Recommended Firewall Setup#
Introduction#
We provide a set of servers, that enable the Softphones to connect to your PBX. In order to maintain a high availablility while also keep the systems up to date, we are working with a set of servers, that changes over time.
In order to achieve less manual readjustments on the admins side, we have deployed the following scheme.
DNS Names#
To decouple our internal server naming scheme from your firewall rules, we use ten DNS server names labelled 'a' to 'j', which must be permitted.
Each of our servers requires 2 pairs of IPV4/IPV6 addresses. One pair of addresses is mainly used for the communication with the PBX, the other for the clients. The pairs of addresses are labelled 'a' and 'b'.
The resulting set of DNS names is as follows:
aa.srv.auerproxy.de CNAME ...
ab.srv.auerproxy.de CNAME ...
ba.srv.auerproxy.de CNAME ...
bb.srv.auerproxy.de CNAME ...
...
ia.srv.auerproxy.de CNAME dummy.auerproxy.de
ib.srv.auerproxy.de CNAME dummy.auerproxy.de
ja.srv.auerproxy.de CNAME dummy.auerproxy.de
jb.srv.auerproxy.de CNAME dummy.auerproxy.de
If one of the names is not in use, it points to dummy.auerproxy.de (127.255.1.234/::1).
Ports#
The following ports are used for the proxy service and should be allowed to the DNS names mentioned above.
| Port | TCP | UDP | Use |
|---|---|---|---|
| 10000-20000 | ✓ | ✓ | Data transfer COMtrexx Control Center, Provisioning and API |
| 30000-40000 | - | ✓ | Call Audio (RTP/SRTP) |
| 3478-3481, 5349 | ✓ | ✓ | STUN and TURN |
| 4433 | ✓ | - | Provisioning COMfortel SoftPhone 2 |
| 49152-65535 | - | ✓ | TURN RTP/SRTP relay |
| 5061 | ✓ | - | SIPS |
| 53 | ✓ | ✓ | DNS |
| 843 | ✓ | - | COMfortel SoftPhone 2 for API access / Google Contact Sync API Access Token |