RingCentral and Vonage - Port Trigger Rules?

  • Hi Folks,

    I have a probably dumb question for those that are much smarter than I.

    Several of my clients have started purchasing RingCentral and Vonage VOiP phones in a 1-off situation (meaning one or two per office).

    Anyways, both Vonage and Ring Central have the same requests from me - to set-up port triggering to get their service working properly behind my PFSense firewalls.

    Here is Vonage's official literature;

    Ports used by Vonage Adapters

    The following ports are used by Vonage and may need to be forwarded to your Vonage Adapter.

    SIP: Port 5061 UDP (Used to send and receive SIP information)

    RTP: Ports 10000-20000 UDP. (Used to send and receive RTP traffic) When a call is made, random ports between 10000 and 20000 are used to carry the conversation. If any of these ports are blocked, you may experience one way or no audio.

    And here is Ring Central's literature;

    Select Port Range Triggering.

    Step 4:

    Under the Application Name column, enter "RingCentral" to represent the software.

    Step 5:

    Enter the port numbers of the computer application in the required fields.

    NOTE: The range of port numbers for the RingCentral service are as follows:

    80 TCP (Registration)
    123 UDP (NTP Server)
    443 TCP (Registration and TLS)
    4000-5000 UDP (Mobile App Media)
    5060-6000 UDP –AND- TCP (Phone registration ports)
    8000-8200 UDP (RTP and SRTP Soft phone)
    8801-8802 UDP – AND- TCP (RC Meetings Signaling and RTP)
    16384-16482 UDP (RTP and SRTP Desk phone)
    20000-60000 UDP (RTP and SRTP Soft phone)

    Anyways, I understand port triggering and I understand that enterprise firewalls to NOT offer this for obvious reasons, but is there any way to go about getting these phones working behind my firewall, without simply opening these ports up?

    I did look at the PFSense VoIP setup guide, but I unfortunately don't have one of these phones to play with right now and I do not know if the SipProxyD will really stand in place of the port triggering that Ring Central and Vonage are telling me is "required" for proper operation of their phones.

    I was looking at this guide and I do see where you set the SIP outbound port (default is 5060), and the inbound RTP port range, but how can I set multiple random ranges like Ring Central is requiring??

    Anyone deal with this issue in the past, and did you ever find an appropriate solution to get these phones working behind PFSense? Vonage looks like it is fairly simple (setup Siproxd and set 5060 for the outbound SIP port and set 10000-20000 as the RTP inbound range), but Ring Central is completely confusing me right now.

    Any advice would be greatly appreciated :)

  • You don't need port forwarding.  The address of the sip device is already placed in the SIP information when the device registers.

    But you would do well to put some firewall rules in place on the WAN.  Look at your firewall states a few minutes after you connect a device.  Copy the IP address the device connects to on your port (5060, 5061 ect…)  Make the rule based on that.  You may need SIP and RTP.

    In the case of my picture you see I have one server for SIP and several for RTP from the same service.  Vonage used to do SIP and RTP from the same server.  I don't know if this is still the case or not.

Log in to reply