Firewall and network

Author FAQ Team

Last updated: July 8th, 2024 by Linda Heiskanen

For outgoing traffic:

Create a rule for all UDP and TCP ports for Telavox networks  

For this rule, there should be a Timeout (TTL) of at least 3720 seconds, as our phones contact us every 3600 seconds. If you can not increase your TTL, contact our support and we can reduce the registration interval on the extension to 120 seconds.

For incoming traffic:

No rules are needed here because the session is initiated from within the network. If the traffic to Telavox is in the firewall, disable all ALG / SIP functions, Application Control, and IPS/IDS/IDP. These usually do more harm than good.

Complete information about our network:


Netmask: = 20T






Hosts / Net: 4094

Terminals and provisioning

The following IP/ranges and ports need to be open for the zero-touch provisioning to work.

Gigaset redirect server - ( Port: 80, 443 - ( Port: 80, 443 - ( Port: 80, 443

Yealink redirect server
IP: Port: 443
IP: Port: 443
More info

Snom redirect server
IP: Port: 80, 443

Grandstream redirect server
IP: Port: 443

Akuvox redirect server
IP: Port: 80, 443, 8080

Fanvil redirect server
IP: Port: 80, 443

Poly redirect server
Hostname: Port: 443
More info

Telavox provisioning server:

Gigaset: Port80

Gigaset IP PRO: Port: 1449

Yealink: Port: 442

Snom: Port447

Grandstream: Port1446

Akuvox: Port1445

Fanvil: Port1448

Poly: Port: 450


Below are the protocols used by equipment supplied by Telavox, as well as a description of their function. Different terminal types use different protocols, e.g. HTTPS is preferred for downloading software over e.g. TFTP and HTTP, but in cases where the terminal does not support HTTPS, one of the others is used.

Telavox does not recommend blocking traffic to and from terminals based on ports and/or protocols but rather chooses to trust all traffic to and from Telavox networks. Telavox also does not undertake to use only the protocols below for the future, so a restriction of permitted traffic through firewalls based on the following risks affecting delivered services in the event that the specification below changes. Note that the ports listed in all cases are receiver ports, as a rule rather than exceptions, the equipment uses randomly selected sender ports.

File Transfer Protocol, RFC959, TCP ports 21 and 20. Used to download terminal configuration and software.

Domain Name Server, RFC1035, TCP / UDP port 53. DNS functionality is part of a working IP network, and the terminals provided by Telavox will not work unless they have access to a working DNS. If the DNS is located outside the firewall, the firewall must allow the terminals to look it up.

Our provisioned phones are configured with Google's DNS and

Hyper Text Transfer Protocol, RFC2616, TCP port 80. Used to download terminal configuration and software. No specific configuration is normally required for HTTP to work satisfactorily as this is one of the most commonly used protocols on the Internet.

Hyper Text Transfer Protocol over Secure Socket Layer, RFC2818, TCP port 443. Used to download terminal configuration and software.

Trivial File Transfer Protocol, RFC1350, UDP port 69 and dynamically allocated ports for data transfer. Used to download terminal configuration and software.

Simple Network Time Protocol, RFC1305 / RFC1361, UDP port 123. Used to set the time/clock in the terminal.

Session Initiation Protocol, RFC3261, UDP port 5060. Used to hook up and down calls. SIP traffic runs between our SIP server and the phone. This is by far the most important protocol for your telephony to work.

Real-Time Transfer Protocol, RFC1889, UDP port 1024-65535. The audio stream between the terminal and the phone during a call flows as RTP. The port used is randomized when a call is initiated. All terminals supplied by Telavox use symmetrical RTP, which means that the receiver and sender port for the RTP stream are the same for both incoming and outgoing audio streams. This means that the audio stream that goes from the terminal to us opens the session in the firewall to allow an incoming voice stream over the same session.

Secure Real-Time Transfer Protocol. The call is still transported over UDP, but both parties exchanged keys during the connection in the SIP dialogue to enable encryption. 

Real-Time Control Protocol, RFC3550, UDP port 1024-65535. Some terminals generate RTCP packets that are used in communication between RTP endpoints to convey local statistics and call data, such as information about jitter and any packet losses. This is selected as the RTP port + 1, i.e., if the RTP stream passes port 12480, RTCP will use UDP port 12481.

WSS web socket
WSS is used by our softphone "Telavox desktop" and uses port 8443 against "push servers" and port 443 for SIP.