Simplified Hosted UC - Network/Router Configuration Information

Technical Guidance

IP and Firewall Information

Overview

The platform provides partners access to many features which can then be provided onto their customers. This section of the Help Centre outlines what settings need to be configured on partners DNS or domain for the service to function correctly.

There are also settings which, in the event of connectivity issues, need to be configured on individual customers' or sites' router firewalls. These firewall settings should only be applied to a customer site that is having difficulty connecting to some or all the services provided. This is only required when a customer’s firewall has an “open on demand” policy, meaning that all services are locked down and ports/IP address allowed when the need occurs. This is normally a manual step carried out by the customer's firewall/router administrator. Is it also of importance to ensure that SIP ALG is DISABLED on all firewalls and routers which a user may be connecting from as this, in most cases, will cause connectivity issues either with SIP signalling (call setup, BLF operation etc) or voice traffic (RTP).

Firewall Guidance

Some customers may have strict firewall rules in place as part of their security policy. These rules may have an adverse effect on functionality or prohibit the services we provide for use. To ensure all customers can enjoy the benefits of the services we provide, the IP addresses, ports and domains listed in your specific IP table should be allowed on the customers firewall. In addition to this, the following guidance should be observed.

SIP ALG

This is a function available on many commercial and domestic routers and firewalls and is implemented with the intention of helping users more reliably initiate SIP calls. However, this technology often hinders the quality of SIP calls due to the nature of SIP signalling. SIP ALG modifies the process used in SIP signalling using NAT, for example, translating a private IP addresses and ports to a public IP addresses and ports. Because of the way this occurs in SIP ALG, some important information can be lost during this translation. This can result in the following (but not limited to) behaviours:

Failed registration attempts
One-way audio – either at the caller, or callee
Drops in call quality – jitter, broken speech, echoing
Lost connections – calls being dropped
Called device/softclient not ringing
Called device/softclient continues to ring after being answered

With this in mind, we strongly recommend that SIP ALG is disabled on all sites where our products are used. This includes business premises and homes of remote workers. Please consult your firewall/router documentation on how to disable SIP ALG.

ZTP Redirection

ZTP (Zero Touch Provisioning) allows a user to order a device from the portal, have it shipped to the user and provisioned automatically once it is connected to power and network. To do this, it needs to be able to contact its manufacturer's management service and our redirection service. Is it essential that these IP addresses and domains (where possible) are not blocked by customer's firewalls:

ztp.polycom.com
cdn.polycom.com
rpscloud.yealink.com
fdps.fanvil.com
185.59.222.185
54.216.41.50
54.77.124.62
52.49.17.139

This list contains the common IP addresses and domains used and is by no means exhaustive. Please contact your device distributor for further information.

DNS Whitelisting

Due to the nature of some 3^rd party services (such as device manufacturers' management services) where dynamic IP addressing is used, we recommend the use of DNS Whitelisting over IP whitelisting in firewalls. This allows the service to change the underlying IP of a domain without the need to update the IP address in the firewall whitelist.

DNS Settings and IP Addresses

IP Address and Port Table

The tables below show the IPs, ports, protocols, and services the solution uses.

Web Portal Access

Description

IP Address

URL/Domain

Transport & Port

Protocol

Platform Web Interface

54.217.139.71

portal.simplifiedhostedpbx.co.uk

TLS: 443

HTTPS

SIP Devices

Description

IP Address

URL/Domain

Transport & Port(s)

Protocol

Registration (VIP)

SRV

N/a

sip.simplifiedhostedpbx.co.uk

UDP: 5060

TCP: 5060

TLS: 5051

SIP

UK Alias

78.40.244.73

5.144.84.184

sip1.simplifiedhostedpbx.co.uk

5.144.88.22

sip2.simplifiedhostedpbx.co.uk

SIP Signalling (DN/EP^*1)

UK DN

5.144.85.232

N/a

UDP: 5060

TCP: 5060

TLS: 5051

SIP

NL DN

5.144.92.92

N/a

Media RTP (MUB)

