Table of Contents

Firewall / Network Changes Required

To ensure the highest quality calls on celito's hosted voice system, and to prevent issues like dropped calls or one-way audio, a few changes must be made on your firewall.

These changes will need to be in place prior to the scheduled delivery of the phones. Failing to make these changes can result in call quality issues to include one-way audio, dropped calls and/or the phones not working at all. If your IT provider is unable to make the necessary changes, celito may be able to assist. We provide consulting services and can provide a quote at your request. Please email project@celito.net for additional information.

Business Networks

Required

ALLOW

Protocol Direction Ports To/From IP Explanation
TCP Out (you to celito) 5060 199.255.11.250, 50.59.242.20 and 74.113.231.146 SIP communication protocol for phones
TCP Out (you to celito) 8001 199.255.11.250, 50.59.242.20 and 74.113.231.146 Cache/proxy/websockets for web portal
UDP In and Out 11780 - 27999 199.255.11.250, 50.59.242.20 and 74.113.231.146 SIP RTP voice protocol for phones

DISABLE

Service Description
RTP packet inspection Disable packet inspection on voice packets to remove audio delay and dropped calls
SIP packet inspection Disable packet inspection on SIP packets to stop issues with dropped calls
SIP ALG and/or SIP helper SIP ALG will cause your phones to be double NAT when enabled on your network

SonicWall Only

Using SonicWall with VoIP can present a number of issues including one-way audio and dropped calls. Many VoIP providers will not support a client that is using a SonicWall due to the number of issues. It is highly recommended that you make these changes and test the system out prior to porting.

While celito does not officially support or manage SonicWall firewalls, we do have a number of clients that have gotten them working by making the following changes (in addition to the changes above).

Option Setting Notes
Firmware You must be on the newest firmware Requires a valid support contract with Dell/SonicWall
SIP Transformations Disabled
Consistent NAT Enabled
UDP Timeout 3600 Enabling this setting system-wide may cause your firewall to run out of memory. It is highly recommended you create a firewall rule that applies this UDP timeout only to traffic going to/from celitoVoice's IP addresses.

Optional

The following firewall settings are optional and may not be required for your setup. If you are switching to celito from another VoIP provider, making these changes prior to switching to celito voice may cause problems with your current setup.

Voice Prioritization (QoS)

In order to prevent call quality issues to include dropped calls we suggest setting up voice prioritization on your firewall. You can also dedicate part of your internet connection to your voice traffic which also helps with call quality. See the VLAN for additional details.

VLAN

Setting up a VLAN in your network is not necessary to use the phones, but doing so will separate your voice traffic from your computer traffic which can help prevent audio quality issues. If you have configured a voice VLAN in your network then you must provide the VLAN details to celito so that we can add the configuration to your phones. The following configuration options are available; please let celito know which option you're using:

Option Current VLAN Configuration Details
1 CDP is enabled within your network (Recommended option) CDP discovery will be enabled. Phones will work outside of your network.
2 LLDP-MED is enabled within your network LLDP-MED discovery will be enabled. Phones will work outside of your network.
3 DHCP VLAN Option 132 Configure DHCP option 132 as a string. Set the string value to your VLAN ID. Phones will work outside of your network.
4 Voice VLAN is configured but without CDP or LLDP services VLAN ID will be hardcoded on phones. Phones will not work outside of your network. Phones will not work if your VLAN is configured improperly or if a phone is plugged in to a switchport that isn't configured for your VLAN. If using this option then the VLAN ID must be provided to celito prior to the phones being delivered, or the phones must be able to temporarily use the default VLAN in order to retrieve the updated config with the VLAN details.

Automatic Provisioning

Polycom Automatic Provisioning

Cisco SPA Automatic Provisioning

Home Networks

These changes must be made on the modem provided by your internet provider, as well as on your router or firewall. Depending on your setup you may have only one device, or you may have both. It may be necessary to call Time Warner/AT&T/etc. to have it disabled on the modem itself.

DISABLE

Service Description
RTP packet inspection Disable packet inspection on voice packets to remove audio delay and dropped calls
SIP packet inspection Disable packet inspection on SIP packets to stop issues with dropped calls
SIP ALG and/or SIP helper SIP ALG will cause your phones to be double NAT when enabled on your network
SPI Firewall (modem only) Disable the built-in firewall on the modem (it is recommended that you have an additional firewall behind the modem)