Port forwarding for Zultys phone system

Setup Zultys voicemail box using ZAC
February 8, 2023
Setup Zultys voicemail box using ZAC
February 8, 2023

Port forwarding for Zultys phone system

< Back
You are here:


This article provides necessary information to properly configure your firewall port forwarding for Zultys phone system


It’s necessary to disable SIP Application Layer Gateway ( ALG ) on your firewall to avoid problems with call negotiation and voice delivery

Information for SIP ports forwarding is provided for configuration matching configuration provided in this article. If SIP configuration on your Zultys phone system is different, adjust accordingly.

Port list

Here is a list of ports you will need to provide core functionality for users on Zultys phone system: Access to ZAC , MX Mobile , WebZAC, softphone and desk phones registration and ITSP ( SIP trunk provider) connection. This list includes ports needed for MX Admin access.

  • TCP ports: 80, 443, 5060, 5061, 7100-7156, 7505, 7778-7779, 8080*
  • UDP ports: 5060, 6060, 21000-24999, 33000-35000

| * : port 8080 should only be opened for phone provisioning and closed after provisioning is done. You can also filter access to this port by source IPs.

Port Description

TCP Ports
80HTTP port – required for web access to the phone system and to generate LetsEncrypt Certificate
443HTTPs port – required for web access, WebApps, WebZAC and WebRTC access
3306MX Report – optional , only needed if you are using MX Report from outside, highly recommended to filter by source IP for security.
5060SIP over TCP – optional but recommended to provide SIP access in some scenarios and for some devices where UDP and TLS access is not possible
5061SIP over TLS – required , this is a preferred method of SIP communication
7456MX Archive – optional, only used by MX Archive to access phone system – Releases 16 and 17
7500MX Network – optional, only needed if you have MX Network configured
7100-7156MX Admin, MX Archive and MX Report – optional, only needed with you need to use MX Admin, MX Archive versions before 16 or MX Report from outside of you network.
7505MX Admin – optional, only used by MX Admin , needed if you need to use MX Admin from outside of your network. Note: MX Admin will need TCP ports 7100-7156 to be open .
7778CSTA – required for ZAC and MX Mobile access
7779WebZAC access – optional, only needed if users need access to WebZAC
8080HTTP phone provisioning server – WARNING , this is a well known port and will come under a brute force attack if left open.
While Zultys phone system has a built in IPS and will block attempts to get phone configuration based on a MAC address, always filter access to this port by a source address or only open for a short time to provision a remote phone.
8989WebAPI – optional, only need if you are using WebAPI or for Zultys Web Chat app.
UDP Ports
5060SIP UDP port – required, this is a default SIP communication port
6060Alternative SIP UDP port – optional, but highly recommended , it’s very helpful to have an alternative SIP port in case default port is not accessible.
20000-21000RTP port – MX Network only, optional, only necessary for MX Network configuration
21000-21399RTP ports – MX-SE only, required for voice and video delivery
21000-24999RTP port – MX-E and MX-V , required for voice and video delivery
33000-35000WebRTC RTP ports, required , these ports are used by MX Mobile and ZAC softphones for voice and video delivery
Table of Contents

Leave a Reply

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply..