BT SIP Trunk Port configuration

  • If anyone can help with the following setup.
    We are in the process of having a BT Sip Trunk /BTnet service installed at our business and BT have asked to have the floowing configuration setup on our Firewall I am new to Pfsense so a step by step guide would be very appreciated.
    Thank you in advance

    1 Overview
    This document describes the requirements of your local area network (LAN) infrastructure to
    support your BT SIP Service over BTnet.
    Your SIP Trunk service provided by BT enables you to make and receive calls via your PBX
    utilising your BTnet Internet access service thus providing a consolidated voice and data service.
    It is important that the BT SIP Trunk service has connectivity across your internal data network so
    that your PBX can communicate with our network platform to ensure consistent quality.
    2 Firewalls
    There is a wide range of firewalls available from a variety of manufacturers and as a result there
    is no single method of configuration to achieve support of a given application. The information in
    this document states the requirements of the BT SIP Trunk service however you will need to
    determine the most appropriate method of configuration in-conjunction with your IT/Firewall
    provider or maintainer.
    The SIP service is established as an outbound session established during registration and
    therefore in some instances you may find that the service will be available without the need for
    any additional configuration. If however you are experiencing connectivity issues then changes
    may need to be implemented on your firewall to ensure that BT’s SIP service can be accessed
    from your network.
    Issued by: BT Business Date 14.02.2012
    Issue: v1.3 4
    3 Recommendations
    It is recommended that your firewall maintainer is consulted before any changes are made to
    ensure that there is no potential breach to your network security or any changes invoked which
    may contravene any local IT policies.
    Network Routing
    The BT SIP Trunk / BTnet service has the following requirements:
    If address translation is required then SIP will only work with NAT and not PAT
    The PBX will need to appear on the outside of the firewall with a RIPE IP address
    Your PBX requires access to the BT SIP platform on IP address using port
    numbers 5060 to 5070.
    SIP ALG must be disabled
    If your router and/or firewall is “SIP Aware” / has a SIP ALG enabled, then this functionality must
    be turned OFF so that the device does not interfere with any signalling.
    Not all firewall configurations need ports to be opened. If your firewall is running inside to outside
    rules then ports should be opened to allow access to the BT SIP service. There should be no
    reason to open ports inbound on the firewall.
    In order to achieve consistent voice quality the BTnet service prioritises your SIP signalling and
    VoIP traffic over other traffic. In order to ensure end to end voice quality is maintained your LAN
    should also prioritise this traffic.
    BT’s SIP Platform has an IP address of This address should be used to build the
    policies to support prioritisation i.e. traffic to and from this address should be prioritised over other
    competing traffic in your LAN infrastructure.
    In particular:
    1. The incoming and outgoing BT SIP and VoIP (RTP) traffic should be prioritised over
    other traffic though the firewall.
    2. If the SIP signalling and VoIP traffic traverses your LAN (e.g. between IP phones and
    PBX or between the PBX and the firewall) and competes with other traffic then it will
    need to be prioritised over that other traffic.
    Important Note: The SIP and VoIP (RTP) packets are not re-marked in terms of CoS, ToS,
    DSCP or any other Quality of Service markings. Any received DSCP markings should be
    regarded as un-trusted and not used for QoS.
    Issued by: BT Business Date 14.02.2012
    Issue: v1.3 5
    4 Ports
    This section identifies all the required TCP/UDP ports for correct operation.
    Device Protocol Outbound Destination Destination Port
    IP PBX / SIP
    Trunking Gateway
    SIP UDP/TCP 5060 to
    IP PBX / SIP
    Trunking Gateway
    RTP UDP 16384 to 32766
    5 Warning & Disclaimer
    Your BT SIP Trunks service together with a correctly dimensioned BTnet access service has
    been designed to appropriately support a quality voice service alongside the use of data. In
    order to maintain the quality it is essential that the internal network components suitably support
    the service for delivery of your voice calls. If this is not implemented correctly then this may
    result in a degraded service. If faults are reported to BT which are found to be caused by
    customer equipment (i.e. equipment which that is not part of BT’s network and which is owned or
    controlled by the customer) then BT may apply a charge.
    The information in this document is provided for general guidance only. It is recommended that
    your firewall maintainer, switch maintainer or IT consultant is consulted on all matters relating to
    your communications network including, but not limited to, PBX configuration, LAN and firewall
    configuration. This is particularly important in connection with any issues which may impact on
    your network security or local IT policies.