Community discussions

 
tabate47
Member
Member
Topic Author
Posts: 435
Joined: Wed Mar 13, 2013 5:23 am
Location: Los Angeles

Need Some Help with Firewall

Thu Mar 21, 2019 7:45 am

I need to make sure the network will allow the following. Can someone help me on how to get this done? Thanks.

Basic Firewall information for Nextiva Services:

• Access rules should cover the IP addresses of 208.73.144.0/21 OR 208.73.144.0 – 208.73.151.255, as well as 208.89.108.0/22 OR 208.89.108.0 – 208.89.111.255
• Allow all UDP and TCP traffic to and from these addresses. Set any UDP timeout to 90 seconds
• Ports 1024 – 65535 need to be opened up for both TCP and UDP
o UDP is for registrations and audio
o TCP is for registrations only
 Note: Most phones will usually register in the 5050 – 5090 range with us, but some phones “randomize” their ports, which is the reason for opening it up wide.
• If possible, request bandwidth allocation to those addresses, 100kbps upload and download are necessary per phone to ensure consistent and clear audio quality
o If possible, mark traffic with DSCP 46 / Class of Service 6
• Disable SIP ALG (SIP Transformations) on the router
• Disable Stealth Mode
• Enable Multicast Support
Fax IP Ranges (Only if a Fax Bridge is on site)
Allow all traffic outbound through port 443 (TCP and UDP) to IP RANGE: 69.43.151.128 - 69.43.151.254. We may also need IP: 64.38.245.109
 
anav
Forum Guru
Forum Guru
Posts: 2894
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Need Some Help with Firewall

Thu Mar 21, 2019 2:10 pm

You dont need a firewall, you just need an open door for anyone to hack errrr use your services.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
flynno
Member Candidate
Member Candidate
Posts: 238
Joined: Wed Aug 27, 2014 8:11 pm

Re: Need Some Help with Firewall

Thu Mar 21, 2019 3:39 pm

Open Terminal on router and paste firewall rules below
/ip firewall address-list add list=Nextiva address=208.73.144.0/21 comment="Nextiva IP Range 208.73.144.0/21"
/ip firewall address-list add list=Nextiva address=208.89.108.0/22 comment="Nextiva IP Range 208.89.108.0/22"
/ip firewall filter add chain=input src-address-list=Nextiva action=accept comment="Nextiva allow"

Go to IP firewall services and disable SIP or open terminal and paste below
/ip firewall service-port disable sip
 
tabate47
Member
Member
Topic Author
Posts: 435
Joined: Wed Mar 13, 2013 5:23 am
Location: Los Angeles

Re: Need Some Help with Firewall

Thu Mar 21, 2019 5:37 pm

Thanks. Does this also open ports 1024 – 65535? Does it do both tcp and udp? Do I need to do anything on the nat section of the router, or just the

Who is online

Users browsing this forum: No registered users and 51 guests