Page tree
Skip to end of metadata
Go to start of metadata

Port Forwarding

It is almost never necessary to forward ports.  Forwarding ports exposes you to critical security risks that could cost you hundreds of thousands of dollars.  

Don't do it unless you really understand what you are doing.

Firewall Settings

If your router comes with a SIP ALG option or any other kind of SIP helper option, it is almost always better to TURN IT OFF.

 If your router has an option for consistent NAT, turn it ON.

If your router has an option for NAT expiration times, increase it to 120 seconds.

Quality of Service Settings

You should, however, configure your router to give priority to VOIP Traffic:

If your router permits, you can just give priority to traffic that goes to or from the internal IP address of your PBX.  If possible, give your PBX a guaranteed bandwidth equal to 130 kb/s in each direction for each concurrent phone call you want to be able to handle.

Alternatively, you may configure your router to give priority to the following types of traffic:

  • UDP Traffic on Port 4569 (for IAX2 signalling and voice traffic)
  • UDP Traffic on Port 5060 (for SIP signalling)
  • UDP Traffic on Ports 10000 to 20000 (for SIP voice traffic)

DO NOT FORWARD ALL TRAFFIC ON THESE PORTS TO YOUR PBX!!

  • No labels

1 Comment

  1. It is almost never necessary to forward ports

    If the SIP provider delivers SIP media from a different host than the signalling, then it is necessary to port forward the SIP ports to the PBX. There are many providers that do this, so I'm not sure it is accurate to day 'almost never necessary'.