Firewall

IvozProvider does not currently include a firewall but…

Danger

We strongly encourage any production installation to implement a firewall to protect the platform from the wild Internet.

The protection method could be:

  • Local firewall based on iptables

  • External firewall

  • Both

Exposed ports/services

These are the ports IvozProvider needs to expose to work properly:

Client side SIP signalling:

  • Port 5060 (TCP/UDP)

  • Port 5061 (TCP)

  • Port 10080 (TCP) for Websocket connections (WS).

  • Port 10081 (TCP) for Websocket secure connections (WSS).

Provider side SIP signalling:

  • Port 5060 (TCP/UDP)

  • Port 5061 (TCP)

Note

Port 7060 (TCP/UDP) y 7061 TCP in case both proxies share a unique IP address.

RTP audioflow:

  • Port range 13000-19000 UDP

Web portal and provisioning:

  • Ports TCP 443, 1443 y 2443

Hint

We recommend using any geoIP blocking mechanism to drop connections from countries without clients.