====== Firewall / Network Changes Required ======
To ensure the highest quality calls on celito's hosted voice system, and to prevent issues like dropped calls or one-way audio, a few changes must be made on your firewall.
These changes will need to be in place prior to the scheduled delivery of the phones. Failing to make these changes can result in call quality issues to include one-way audio, dropped calls and/or the phones not working at all. If your IT provider is unable to make the necessary changes, celito may be able to assist. We provide consulting services and can provide a quote at your request. Please email project@celito.net for additional information.
===== Business Networks =====
==== Required ====
===ALLOW===
^ Protocol ^ Direction ^ Ports ^ To/From IP ^ Explanation ^
| TCP | Out (you to celito) | 5060 | 199.255.11.250, 192.151.137.162 and 74.113.231.146 | SIP communication protocol for phones |
| TCP | Out (you to celito) | 8001 | 199.255.11.250, 192.151.137.162 and 74.113.231.146 | Cache/proxy/websockets for web portal |
| UDP | In and Out | 11780 - 27999 | 199.255.11.250, 192.151.137.162 and 74.113.231.146 | SIP RTP voice protocol for phones |
===DISABLE===
^ Service ^ Description ^
| RTP packet inspection | Disable packet inspection on voice packets to remove audio delay and dropped calls |
| SIP packet inspection | Disable packet inspection on SIP packets to stop issues with dropped calls |
| SIP ALG and/or SIP helper | [[what_is_sip_alg|SIP ALG]] will cause your phones to be double NAT when enabled on your network |
====SonicWall Only====
Using SonicWall with VoIP can present a number of issues including one-way audio and dropped calls. Many VoIP providers will not support a client that is using a SonicWall due to the number of issues. **It is highly recommended that you make these changes and test the system out prior to porting.**
While celito does not officially support or manage SonicWall firewalls, we do have a number of clients that have gotten them working by making the following changes (in addition to the changes above).
^ Option ^ Setting ^ Notes ^
| Firmware | You must be on the newest firmware | Requires a valid support contract with Dell/SonicWall |
| SIP Transformations | Disabled | |
| Consistent NAT | Enabled | |
| UDP Timeout | 3600 | Enabling this setting system-wide may cause your firewall to run out of memory. It is highly recommended you create a firewall rule that applies this UDP timeout only to traffic going to/from celitoVoice's IP addresses. |
===== Optional =====
The following firewall settings are optional and may not be required for your setup. If you are switching to celito from another VoIP provider, making these changes prior to switching to celito voice may cause problems with your current setup.
==== Voice Prioritization (QoS) ====
In order to prevent call quality issues to include dropped calls we suggest setting up voice prioritization on your firewall. You can also dedicate part of your internet connection to your voice traffic which also helps with call quality. See the VLAN for additional details.
==== VLAN ====
Setting up a VLAN in your network is not necessary to use the phones, but doing so will separate your voice traffic from your computer traffic which can help prevent audio quality issues. If you have configured a voice VLAN in your network then you must provide the VLAN details to celito so that we can add the configuration to your phones. The following configuration options are available; please let celito know which option you're using:
^ Option ^ Current VLAN Configuration ^ Details ^
| 1 | CDP is enabled within your network (Recommended option) | CDP discovery will be enabled. Phones will work outside of your network. |
| 2 | LLDP-MED is enabled within your network | LLDP-MED discovery will be enabled. Phones will work outside of your network. |
| 3 | DHCP VLAN Option 132 | Configure DHCP option 132 as a string. Set the string value to your VLAN ID. Phones will work outside of your network. |
| 4 | Voice VLAN is configured but without CDP or LLDP services | VLAN ID will be hardcoded on phones. Phones **will not** work outside of your network. Phones **will not** work if your VLAN is configured improperly or if a phone is plugged in to a switchport that isn't configured for your VLAN. If using this option then the VLAN ID must be provided to celito prior to the phones being delivered, or the phones must be able to temporarily use the default VLAN in order to retrieve the updated config with the VLAN details. |
==== Automatic Provisioning ====
=== Yealink Automatic Provisioning ===
* Enable the following option on your DHCP server:
^ DHCP Option ^ Value (String) ^ Description ^
| 128 | http://ndp1-rdu.celitovoice.net/cfg | \\ This is not be required if the phone was purchased from celito. Automatically points a Yealink phone to celito for provisioning. |
=== Polycom Automatic Provisioning ===
* Enable the following option on your DHCP server:
^ DHCP Option ^ Value (String) ^ Description ^
| 160 | http://ndp1-rdu.celitovoice.net/cfg | Automatically points a Polycom phone to celito for provisioning |
=== Cisco SPA Automatic Provisioning ===
* Enable the following option on your DHCP server:
^ DHCP Option ^ Value (String) ^ Description ^
| 066 | http://ndp1-rdu.celitovoice.net/cfg/spa$MA.cfg | Automatically points a Cisco/Linksys SPA to celito for provisioning |
===== Home Networks =====
These changes must be made on the modem provided by your internet provider, as well as on your router or firewall. Depending on your setup you may have only one device, or you may have both. It may be necessary to call Time Warner/AT&T/etc. to have it disabled on the modem itself.
===DISABLE===
^ Service ^ Description ^
| RTP packet inspection | Disable packet inspection on voice packets to remove audio delay and dropped calls |
| SIP packet inspection | Disable packet inspection on SIP packets to stop issues with dropped calls |
| SIP ALG and/or SIP helper | SIP ALG will cause your phones to be double NAT when enabled on your network |
| SPI Firewall (modem only) | Disable the built-in firewall on the modem (it is recommended that you have an additional firewall behind the modem) |
===== Related Articles =====
{{topic>firewall troubleshooting new_client sip_alg}}
{{tag>firewall troubleshooting new_client sip_alg}}