Simplified UC - Network/Router Configuration Information

Technical Guidance

IP and Firewall Information

Overview

Boom provides partners access to many features which can then be provided onto their customers. This section of the Help Centre outlines what settings need to be configured on partners DNS or domain for the service to function correctly.

There are also settings which, in the event of connectivity issues, need to be configured on individual customers' or sites' router firewalls. These firewall settings should only be applied to a customer site that is having difficulty connecting to some or all the services provided. This is only required when a customer’s firewall has an “open on demand” policy, meaning that all services are locked down and ports/IP address allowed when the need occurs. This is normally a manual step carried out by the customer's firewall/router administrator. Is it also of importance to ensure that SIP ALG is DISABLED on all firewalls and routers which a user may be connecting from as this, in most cases, will cause connectivity issues either with SIP signalling (call setup, BLF operation etc) or voice traffic (RTP).

78.40.244.0/24 Network

The 78.40.244.0/24 network is a deprecated network on our UK node and partners should be taking steps to ensure that any registered endpoints or vendor connections, are configured to use our 5.144.80.0/20 network only. This includes checking and updating any statically configured IP addresses, as well as any DNS records which may still be configured using the old network, preferably making use of DNS SRV records to provide failover between our geo-redundant nodes. The tables below have been updated to ensure a 5.144.80.0/20 IP address is available for the UK DSBC.

The 78.40.244.0/24 network is being scheduled for complete removal by 1st of November 2023. We would therefore encourage all our partners to make sure that the necessary configuration updates are completed as soon as possible, to prevent any future degradation and loss of service.

Related articles:

Email and SMTP Settings

Firewall Guidance

Glossary of Abbreviations, Terms and Acronyms

Email and SMTP Settings

The platform has the abliity to send out emails when certain actions are performed on the system, these include:

New customer creations;
Customer amendments;
Porting requests;
Updated porting comments;
Customer data controller invites;
Account/user portal access invites;
Voicemail notifications;
Fax to email messages.

The majority of these emails have preconfigured templates which can be customised to your requirements. The default set of templates are applied as standard, please contact Boom of you wish these to be altered.

For emails to be successfully sent and received, your portal needs to be configured with your outgoing SMTP details which can be supplied by your email provider. Please provide the following:

Sender email address;
Server host name;
Port number;
Is SSL required?
Are credentials required?
Account user name;
Account password (if credentials are required).

We will also need to know what your default (preset) email domain is. This is normally the email domain of your SMTP settings. This can also be set at reseller level so that your reseller's domain can be used on emails to their customers. In both instances, the settings below need to be applied to the domain.

Some emails may be treated as spam by receiving email providers or email clients. To help prevent this from happening, SPF records should be configured on your domain. SPF is a Sender Policy Framework record which is used to indicate to mail exchanges (or mail servers) which hosts (IP addresses) are allowed to send emails from a specified domain. When an email is sent, the record can be queried by receiving mail servers to establish if the mail has been sent by an authorised party. If the IP address of the sender is included in the SPF record, the email will be treated as legitimate by spam filters and allowed through.

The following SPF record should be applied:

v=spf1 include:spf.antispamcloud.com ip4:78.40.244.0/24 ip4:5.144.80.0/20 ~all

The platform will send voicemail messages from an address constructed of the source account ID, and the preset email domain value, for example; 551012341234@email.com. Most likely, this is not a valid email address on the domain, so sender verification will fail. Therefore, it's necessary (in most cases) to create a catch-all mailbox on the email domain. Any user attached to that domain is then perceived as legitimate and emails will no longer be treated as spam. However, catch-all email addresses have now become the target for email spammers. The spammer no longer has to guess which usernames are valid, they just simply send their spams to a random username on that domain. Rules can and should be created in your spam filters to minimise this, but unfortunaly, this has become an unwanted side effect of this validation method.

For email providers who have strict filtering, you may need to provide them the following list of IP addresses to add to their static “safe senders” list:

130.117.53.189
130.117.54.107
149.13.75.71

Please be aware, these IP addresses are operated by Antispamcloud and not Boom. They are subject to change which Boom has no control over.

Related articles:

Overview

Firewall Guidance

Glossary of Abbreviations, Terms and Acronyms

Firewall Guidance

Some customers may have strict firewall rules in place as part of their security policy. These rules may have an adverse effect on functionality or prohibit the services Boom provides from use. To ensure all customers can enjoy the benefits of the services we provide, the IP addresses, ports and domains listed in your specific IP table should be allowed on the customers firewall. In addition to this, the following guidance should be observed.

