VoipSure Ver 1

VoipSure Ver 1

General requirements:

  • Reliable high speed Internet Connection.
  • Each user must have a unique and valid email address. The user must be able to retrieve their emails from wherever they intend using the VoIP service as onboarding information is sent to the end user via email.
  • VoIP traffic should not be subject to deep packet inspection or web filtering.
  • Ideally DHCP should be available. Please advise prior to installation if static IP Addressing is required and provide network details.
  • Please advise prior to installation if the IP Phones are to be connected to a specific VLAN and provide network details.
  • Please provide us with your SSID and PSK details if you wish to connect your VoIP device via WiFi (Yealink T54W or Grandstream WP820 only) so that phones can be configured with your WiFi details prior to dispatch.
  • SIP ALG must be disabled (also known as SIP Transformation, SIP Helper or SIP Inspection)
  • Double NAT configurations are not supported (where a router is connected behind another router creating two private networks)
  • UDP Session Timer should be set to a minimum of 180 seconds.

Firewall Rules:

Egress traffic must be permitted to the following URLs and/or IP addresses. 

Important Notes:
⚠️Services are built into Public Cloud services. Please make sure that your firewall is configured to use DNS lookups regularly. 
⚠️ Do not configure inbound firewall rules that allow direct access to handsets (SIP, HTTP UI etc). Direct traffic to the handset either directly via public IP address or via NAT may lead to the handset being compromised and open to fraud. 
⚠️ It may be necessary to speak with your ISP in this regard as the ISP may operate their own security devices in addition to your own.
⚠️ Please make sure that your firewall is configured not to use uPnP from your VOIP VLAN or network.
⚠️ If you are operating a stateless firewall make sure you have return traffic rules configured for traffic flows. Most modern firewalls are stateful and will not require any return firewall rules.

Source IP Address
URL
Source Port
Destination IP Address
Destination Port
Purpose
LAN Network or Voice VLAN
*.callswitch.net
1023 - 65535
Use the "nslookup" command to establish the IP Address of the server.

We currently use the following URLs. Your services will be hosted on one of these servers.

mt729.callswitch.net
mt850.callswitch.net
TCP 80
TCP 443
TCP + UDP 5060 - 5069
TCP 5222 - 5223
TCP 10001
TCP 10005
TCP 10007
TCP 10009
TCP 11389
TCP 11636
TCP 4000 - 4999
UDP 10000 - 20000
HTTP Config & Web GUI
HTTPS Config & Web GUI
SIP + SIP TLS
Jabber
Presence
Presence / Login Proxy
Login Proxy
Login Proxy
LDAP
LDAP (Encrypted)
T38 Fax
RTP






LAN Network or Voice VLAN
*.provisioning.callswitch.net
1023 - 65535
138.68.182.89
TCP 80
TCP 443
Provisioning






LAN Network or Voice VLAN
rps.yealink.com
rpscloud.yealink.com
1023 - 65535
52.29.124.181
3.124.165.251
52.29.124.181
3.124.165.251
51.11.241.228
20.19.96.56
20.19.96.56
20.242.144.0
20.242.144.1
TCP 80
TCP 443

Redirect to provisioning server






LAN Network or Voice VLAN
fm.grandstream.com
1023 - 65535
52.221.130.73
TCP 80
TCP 443
Redirect to provisioning server






LAN Network or Voice VLAN
filestore.callswitch.net
1023 - 65535
46.43.1.104
TCP 80
TCP 443
Phone wallpapers






LAN Network or Voice VLAN
sfu-chi.commsware.com
1023 - 65535
162.251.129.101
TCP 5222
TCP 5500
TCP 5900
TCP 8088
TCP 8181
Jabber
CallSwitch Meeting
CallSwitch Meeting
CallSwitch Meeting
CallSwitch Meeting






LAN Network or Voice VLAN

1023 - 65535
8.8.8.8
8.8.4.4
TCP + UDP 53
Google DNS






LAN Network or Voice VLAN

1023 - 65535
1.1.1.1
1.0.0.1
TCP + UDP 53
Cloudflare DNS

Web Content Filtering / HTTPS Inspection:

Please add add the following URLs to the list of permitted destinations if your organisation uses a Web Filtering service.
Please exclude the following URLs from HTTPS inspection.

*.callswitch.net/*
rps.yealink.com
rpscloud.yealink.com
fm.grandstream.com
Communicator Client:

Desktop Edition -

  1. Communicator is supported on current versions of Apple and Windows operating systems. Linux is not supported.
  2. Administrator level access is required in order to install Communicator. 
  3. If Communicator is to be used as a Soft Phone, then the host computer must be equipped with speakers and a microphone. A good quality USB communications headset is ideal.
  4. A Web Cam is required to use the Meeting feature.
  5. In order to install Communicator from an MSI package, the following are the prerequisites and must be installed before the MSI package:
Link to Windows Version
Link to Windows MSI
Link to MAC OSX Version

Mobile Edition -

  1. The Mobile version of Communicator is supported on current versions of IOS and Android (excluding Go Edition). Legacy systems such as Blackberry, Symbian or Windows Mobile are not supported.
  2. A valid user account for either the Apple App Store or the Google Play Store is needed to install Communicator onto a mobile phone.
Link to Android Version
Link to IOS Version

Power Source:

One of the following power sources is required to power an IP Telephone (or a combination thereof) -
  1. POE Switch in data cabinet (preferred)
  2. Individual Power Packs or POE Injectors

Useful Links:

SonicWall Firewalls
Sophos Firewalls ALG
DrayTek NAT
DrayTek QOS
DrayTek UDP Session Timer
BT Business Hub
MikroTik Routers
Double NAT Explanation

    • Related Articles

    • VoipSure Ver 2

      General requirements: Reliable high speed Internet Connection. Email Access - each user must have a unique and valid email address. The user must be able to retrieve their emails from wherever they intend using the VoIP service as onboarding ...

    • Cloud Hosted

      Firewall Traffic to/from to the following IP Addresses must be permitted. Source IP Address Source Port Destination IP Addresses Destination Ports LAN Network or Voice VLAN 1023 - 65535 194.50.55.0/24 194.50.56.0/24 52.29.124.181 3.124.165.251 ...