For incoming traffic:
Create a rule for all UDP- and TCP ports to Telavox net 220.127.116.11/20.
This rule should have a Timeout (TTL) of at least 3720 seconds, since our phones synchronize with us every 3600 seconds.
For outgoing traffic:
This does not require any rules because the session is initiated from the inside of the network.
Inactivate all ALG/SIP-functions and Application Control on the traffic to Telavox if this is in the firewall, it often does more harm than good.
Complete information about our network:
Netmask: 255.255.240.0 = 20