Network Firewall Configuration
From Taridium
(→Default Ports) |
|||
(9 intermediate revisions not shown) | |||
Line 1: | Line 1: | ||
It is always recommended to use a [[wikipedia:Firewall_(networking)|network firewall]] to protect your PBX from unwanted access. Please consult with your router/firewall vendor for further details. | It is always recommended to use a [[wikipedia:Firewall_(networking)|network firewall]] to protect your PBX from unwanted access. Please consult with your router/firewall vendor for further details. | ||
- | The ipbx web interface uses standard port [[wikipedia:Transmission_Control_Protocol|TCP]] 80 or TCP 443 (secure). It is not recommended to expose the web interface to the public internet with standard PIN based user authentication. | + | The ipbx web interface uses standard port [[wikipedia:Transmission_Control_Protocol|TCP]] 80 or TCP 443 (secure). It is not recommended to expose the web interface to the public internet with standard PIN based user authentication. See [[End_User_Panel|End User Panel Login]]. |
=== SIP Protocol === | === SIP Protocol === | ||
Line 13: | Line 13: | ||
[[wikipedia:Real-time_Transport_Protocol|RTP Protocol]] [[wikipedia:User_Datagram_Protocol|UDP]] 18000-20000 (default range as set in RTP configuration) | [[wikipedia:Real-time_Transport_Protocol|RTP Protocol]] [[wikipedia:User_Datagram_Protocol|UDP]] 18000-20000 (default range as set in RTP configuration) | ||
- | [[Image:warning.gif]] Do not use SIP transformations or any other [[wikipedia:Network_address_translation|NAT]] traversal solutions on your network firewall unless you completely understand the implications of doing so. Ipbx is capable of handling far-end NAT traversal by setting the peer option to NAT in the channels configuration. | + | [[Image:warning.gif]] Do not use SIP transformations or any other [[wikipedia:Network_address_translation|NAT]] traversal solutions on your network firewall unless you completely understand the implications of doing so. Ipbx is capable of handling far-end NAT traversal by setting the peer option to '''NAT''' in the channels configuration. |
- | It is highly recommended to have a public IP address available for your server if using SIP trunking or if you intend to connect SIP phones over the public internet. | + | This applies particularly to Sonicwall 'SIP Transformations' and Netscreen/Juniper 'SIP ALG' settings. |
+ | |||
+ | It is highly recommended to have a public IP address available for your server if using SIP trunking or if you intend to connect SIP phones over the public internet. If you are using a private IP address or a combination of private IP address and public IP (multi-homed), then make sure the External IP Address '''externip''' value of your SIP General Settings is set to your PUBLIC IP address and that you define '''localnet''' parameter to include your VoIP LAN. | ||
+ | |||
+ | Example: | ||
+ | |||
+ | externip = 96.36.113.110 | ||
+ | localnet = 192.168.33.0/255.255.255.0 | ||
=== IAX2 Protocol === | === IAX2 Protocol === | ||
Line 24: | Line 31: | ||
[[wikipedia:IAX2|IAX2 Protocol]] [[wikipedia:User_Datagram_Protocol|UDP]] 4569 | [[wikipedia:IAX2|IAX2 Protocol]] [[wikipedia:User_Datagram_Protocol|UDP]] 4569 | ||
+ | |||
+ | == Connecting Multiple Sites == | ||
+ | |||
+ | Whether you are connecting a couple of phones in a remote office or connecting two ipbx systems, it is always recommended to use a VPN or similar which allows control over bandwidth and use. This can prevent NAT problems and increase your security. |
Latest revision as of 17:42, 28 June 2012
It is always recommended to use a network firewall to protect your PBX from unwanted access. Please consult with your router/firewall vendor for further details.
The ipbx web interface uses standard port TCP 80 or TCP 443 (secure). It is not recommended to expose the web interface to the public internet with standard PIN based user authentication. See End User Panel Login.
Contents |
SIP Protocol
If you are planning to use a SIP trunk configure the following ports to be forwarded directly to the server:
Default Ports
SIP Protocol UDP 5060 RTP Protocol UDP 18000-20000 (default range as set in RTP configuration)
Do not use SIP transformations or any other NAT traversal solutions on your network firewall unless you completely understand the implications of doing so. Ipbx is capable of handling far-end NAT traversal by setting the peer option to NAT in the channels configuration.
This applies particularly to Sonicwall 'SIP Transformations' and Netscreen/Juniper 'SIP ALG' settings.
It is highly recommended to have a public IP address available for your server if using SIP trunking or if you intend to connect SIP phones over the public internet. If you are using a private IP address or a combination of private IP address and public IP (multi-homed), then make sure the External IP Address externip value of your SIP General Settings is set to your PUBLIC IP address and that you define localnet parameter to include your VoIP LAN.
Example:
externip = 96.36.113.110 localnet = 192.168.33.0/255.255.255.0
IAX2 Protocol
IAX2 uses a single UDP data stream to communicate between endpoints, both for signaling and data. The voice traffic is transmitted in-band, making IAX2 easier to firewall and more likely to work behind far-end NAT scenarios.
Default Port
IAX2 Protocol UDP 4569
Connecting Multiple Sites
Whether you are connecting a couple of phones in a remote office or connecting two ipbx systems, it is always recommended to use a VPN or similar which allows control over bandwidth and use. This can prevent NAT problems and increase your security.