For incoming traffic: Create a rule for all UDP- and TCP ports to Telavox net 188.8.131.52/20. This rule should have a Timeout (TTL) of at least 3720 seconds, since our phones synchronize with us every 3600 seconds.
For outgoing traffic: This does not require any rules because the session is initiated from the inside of the network.
Inactivate all ALG/SIP-functions and Application Control on the traffic to Telavox if this is in the firewall, it often does more harm than good.
Complete information about our network:
Netmask: 255.255.240.0 = 20