What are the required router/firewall settings?
Learn what protocols and ports need to be configured by an IT Admin on your router or firewall for your phones to work properly and consistently.
The phones need to be able to initiate outbound TCP and UDP connections to a range of GoTo Connect IP addresses on arbitrary ports. In most cases, the phone initiates these connections from within the LAN. Any allow-list-only configuration on the firewall won't work. Please be aware that these are all destination ports that the phones send traffic to. The source port for these connections can vary by phone vendor, solution, etc. Any firewall determinations based on source ports are very problematic. We strongly recommend allowing all traffic to and from our IP Blocks. Here are the specifics:
- Persistent NAT connections — Our system sends NAT keepalive packets every 30 seconds.
- HTTP (TCP port 80) and HTTPS (TCP port 443)
- SIP (UDP ports 5060 and 5061) — Multiple connections must be allowed over these ports.
- Use TCP port 5062 (TLS) if call encryption is enabled.
- All internally initiated UDP connections to ports 10,000-65,500 (RTP)
- UDP on port 123 (NTP)
- SIP ALG needs to be disabled
Most business-class firewalls can be configured to allow specific devices on the local network, such as phones, to make these connections while restricting others, such as computers, simultaneously. Ask your network administrator for help setting this up.