Configuring your firewall for VoIP service
A firewall controls the incoming and outgoing network traffic based on an applied rule set and establishes a barrier between a trusted, secure LAN and/or WAN network(s) and the internet (not secure, nor trusted).
For Lumen® Hosted VoIP and Lumen® SIP Trunking, we recommend a LAN architecture where the voice traffic bypasses the firewall.
If you configure a firewall feature, you must allow the following traffic to pass. The IP address of the Lumen session border controller (SBC) varies and can be provided by the provisioner working the order.
The following must be allowed between all Hosted VoIP phones and the Lumen SBC (in both directions):
- Allow TCP/UDP ports 5060, 5061, and 5068 (for SIP)
- Allow UDP ports 8500–59999 (for RTP)1
- Allow UDP port 123 (for NTP)
- Allow TCP port 80 (for HTTP)
- Allow TCP port 2208 (for HTTP: Business Communicator)
- Allow TCP port 443–450 (for HTTP)
1. Some firewalls will dynamically open and close UDP ports for RTP and control signaling as required and do not need the entire range of UDP ports for RTP opened all the time. If the firewall is configured to build dynamic lists based on traffic that originated inside the firewall then it is not necessary to perform any configuration on the firewall.
Explore VoIP solutions
Add-on VoIP features
- Topics covered on this page:
