Introduction
This article provides necessary information to properly configure your firewall port forwarding for Zultys phone system
Note
It’s necessary to disable SIP Application Layer Gateway ( ALG ) on your firewall to avoid problems with call negotiation and voice delivery
Information for SIP ports forwarding is provided for configuration matching configuration provided in this article. If SIP configuration on your Zultys phone system is different, adjust accordingly.
Port list
Here is a list of ports you will need to provide core functionality for users on Zultys phone system: Access to ZAC , MX Mobile , WebZAC, softphone and desk phones registration and ITSP ( SIP trunk provider) connection. This list includes ports needed for MX Admin access.
- TCP ports: 80, 443, 5060, 5061, 7100-7156, 7505, 7778-7779, 8080*
- UDP ports: 5060, 6060, 21000-24999, 33000-35000
| * : port 8080 should only be opened for phone provisioning and closed after provisioning is done. You can also filter access to this port by source IPs.
Port Description
| Ports | Description |
|---|---|
| TCP Ports | |
| 80 | HTTP port – required for web access to the phone system and to generate LetsEncrypt Certificate |
| 443 | HTTPs port – required for web access, WebApps, WebZAC and WebRTC access |
| 3306 | MX Report – optional , only needed if you are using MX Report from outside, highly recommended to filter by source IP for security. |
| 5060 | SIP over TCP – optional but recommended to provide SIP access in some scenarios and for some devices where UDP and TLS access is not possible |
| 5061 | SIP over TLS – required , this is a preferred method of SIP communication |
| 7456 | MX Archive – optional, only used by MX Archive to access phone system – Releases 16 and 17 |
| 7500 | MX Network – optional, only needed if you have MX Network configured |
| 7100-7156 | MX Admin, MX Archive and MX Report – optional, only needed with you need to use MX Admin, MX Archive versions before 16 or MX Report from outside of you network. |
| 7505 | MX Admin – optional, only used by MX Admin , needed if you need to use MX Admin from outside of your network. Note: MX Admin will need TCP ports 7100-7156 to be open . |
| 7778 | CSTA – required for ZAC and MX Mobile access |
| 7779 | WebZAC access – optional, only needed if users need access to WebZAC |
| 8080 | HTTP phone provisioning server – WARNING , this is a well known port and will come under a brute force attack if left open. While Zultys phone system has a built in IPS and will block attempts to get phone configuration based on a MAC address, always filter access to this port by a source address or only open for a short time to provision a remote phone. |
| 8989 | WebAPI – optional, only need if you are using WebAPI or for Zultys Web Chat app. |
| UDP Ports | |
| 5060 | SIP UDP port – required, this is a default SIP communication port |
| 6060 | Alternative SIP UDP port – optional, but highly recommended , it’s very helpful to have an alternative SIP port in case default port is not accessible. |
| 20000-21000 | RTP port – MX Network only, optional, only necessary for MX Network configuration |
| 21000-21399 | RTP ports – MX-SE only, required for voice and video delivery |
| 21000-24999 | RTP port – MX-E and MX-V , required for voice and video delivery |
| 33000-35000 | WebRTC RTP ports, required , these ports are used by MX Mobile and ZAC softphones for voice and video delivery |
