Awareness | Understanding network ports and firewalls settings for making SIP calls using Q-SYS
Gain an understanding of the network ports required to make a SIP call through a Q-SYS firewall.
Procedure
There are two distinct elements to a VoIP call:
- The Session Initiation Protocol (SIP), which is responsible for call negotiation, setup and teardown
- The Real Time Protocol (RTP), which transports call audio between parties.
SIP
Most phone systems will use port 5060 for non-encrypted signaling traffic, whether UDP or TCP. There may be exceptions, so check the PBX user documentation. Port 5061 is typically used for TLS encrypted traffic.
Additional information: Older versions of the Q-SYS softphone only supported UDP but current versions support UDP as well as TCP and TLS (Transport Layer Security, a protocol that runs over TCP and provides end-to-end security for SIP signaling by encrypting SIP messages that are exchanged between the Q-SYS SIP softphones and far end SIP endpoints or PBXs.
RTP
While the SIP ports used by a VoIP system are typically fixed, The RTP ports are typically dynamic. The typical RTP port range of a given system are UDP ports 10,000-30,000.
Summary
To make VoIP calls through a firewall, open:
UDP/TCP ports 5060-5061
UDP ports 10,000-30,000
This assumes the firewall is not making use if Port Address Translation (PAT). This may complicate matters with proper VoIP call transversal.