Clear Clouds phones can work off any internet around the world. There is generally no need for you to configure port forwards or firewall rules. However, in cases where a firewall denies outbound traffic by default or uses manual NAT you may encounter issues where phones might not register to our servers. There is a number of reasons that could cause this such as miss-configured switch network, implicit deny on the firewall, broadcast storm, implicit deny or firewall implicit policy, etc...
Our servers can be reached via multiple subnets which handle different parts of the applications. You will need to make sure that our network is permitted to communicate with yours.
Ensure that your network administrator has the following information
Application | Client Network | Clear Clouds Servers | TCP/UDP | IP PORT | FLOW |
---|---|---|---|---|---|
RTP Traffic | Voice / Data | 38.30.40.82 38.17.20.42 |
UDP | 20000 - 27999 | OUT |
SIP Signalling | Voice / Data | 38.30.40.82 38.17.20.42 |
UDP/TCP | 5060 - 5061 | OUT |
Endpoint Provisioning | Voice / Data | 38.30.40.82 38.17.20.42 38.30.40.85 52.71.103.102 35.156.148.166 106.15.89.161 47.75.58.202 47.89.187.0 |
TCP | 80, 443 | OUT |
Phone Directory | Voice/Data | 38.17.20.46 | TCP | 8088,8081 | OUT |
Web Phones / Portal updates | Voice / Data | 38.30.40.82 38.17.20.42 |
TCP | 8001, 443, 9002 | OUT |
All traffic originating from the client network must allow all ports and ip as per above on egress. |
Most of the time the above IP's is all that is required but in certain cases the following additional FQDN's and IP's need to be whitelisted for provisioning
https://dm.yealink.com
https://api-dm.yealink.com
https://rps.yealink.com
52.71.103.102
35.156.148.166
106.15.89.161
47.75.58.202
47.89.187.0
Network Security
We take security very seriously and so should you. All SIP phones listen on 5060 - 5061 by default set by the manufacturer. We change this port for security purposes during the provisioning sequence. You have to ensure that 5060 and 5061 on the firewall ingress traffic is also disabled unless you have a trunk and have been instructed by SE Telecom otherwise. IPS, DNS Filter Anti-virus, and SSL Inspection or any application sip control security profiles should be disabled on the firewall for RTP Traffic and for port 9002 as this could cause issues for all real-time traffic such as portal events/alerts, popups and web phones and chat.
Clear Clouds servers do not accept any requests from outside North America unless it is requested otherwise. This security measure is in place to prevent fraudulent activities from other countries.
NAT/SIP ALG
Many routers have SIP ALG turned on by default. Not very many vendors perfected the implementation of SIP ALG. More often, this can cause issues with VoIP and therefore must be disabled. If not disabled, you will most likely experience SIP Signalling issues, Incoming Calls Drop, Unable to transfer call, Speech Path issue or Conferencing issue.
If your firewall vendor can not disable the SIP ALG then you have to change your router/firewall. SE Telecom will be able to assist.
Read more on SIP ALG and symptoms
Quality of Service ( QoS )
VOIP Phones are typically plug-n-play and only require internet access to operate. However, VOIP implementations must be considered with QoS proper implementation from end-to-end. Most reported issues related to VOIP are caused by packet traffic dropping, media interference, voice lower priority and SIP ALG manipulation.
Supported VOIP phones would mark the traffic at both Layer 2 (COS) and Layer 3 ( DSCP ) for Signalling and RTP. If you decide to trust the COS Marking which is only available in VLAN tag, ensure that cos-dscp values are converted properly. If you decide to trust DSCP markings (Recommended), ensure that Trunks and Uplinks are configured to trust DSCP to ensure end-to-end DSCP marking.
DSCP Value Markings
DSCP Decimal | Description |
---|---|
46 | EF ( Expedited Forwarding) High Priority. Use for RTP |
26 | AF31 - Use for SIP Signalling |
34 | AF41 - Video Communication |