How to open my firewall for VoIP?
A VoIP phone system offers your company voice and video calling, presence, business phone system functions, IM, and other communications features. But if your office network is improperly configured, these leading features might not work at all. In fact, internet problems can stop VoIP calls from even taking place.
Your office internet connection is likely controlled by a series of routers, gateways, or intermediary devices. These devices help implement logistics and security in your office network, but they can sometimes interfere with internet-based services such as VoIP.
Many out-of-the-box router features can unintentionally disrupt VoIP traffic. SIP ALGs and NAT/firewall settings can make it impossible to initiate or receive VoIP calls altogether. However, forwarding router ports and disabling SIP ALG can stop call quality problems from happening.
Ensure Call Connectivity with Optimal Router Settings
All VoIP calls are made via the internet. The internet itself is comprised of routers, gateways, and other devices that engage in traffic routing and security. But not all of the traffic on the internet is processed the same way. There are 65+ major application protocols, such as HTTP, FTP, and IM, that comprise all the traffic on the internet. Each protocol is treated differently by your router.
SIP (Session Initiation Protocol) and RTP (Real-time Transport Protocol) are the protocols used by most VoIP phone systems. SIP is known as the “signaling” portion of a call. It initiates the communication, negotiates the codecs, and sets up the general transaction of the call. RTP is the actual media content of the call. If you call your friend, RTP would transmit the sound of your friend’s voice.
Many routers come with configurations that can disrupt SIP and RTP traffic. This can lead to poor call quality and dropped calls. But there are a few ways to optimize your router for VoIP that will sidestep these issues.
Forward SIP and RTP Ports: 5060/10000-20000
A “port” is a standardized channel on a router that allows you to receive traffic from other internet users. There are 65535 ports on a traditional router. Many ports are assigned for specific traffic protocols. For instance, HTTP traffic comes through port 80. SIP traffic comes through port 5060. RTP traffic varies between phone systems, but a typical range might be 10000-20000.
If your router or computer is using NAT (Network Address Translation) or a firewall, these features might close SIP and RTP ports so that packets never reach your phone. When the proper ports are not forwarded or opened, your calls could drop altogether or fail to initiate.
Here’s how to forward SIP and RTP ports to your VoIP phone:
- Find the IP address of your router. It will typically be 192.168.1.1 or 192.168.0.1. You can verify by typing “ipconfig” (Windows) or “ifconfig” (Mac) into a terminal prompt and finding the default gateway.
- Enter IP address in a web browser and enter admin credentials. Enter the IP address of your router into a web browser window. You will be prompted for an admin username and password.
- Locate the Port Forwarding section. This section is usually found under the “Advanced” or “NAT” settings. It’s sometimes labeled “Forwarding” or “Applications and Games”.
- Create a new forwarding entry for SIP. You may need to click “Add Custom Service” or “Create Rule”. Enter the IP addresses of the device you wish to forward ports for (in this case, your VoIP phones). Enter “5060-5061” for the “Starting” and “Ending” ports to forward SIP traffic. Check “UDP” on each entry.
- Create a new forwarding entry for RTP. Make another port forwarding entry, starting at 10000 and ending at 10100. This will allow you to make 50 simultaneous calls for RTP (each call uses 2 RTP ports). Check “UDP” on each entry.
- Save each entry.
The port forwarding process is relatively similar for most routers. For more detailed instructions or information on firewall settings, consult your router’s documentation.
Turn Off SIP ALG
An Application Layer Gateway (ALG) is designed to push specified kinds of traffic across your router’s NAT and firewall. A SIP ALG is specifically designed to pass SIP traffic through your router’s NAT/firewall to reach your phones. The problem with a SIP ALG is that most SIP packets are already optimized to pass through NATs/firewalls without additional help.
Ironically, a SIP ALG can end up interfering with traffic headed for your phone. A SIP ALG can re-write SIP packet headings, which can mangle the delivery process. This can make the device you’re calling believe that your phone is not behind a NAT, when in fact it is. If an ALG disrupts a call, it can lead to incoming call failure, and phones that unregister themselves.
The SIP ALG is not fatal in and of itself. There are times when SIP ALGs won’t cause problems. However, in many cases, they are the cause of dropped calls. SIP ALGs are usually enabled by default. The process of disabling a SIP ALG varies by manufacturer. Consider your router’s documentation for more information. VoIP-Info has a fairly comprehensive guide on disabling SIP ALGs.
Keep Your Router Open for VoIP
Instant call fails, dead air, choppy sound, and other call quality issues might mean that your router is blocking or interfering with VoIP traffic. Many routers come with closed ports or SIP ALGs that can interfere with call quality. If you purchased a new router, installed new firmware, or are simply having trouble making calls, you might want to check to see if these router issues could be causing the problem.
If you find that your ports or ALG are not to blame for poor call connectivity, you can conduct further tests to pinpoint the problem. Try troubleshooting by running a ping test, traceroute, or VoIP test to see if something else is causing the issue.