Firewall
IvozProvider does not currently include a firewall but…
Danger
We strongly encourage any production installation to implement a firewall to protect the platform from the wild Internet.
The protection method could be:
Local firewall based on iptables
External firewall
Both
Exposed ports/services
These are the ports IvozProvider needs to expose to work properly:
Client side SIP signalling:
Port 5060 (TCP/UDP)
Port 5061 (TCP)
Port 10080 (TCP) for Websocket connections (WS).
Port 10081 (TCP) for Websocket secure connections (WSS).
Provider side SIP signalling:
Port 5060 (TCP/UDP)
Port 5061 (TCP)
Note
Port 7060 (TCP/UDP) y 7061 TCP in case both proxies share a unique IP address.
RTP audioflow:
Port range 13000-19000 UDP
Web portal and provisioning:
Ports TCP 80, 443, 1443, 2443 and 3443
Port 9090 (TCP) for the click2call service (HTTPS)
Hint
We recommend using any geoIP blocking mechanism to drop connections from countries without clients.