SIP ALG

This is a function available on many commercial and domestic routers and firewalls and is implemented with the intention of helping users more reliably initiate SIP calls. However, this technology often hinders the quality of SIP calls due to the nature of SIP signalling. SIP ALG modifies the process used in SIP signalling using NAT, for example, translating a private IP addresses and ports to a public IP addresses and ports. Because of the way this occurs in SIP ALG, some important information can be lost during this translation. This can result in the following (but not limited to) behaviours:

Failed registration attempts
One-way audio – either at the caller, or callee
Drops in call quality – jitter, broken speech, echoing
Lost connections – calls being dropped
Called device/softclient not ringing
Called device/softclient continues to ring after being answered

With this in mind, we strongly recommend that SIP ALG is disabled on all sites where our products are used. This includes business premises and homes of remote workers. Please consult your firewall/router documentation on how to disable SIP ALG.

ZTP Redirection

ZTP (Zero Touch Provisioning) allows a user to order a device from the portal, have it shipped to the user and provisioned automatically once it is connected to power and network. To do this, it needs to be able to contact its manufacturer's management service and our redirection service. Is it essential that these IP addresses and domains (where possible) are not blocked by customer's firewalls:

ztp.polycom.com
cdn.polycom.com
rpscloud.yealink.com
fdps.fanvil.com
185.59.222.185
54.216.41.50
54.77.124.62
52.49.17.139

This list contains the common IP addresses and domains used and is by no means exhaustive. Please contact your device distributor for further information.

DNS Whitelisting

Due to the nature of some 3^rd party services (such as device manufacturers' management services) where dynamic IP addressing is used, we recommend the use of DNS Whitelisting over IP whitelisting in firewalls. This allows the service to change the underlying IP of a domain without the need to update the IP address in the firewall whitelist.

Related articles:

Overview

Email and SMTP Settings

Glossary of Abbreviations, Terms and Acronyms

The table below shows commonly used terms contained within this section of the Help Centre.

Edge Proxy. This server is responsible for handing SIP signalling.

MUB

Media Unit Bundle. This server is responsible for handling the RTP traffic of a SIP call.

SRV

Service Record. This is a specification of data in the Domain Name System defining the location, i.e., the hostname and port number, of servers for specified services.

Domain (name)

A domain name is a web address consisting of a website name and a domain name extension.

DNS

Domain Name System/Server. In simple terms, this server provides a service which translates URLs into IP addresses and vice-versa.

URL

Uniform Resource Locator, also known as a web address.

Port

The term used to describe the location where information is sent.

UDP

User Datagram Protocol, a transport protocol used in the transmission of data. Used for real time applications.

TCP

Transmission Control Protocol, a transport protocol used in the transmission of data. Generally, more secure and reliable than UDP.

TLS

Transport Layer Security, a cryptographic protocol designed to provide communications security over a computer network.

uaCSTA

User Agent Computer Supported Telecommunications Applications, used for controlling devices, generally telephone handsets, using software.

CGI

Common Gateway Interface, used for dynamically serving provisioning files to devices.

HTTP

Hypertext Transfer Protocol, a protocol used to transfer information over computer networks.

HTTPS

Hypertext Transfer Protocol Secure, a protocol used to transfer information over computer networks securely. Often employs TLS encryption.

SIP

Session Initiation Protocol, used for initiating, maintaining, and terminating real-time sessions, including voice applications.

SIP ALG

Session Initiation Protocol Application Layer Gateway.

User Agent, a device or softclient used to register to a SIP account.

Dispatch Node, used to evenly distribute incoming calls to back end processing nodes (registrar, call controller etc).

SBC

Session Border Controller, a device used to exert control over the signalling, media streams involved in setting up, conducting, and ending telephone calls or other interactive media communications.

DSBC

Dispatching Session Border Controller, used to propagate call initiation requests though the system.

NAT

Network Address Translation, often used to map or translate private IP addresses and ports to public IP addresses and ports.

ZTP

Zero Touch Provisioning, a method of provisioning a SIP device without users needing to interact with the device.

Related articles:

Overview

Email and SMTP Settings

Firewall Guidance

Nimans - Firewall DNS Settings and IP Addresses

DNS Settings

To give partners the ability to deliver a while label service to their customers, Boom gives partners the option to provide their own URL for accessing the portal as well as their own URL/domains for handset/softclient (SIP UA) registration and other ancillary products and services. Partners can either provide us with the URLs/domains they wish to use for these services and configure the required DNS settings with their domain provider or Boom can do this using our Cloudflare service.