UK 1

UK 2

UK 3

5.144.84.186

5.144.84.188

5.144.85.154

N/a

UDP: 35000 to 65000

RTP

NL 1

NL 2

NL 3

5.144.88.162

5.144.89.18

5.144.89.93

N/a

Device Provisioning

Server

5.144.84.201

7el.co/AutoProvCGI/5

TLS: 443

HTTPS

ucplus

Device Control

158.176.110.243

ucplus.simplifiedhostedpbx.co.uk

TCP: 21050/ 21051

UDP: 6052, 21059

uaCSTA

No longer used/reserved for future use^*2

5.144.85.193

N/a

UDP: 35000 to 65000

RTP

5.144.92.14

5.144.92.53

N/a

Soft Clients

Application

IP Address

Transport & Port(s)

Protocol

vipeX Desktop App

Uses IP address and ports as per SIP Devices section in addition to the below.

vipeX Mobile

vipeX Push Notifications (desktop & mobile)

107.170.65.67, 107.170.123.70, 107.170.151.176, 159.65.186.176, 159.65.251.173, 159.65.252.186, 159.65.253.49, 162.243.35.55, 162.243.66.221, 162.243.226.67, 162.243.226.164, 165.227.184.188, 167.99.48.91, 167.99.119.203

TCP: 433, 4998, 24998

UDP: 4998

HTTPS

Go Integrator Pria

Uses IP address and ports as per SIP Devices section.

Teams Direct Routing

SBC

51.132.210.169 (^*3.sbc.7el.co)

Ports as per SIP Devices section.

ucplus Desktop Client Software

Description

IP Address

URL/Domain

Port(s)

Protocol & Transport

Desktop Client

158.176.110.243

ucplus.simplifiedhostedpbx.co.uk/^*4

21050, 21051, 21059

TCP, TLS, UDP

^*1Individual EP addresses are no longer visible to public networks.

^*2 Implemented as part of the MR95 upgrade but no longer used.

^*3 Subdomain configured on a per customer basis

^*4Full ucplus client URL is provided on setup of the customer licence.

Glossary of Abbreviations, Terms and Acronyms

The table below show commonly used terms contained within this section of the Help Centre.

Edge Proxy. This server is responsible for handing SIP signalling.

MUB

Media Unit Bundle. This server is responsible for handling the RTP traffic of a SIP call.

SRV

Service Record. This is a specification of data in the Domain Name System defining the location, i.e., the hostname and port number, of servers for specified services.

Domain (name)

A domain name is a web address consisting of a website name and a domain name extension.

DNS

Domain Name System/Server. In simple terms, this server provides a service which translates URLs into IP addresses and vice-versa.

URL

Uniform Resource Locator, also known as a web address.

Port

The term used to describe the location where information is sent.

UDP

User Datagram Protocol, a transport protocol used in the transmission of data. Used for real time applications.

TCP

Transmission Control Protocol, a transport protocol used in the transmission of data. Generally, more secure and reliable than UDP.

TLS

Transport Layer Security is a cryptographic protocol designed to provide communications security over a computer network.

uaCSTA

User Agent Computer Supported Telecommunications Applications, used for controlling devices, general telephone handsets, using software.

CGI

Common Gateway Interface, used for dynamically serving provisioning files to devices.

HTTP

Hypertext Transfer Protocol, a protocol used to transfer information over computer networks.

HTTPS

Hypertext Transfer Protocol Secure, a protocol used to transfer information over computer networks securely. Often employs TLS encryption.

SIP

Session Initiation Protocol, used for initiating, maintaining, and terminating real-time sessions that including voice applications.

SIP ALG

Session Initiation Protocol Application Layer Gateway.

User Agent, a device or softclient used to register a SIP account.

Dispatch Node or Dispatching SBC (DSBC), used to propagate call initiation requests though the system.

SBC

Session Border Controller is a device used exert control over the signalling, media streams involved in setting up, conducting, and ending telephone calls or other interactive media communications.

NAT

Network Address Translation, often used to map or translate private IP addresses and ports to public IP addresses and ports.

ZTP

Zero Touch Provisioning, a method of provisioning a SIP device without users needing to interact with the device.