UDP

(Guest Client)

 

 

128.177.14.132

16000 to 19000

 

 

wrs02.broadcloudpbx.net

199.59.65.207

 

 

 

 

128.177.14.207

 


Back to Top

D. DNS/NTP Service

Device

Protocol

Destination/DNS

IP

Destination Port

NTP

NTP

Optional use of BroadCloud provided public NTP service

ntp.broadcloudpbx.net

199.59.65.181

199.59.66.181

UDP 123

DNS

DNS

Optional use of BroadCloud provided DNS service for VPN customers

No DNS

199.59.65.181

199.59.66.181

UDP/TCP 53


Back to Top

E. PacketSmart

Device

Protocol

Destination/DNS

IP

Destination Port

PacketSmart Server

HTTP / HTTPS

Firmware upgrades

load.packetsmart.broadsoft.com

128.177.36.233

199.19.195.250

TCP 80

443

PacketSmart Server

HTTP / HTTPS

Portal Access / Data reporting

 

packetsmartbeta.broadsoft.com

 

128.177.36.230

TCP 80

443

PacketSmart Server

HTTP / HTTPS

Data reporting

 

packetsmartusa.broadsoft.com

 

128.177.36.226

TCP 80

443

PacketSmart Server

HTTP / HTTPS

Portal Access

packetsmart.broadsoft.com

128.177.36.231

TCP 80

443

PacketSmart Server

HTTP / HTTPS

Portal Access / Data reporting

packetsmartapac.broadsoft.com

128.177.36.229

TCP 80

443

PacketSmart Server

HTTP / HTTPS

Portal Access / Data reporting

packetsmartsa.broadsoft.com

128.177.36.228

TCP 80

443

PacketSmart Server

HTTP / HTTPS

Report Portal Access

packetsmartreports.broadsoft.co m

128.177.36.232

TCP 80

443

PacketSmart MediaSink Server

(Assessment call target)

SIP

Limited Use:

Applies to the Site Survey with Packetsmart Assessment

No DNS

128.177.36.182

128.177.36.183

128.177.36.181

128.177.36.185

TCP / UDP 5060 to 5061

PacketSmart MediaSink Server

(Assessment call target)

RTP

Limited Use: Applies to the Site

Survey with

Packetsmart Assessment

No DNS

128.177.36.182

128.177.36.183

128.177.36.181

128.177.36.185

UDP

15000 to 16000

PacketSmart MediaSink Server

(Assessment call target)

TRACEROUTE

Limited Use:

Applies to the Site Survey with Packetsmart Assessment

No DNS

 

128.177.36.182

128.177.36.183

128.177.36.181

128.177.36.185

UDP

33434 to 33534


Back to Top

F. Web Portal Access

Device

Protocol

Destination/DNS

IP

Destination Port

All User

HTTP / HTTPS

Service Provider Portal Dashboards

examinet.adpt-tech.com

128.177.36.152

TCP

Computers

(includes ExamiNet)

examinetbeta.broadcloudpbx. com

128.177.36.186

80

443

 

examinet.broadcloud.eu

85.119.57.240

 

 

examinet.broadcloud.com.au

199.59.64.142

 


Back to Top