====== Firewall/Network Configuration ======
The **ring-u** average customer has a consumer-oriented router and everything "just works."\\ 
This page is for customers with advanced needs and professional networking gear and experience.\\ 
Also take a look at:\\ 
[[ideal-network-setup|Ideal Network Setup]]\\ 
[[routersthatshouldnotbeused|Routers with Known Issues]]\\ 
[[networking-disasters|Networking Disasters]]\\ 

===== Basic level =====
If your router, firewall or access points have rules for blocking VoIP traffic, often called "SIP ALG" or "SIP Traffic" and you are having issues, turn them off. You might have to create a rule that "allows UDP traffic" outbound. Your **ring-u** Hello Hub must be allowed to communicate via UDP and TCP to the internet in order to work. [[disablesipalg|How to Disable SIP ALG on Popular Routers]] 

===== Advanced level =====
Some firewalls require specific lists of allowed IP addresses and ports to connect to. This can get tricky, and the IP addresses involved my change. If your network security needs are high, consider a separate network (physical or VLAN) for your phone system. For basic system control and operations, the following are fairly consistent with most configurations:

^IP^Type^Port(s)^Description
|50.116.32.101|TCP|443,2211|**ring-u operations**|
|2600:3c02::f03c:91ff:fe24:fdf0|TCP|443,2211|**ring-u operations**|
|192.76.120.10|UDP,TCP|5060-5080|Upstream Provider SIP|
|192.76.120.66|UDP,TCP|5060-5080,3478,5349|Upstream Provider SIP/STUN&TURN|
|52.112.66.139|UDP,TCP|5060-5080|Upstream Provider SIP|
|2603:1037:0:c::f|UDP,TCP|5060-5080|Upstream Provider SIP|

If you are using certain advanced configurations for remote extensions/phones you may need to add. Ask if you need this one, it is not common. 
^IP^Type^Port(s)^Description
|198.74.53.36|UDP,TCP|5060-5080|VPN|
|2600:3c02::f03c:91ff:fe30:7233|UDP,TCP|1194|VPN|

Due to the nature of SIP/VoIP traffic, actual call connections use a variety of UDP ports. 
It's best to **allow all outbound UDP traffic** from your Hello Hub. In this example: 192.168.1.210 is a Hello Hub and three calls in a row
   192.168.1.210:14422 to 64.16.248.238:19192
   192.168.1.210:25250 to 64.16.248.98:31282
   192.168.1.221:5088 to 52.112.67.11:24251
   
=====Specialized Firewalls=====
For higher end firewalls, please observe manufacturers' best practices.\\ 
**Untangle** [[https://support.untangle.com/hc/en-us/articles/202671703-VoIP-Deployment-Models-and-Troubleshooting-Guide|settings]]\\ 
**SonicWall** [[https://www.sonicwall.com/support/knowledge-base/how-to-configure-voip-to-use-any-voip-phone-system-best-practices/210615132522720/|settings]]\\
**Cisco Meraki** [[https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/VoIP_on_Cisco_Meraki%3A_F.A.Q._and_Troubleshooting_Tips|vlan settings]] and [[https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Block_Listing_and_Allow_Listing_Clients|allow list settings]]
===== Need more? =====
**ring-u** was founded by some very technical folks, please contact tech support if you need specific help with your network configuration.