Firewall Settings with Digitcom SIP Trunks
Port forward all outside traffic coming in on port-5060 (UDP/TCP) to the IP address of the IP office.
- Please ensure that only Digitcom’s IP Subnets 22.214.171.124/24 and 126.96.36.199/24 are port forwarded on your firewall to your IP Office to prevent unauthorized access from any other internet IP addresses.
- Please open RTP ports for audio. Please note, default IP Office ports should be 46,750 – 50,750. Otherwise, check your PBX for audio ports.
- Please make sure that there is no SIP inspection/SIP Transformations enabled depending on your firewall.
- Please turn off ALG (Application Layer Gateway).
For more information about Firewall settings and SIP, Please visit this page: Routers SIP ALG.
- If you are using a Cisco Firewall, type the following commands:
- No ip nat service allow-sip-even-RTP-port
- No ip nat service sip tcp port 5060
- No ip nat service sip udp port 5060
Please refer to this page: Routers SIP ALG.
If you are using a Sonic Firewall, do the following settings and refer to the website link for reference
- Uncheck Enable SIP Transformations.
- Create inbound firewall/NAT rules for the ports you need.
- Try turning off Consistent NAT and configuring outbound NAT policies for your traffic, using the same port numbers as for the inbound traffic, for example, UDP 5060 for SIP Signaling.
Website Link: http://www.voipmechanic.com/sonicwall-voip.htm
There are typically two VOIP profiles on a factory shipped Fortinet firewall. You may need to disable both profiles to fully stop the ALG. Use the following commands:
config voip profile
set status disable