NAT / ALG
NAT (Network Address Translation) is a technology most commonly used by firewalls and routers to allow multiple devices on a LAN with 'private' IP addresses to share a single public IP address.
However, NAT implementations often do not work correctly with SIP based VoIP solutions. While our hosted phone system will work with most routers without requiring any changes to be made, if you find you are having problems such as one-way audio (ie. the caller can hear the callee but not vice-versa), or call signalling (incoming calls work, but outgoing do not), you may need to alter your router configuration. This is usually due to a function on your router called a SIP ALG (Application Level Gateway) which you may need to disable.
Please refer to your manufacturers documentation on how to disable your SIP ALG.
Firewall Settings
Not all firewalls will support these settings, but as a general rule, if you are having firewall issues, these settings should clear those issues:
UDP Port Timeout: Increase UDP timeout to 240 seconds
SIP can use either TCP or UDP and our keep alive messages arrive every 180 seconds. When using UDP, a very short UDP port timeout will cause phones to be unable to receive inbound calls because the firewall has closed the port we are sending the call. Setting the UDP port timeout to anything between 210 and 300 seconds will alleviate that issue.
In addition, if you can, turn on Consistent NAT. This helps the device to have the same external port opened every time it connects. In this way, if the UDP port does timeout, the next time the phone makes an outbound call that original port is re-opened and will allow the next inobound call to successfully arrive.
Access Control
Network administrators must ensure that the following ports are available and not blocked by firewalls. If these ports are not opened (ie. a firewall is blocking them), your phones will not function correctly.
| Domain Name | Ports | Function |
|---|---|---|
| siphelp.atlasisp.net | TCP 80, 443 | Device provisioning |
| sip[x].atlasisp.net | TCP 80, 443 | Device provisioning |
| cloud50.atlas-comms.com | TCP 80, 443 | Help files |
| sip[x].atlasisp.net | TCP/UDP 5060-5062 | SIP Signalling |
| sip[x].atlasisp.net | UDP 16384-32768 | RTP (Audio) |
| sip[x].atlasisp.net | TCP/UDP 5090 | Voice Quality Monitoring |
| 0.uk.pool.ntp.org | UDP 123 | NTP or Network Time Protocol |
On some firewalls the SIP ALG will automatically map inbound ports which bypass the normal firewall controls when it sees outbound SIP traffic. As every firewall manufacturer implements their SIP ALG differently, you will need to check your manufacturers documentation for further information on your firewalls specific behaviour if you have the SIP ALG enabled.
UDP Fragmentation
In some instances the size of the UDP packets transmitted between the platform and customer handsets will exceed the default 1500 byte payload, when this happens packet fragmentation will occur. It is the responsibility of the customer to ensure that any in path CPE is able to support UDP fragmentation. It is also advised that a check is made to confirm that any further applications/functions running on the CPE do not interfere with the reassembly of fragmented UDP packets.
If UDP fragmentation is not allowed on CPE network devices the following features may not function correctly.
- BLF (Busy Lamp Field)