Domains and Sub Domains

Type

URL/Domain

Target IP Address

TLL

Comments

hosteducportal.com

5 mins

Web Portal Access

portal.simplifiedhostedpbx.co.uk^{* 1}

54.217.139.71

5 mins

Web Portal Access

SRV, A

sip.simplifiedhostedpbx.co.uk

5.144.84.184

15 mins

DNS SRV record also added, see below

sip1.simplifiedhostedpbx.co.uk

5.144.84.184

15 mins

SIP UA Registration (Primary)

sip2.simplifiedhostedpbx.co.uk

5.144.88.22

15 mins

SIP UA Registration (Secondary)

ucplus.simplifiedhostedpbx.co.uk

158.176.110.243

15 mins

ucplus Server address

*¹ a sub domain is usually recommended for portal access, but is not mandatory, e.g portal.domain.com.

SIP UA (Handset, Soft client etc) DNS SRV Registration

Type

Service

Protocol

TTL

Priority

Weight

Port

Target

SRV

SIP

UDP

15 min

5060

sip1.simplifiedhostedpbx.co.uk

SRV

SIP

UDP

15 min

5060

sip2.simplifiedhostedpbx.co.uk

IP Address and Port Table

The tables below show fixed IPs, ports, protocols, and services the solution uses.

Where an IP is not specified, access to the relevant domain needs to be available as the underlying IP's can and will change from time to time.

Web Portal and Associated Services

Description

IP Address

URL/Domain

Transport & Port

Protocol

Platform Web Interface

hosteducportal.com

TCP:443

HTTPS

54.217.139.71

portal.simplifiedhostedpbx.co.uk

TCP: 443

HTTPS

api.eks.boom-ops.network

TCP: 443

HTTPS

addvoice.s3.eu-west-1.amazonaws.com/

TCP: 443

HTTPS

core-boomcomslimited.portaone.com

TCP: 443

HTTPS

SIP Devices

Description

IP Address

URL/Domain

Transport & Port(s)

Protocol

Registration (DSBC/VIP)

SRV

N/a

sip.simplifiedhostedpbx.co.uk

UDP: 5060

TCP: 5060

TLS: 5051

SIP

5.144.84.184

sip1.simplifiedhostedpbx.co.uk

5.144.88.22

sip2.simplifiedhostedpbx.co.uk

SIP Signalling (DN/EP^*1)

UK DN

5.144.85.232

N/a

UDP: 5060

TCP: 5060

TLS: 5051

SIP

NL DN

5.144.92.92

N/a

Media RTP (MUB)

UK 1

UK 2

UK 3

5.144.84.186

5.144.84.188

5.144.85.154

N/a

UDP: 35000 to 65000

RTP

NL 1

NL 2

NL 3

5.144.88.162

5.144.89.18

5.144.89.93

N/a

Device Provisioning

Server

5.144.84.201

7el.co/AutoProvCGI/5

TCP: 443

HTTPS

ucplus

Device Control

158.176.110.243

ucplus.simplifiedhostedpbx.co.uk

TCP: 21050/ 21051

UDP: 6052, 21059

uaCSTA

No longer used/reserved for future use^*2

5.144.85.193

N/a

UDP: 35000 to 65000

RTP

5.144.92.14

5.144.92.53

N/a

UK DSBC

78.40.244.73

N/a

UDP: 5060

TCP: 5060

TLS: 5051

SIP

Soft Clients

Application

IP Address

Transport & Port(s)

Protocol

Integrated Softclient

stun.I.google.com

89.168.98.20

99.81.186.91
132.145.254.247

UDP: 19302

TCP: 443

UDP:35000 to 65000

STUN

HTTPS

UDP

vipeX Desktop App

Uses IP address and ports as per SIP Devices section in addition to the below.

vipeX Mobile

vipeX Push Notifications (desktop & mobile)

107.170.65.67, 107.170.123.70, 107.170.151.176, 159.65.186.176, 159.65.251.173, 159.65.252.186, 159.65.253.49, 162.243.35.55, 162.243.66.221, 162.243.226.67, 162.243.226.164, 165.227.184.188, 167.99.48.91, 167.99.119.203

TCP: 443, 4998, 24998

UDP: 4998

HTTPS

Go Integrator Pria

Uses IP address and ports as per SIP Devices section.

Teams Direct Routing

SBC

51.132.210.169 (^*3.sbc.7el.co)

Ports as per SIP Devices section.

ucplus Desktop Client Software

Description

IP Address

URL/Domain

Port(s)

Protocol & Transport

Desktop Client

158.176.110.243

ucplus.simplifiedhostedpbx.co.uk/^*4

21050, 21051, 21059

TCP, TLS, UDP

^*1Individual EP addresses are no longer visible to public networks.

^*2 Implemented as part of the MR95 upgrade but no longer used.

^*3 Subdomain configured on a per customer basis.

^*4Full ucplus client URL is provided on setup of the customer licence.