Firewall / NAT Checklist
If you plan on using phones or accessing Switchvox from remote clients, you must forward certain ports back to your PBX. Also, you'll need to enable the "Allow Nat Port Forwarding" option in the Server > Networking > IP Configuration section of your Switchvox Web Admin.
A good resource for documentation on how to forward ports on most routers: www.portforward.com.
Ports by Switchvox
The following ports are used by Switchvox and need to be forwarded from your firewall or router. We recommend only forwarding the ports required by your implementation. Please note, ports with a pink background are no longer used in the latest version of Switchvox; as such, you are not required to open these ports.
| Transport | Port(s) | Description |
|---|
| D-Series and P-Series Phones |
|---|
| TCP/UDP | 5060 | SIP signaling port needed for phones outside your network |
| TCP/UDP | 5061 (SIP TLS) | For SIP TLS port needed for phones outside your network, only if you are using TLS/SRTP transport option |
| UDP | 10000-20000 | RTP audio ports needed for phones outside your network |
| TCP | 443 | HTTPS port for API access |
| TCP | 80 | HTTP port for D-Series phone-firmware access |
| UDP | 5062 | Direct port access for D-Series phones for configuration (Deprecated / Not used after Switchvox 6.4) |
| Sangoma Connect/Talk Mobile |
|---|
TCP/UDP
TCP/UDP | 5060
5061 (SIP TLS) | SIP signaling ports needed for phones outside your network
TLS port needed for TLS/SRTP transport option |
| UDP | 10000-20000 | RTP audio ports needed for phones outside your network |
| TLS | 5095 | SIP signaling to cloud-fe.meet.sangoma.com to facilitate audio transfer from Switchvox to Meet when moving a call to the Meet service. |
| IP Whitelist | Sangoma Connect/Talk SIP Push/Register servers require SIP access to your PBX for the application to work correctly. If we have a restrictive firewall, please ensure that the following IPs can reach your PBX in TCP/UDP ports 5060 and 5061. For more information, please visit How to Set Up and Manage Switchvox for Sangoma Connect Mobile.
159.65.167.207
159.65.186.176
159.65.251.173
159.65.252.186
159.65.253.49 | 159.89.179.103
162.243.226.164
165.227.65.164
165.227.115.186
165.227.182.9 | 165.227.184.188
165.227.190.186
165.227.210.221
165.227.223.68
167.99.48.91 | 167.99.119.203
167.99.119.244
104.131.76.244
143.198.53.243
198.199.67.34 |
|
| Legacy Switchvox Mobile Softphones (Not recommended in 7.6.2 or later, and deprecated in 7.8.2) |
|---|
| TCP/UDP | 5060 | SIP signaling port needed for phones outside your network |
| TCP/UDP | 55062 | SIP signaling port that may be needed for Legacy Mobile Softphones |
| UDP | 10000-20000 | RTP audio ports needed for phones outside your network |
| TCP | 443 | HTTPS port for API access |
| Desktop Softphones and Switchvox Chat for Mobile |
| TCP | 443 | HTTPS port for Desktop client |
| UDP | 10000-20000 | RTP audio ports needed for phones outside your network |
| Web Portal for Admin or User |
|---|
| TCP | 80 | HTTP port for remote web |
| TCP | 443 | HTTPS port for remote web admin, user and API access |
| TCP | 5222 & 843 | Ports for using the Switchboard remotely (Deprecated / Not used after Switchvox 7.0) |
| TCP | 5269 | Port for remote XMPP access (Deprecated / Not used after Switchvox 7.0) |
| VoIP provider with T.38 Support |
| UDP | 5060 | SIP signaling port needed to connect with your VoIP provider outside of your network |
| UDP | 10000-20000 | RTP audio ports needed for phones outside your network |
| UDPTL | 4000-4999 | UDPTL ports for T.38 faxing over SIP |
| UDP | 4569 | IAX Signalling for IAX provider (Deprecated / Not used after Switchvox 7.0) |
The following ports are used by Switchvox to communicate with devices within the same network. Support does not recommend opening these ports on your router or firewall. If you need a port to be accessed from a remote network, please discuss with your IT Security team to explore options on how to limit the access.
| Transport | Port(s) | Description |
| TCP | 143 | IMAP , these ports allow customers to see their voicemail on their mail software |
| TCP | 631 | Fax Printer |
| UDP | 161 | SNMP in order to track alarms on your Switchvox with an SNMP server |
| TCP/UDP | 389 | LDAP for use when integrating your Switchvox with a network directory service |
| TCP/UDP | 638 | LDAPS for use when integrating your Switchvox with a network directory service |
Please note, the following ports are used by Switchvox for outgoing connections. Your firewall should allow connections to the Internet on these ports.
| Transport | Port(s) | Description |
| UDP | 1194 | Must be open to outgoing traffic for Digium / Switchvox Technical Support VPN with allow jumbo frames enabled |
| ICMP | (any) | ICMP to confirm connectivity to Switchvox servers (In the event that Switchvox is unable to ping, it will report a connection issue.) |
| TCP | 21 | FTP when exporting recordings or backups |
| TCP | 22 | SFTP when exporting recordings or backups |
| TCP | 25 | SMTP when Switchvox sending emails |
Firewall and Router
When reviewing your firewall or router configuration, first make sure it is up-to-date (running the latest firmware version). Secondly, check to ensure the following features are disabled. After disabling a feature, we recommend restarting the router.
- SPI (Stateful Packet Inspection)
- SIP Transformations (Sonicwall Firewalls)
- SIP ALG (SIP Application Layer Gateway)
- SIP FIXUP (Cisco Firewalls)
- ALG
- NAT Filtering
- SIP Inspection
- Smart Packet Detection
We also have accumulated a shortlist of specific 3rd party firewall settings for various makes/models that we know can cause issues with the Switchvox software.
