BT SIP Trunk Port configuration
If anyone can help with the following setup.
We are in the process of having a BT Sip Trunk /BTnet service installed at our business and BT have asked to have the floowing configuration setup on our Firewall I am new to Pfsense so a step by step guide would be very appreciated.
Thank you in advance
This document describes the requirements of your local area network (LAN) infrastructure to
support your BT SIP Service over BTnet.
Your SIP Trunk service provided by BT enables you to make and receive calls via your PBX
utilising your BTnet Internet access service thus providing a consolidated voice and data service.
It is important that the BT SIP Trunk service has connectivity across your internal data network so
that your PBX can communicate with our network platform to ensure consistent quality.
There is a wide range of firewalls available from a variety of manufacturers and as a result there
is no single method of configuration to achieve support of a given application. The information in
this document states the requirements of the BT SIP Trunk service however you will need to
determine the most appropriate method of configuration in-conjunction with your IT/Firewall
provider or maintainer.
The SIP service is established as an outbound session established during registration and
therefore in some instances you may find that the service will be available without the need for
any additional configuration. If however you are experiencing connectivity issues then changes
may need to be implemented on your firewall to ensure that BT’s SIP service can be accessed
from your network.
Issued by: BT Business Date 14.02.2012
Issue: v1.3 4
It is recommended that your firewall maintainer is consulted before any changes are made to
ensure that there is no potential breach to your network security or any changes invoked which
may contravene any local IT policies.
The BT SIP Trunk / BTnet service has the following requirements:
If address translation is required then SIP will only work with NAT and not PAT
The PBX will need to appear on the outside of the firewall with a RIPE IP address
Your PBX requires access to the BT SIP platform on IP address 188.8.131.52 using port
numbers 5060 to 5070.
SIP ALG must be disabled
If your router and/or firewall is “SIP Aware” / has a SIP ALG enabled, then this functionality must
be turned OFF so that the device does not interfere with any signalling.
Not all firewall configurations need ports to be opened. If your firewall is running inside to outside
rules then ports should be opened to allow access to the BT SIP service. There should be no
reason to open ports inbound on the firewall.
In order to achieve consistent voice quality the BTnet service prioritises your SIP signalling and
VoIP traffic over other traffic. In order to ensure end to end voice quality is maintained your LAN
should also prioritise this traffic.
BT’s SIP Platform has an IP address of 184.108.40.206. This address should be used to build the
policies to support prioritisation i.e. traffic to and from this address should be prioritised over other
competing traffic in your LAN infrastructure.
1. The incoming and outgoing BT SIP and VoIP (RTP) traffic should be prioritised over
other traffic though the firewall.
2. If the SIP signalling and VoIP traffic traverses your LAN (e.g. between IP phones and
PBX or between the PBX and the firewall) and competes with other traffic then it will
need to be prioritised over that other traffic.
Important Note: The SIP and VoIP (RTP) packets are not re-marked in terms of CoS, ToS,
DSCP or any other Quality of Service markings. Any received DSCP markings should be
regarded as un-trusted and not used for QoS.
Issued by: BT Business Date 14.02.2012
Issue: v1.3 5
This section identifies all the required TCP/UDP ports for correct operation.
Device Protocol Outbound Destination Destination Port
IP PBX / SIP
SIP 220.127.116.11 UDP/TCP 5060 to
IP PBX / SIP
RTP 18.104.22.168 UDP 16384 to 32766
5 Warning & Disclaimer
Your BT SIP Trunks service together with a correctly dimensioned BTnet access service has
been designed to appropriately support a quality voice service alongside the use of data. In
order to maintain the quality it is essential that the internal network components suitably support
the service for delivery of your voice calls. If this is not implemented correctly then this may
result in a degraded service. If faults are reported to BT which are found to be caused by
customer equipment (i.e. equipment which that is not part of BT’s network and which is owned or
controlled by the customer) then BT may apply a charge.
The information in this document is provided for general guidance only. It is recommended that
your firewall maintainer, switch maintainer or IT consultant is consulted on all matters relating to
your communications network including, but not limited to, PBX configuration, LAN and firewall
configuration. This is particularly important in connection with any issues which may impact on
your network security or local IT policies.