Firewall Recommendations

Command|Link SDWAN|Link and Security|Link services are preconfigured to work optimally with our voice offerings, but if you are using your own network, here are some technical details and recommendations.

Command|Link phones are set to DHCP, and require a working gateway and DNS server.  They will pickup a voice VLAN if configured on the switch.  We have carrier-grade Sessions Border Controllers that will handle NAT.

Quick Start

A typical firewall or router with common settings should normally work without issue.  Generally we just ask that you allow all outbound access to 208.69.232.0/23, disable any SIP ALG, and disable UTM/NGFW/IDP towards those IPs.

Settings

  • Disable any SIP ALG on your firewall, modem, and router equipment.
  • Whitelist 208.69.232.0/23 for filtering, UTM, NGFW, and IDP.  Allow access outbound.
  • Enable DHCP with a working public DNS server, IP, Gateway, and Network mask.
    • Time Server can also be set
    • Option 66 can be set to
      • https://voice.commandlink.com/sip-ps/
      • This will allow a factory defaulted phone to automatically reach out to us.

Ports

Although we prefer you allow all ports outbound, especially to our Voice IP Ranges, you can use the list below for some common ports.  We will use the following ports:

Voice Services

  • 5465 (TCP and UDP)
  • 5060 (TCP and UDP)
  • 5061 (TCP and UDP)
  • 5100 (TCP and UDP)
  • 5101 (TCP and UDP)
  • 443 (TCP)
  • 80 (TCP)
  • 16384-32767 (UDP)

Supporting Services

  • 53 (UDP) – DNS
  • 123 (UDP) – NTP

IPs

Please allow both subnets for full geo-redundancy.

  • 208.69.232.0/24 – West
  • 208.69.233.0/24 – East