Configuring a Firewall for Cool Telecom voice service

Download PDF version

If you have a CoolerMaster, CoolPBX v2, v2E, CoolPBX F, or some other on site CoolPBX product, this guide will show you how to configure your firewall to allow your telephone system to communicate with Cool Telecom's Network Operations Center (NOC) as well as our upstream providers and the broader, global telecom network.
Inbound Traffic

Voice traffic and PBX remote administration may come from any of the following IP addresses so traffic from these IP address ranges need to be allowed through the firewall.

64.2.142.0/24

66.241.96.0/24

66.241.97.0/24

66.241.99.0/24

66.241.111.0/24

68.109.223.0/24

104.1.127.0/24

207.166.136.0/24

207.166.137.0/24

The IP address of any remote workers or offices will also need to be allowed, if they are to access the PBX portal.  The following assumes a network IP numbering scheme of 192.168.1.1 - 192.168.1.255. Your IP scheme may differ.

Port Forwarding 

SIP   5004-5082 ► 192.168.1.200 (UDP)

RTP 10003-20000 ► 192.168.1.200 (UDP)

ADM 10000-10002 ► 192.168.1.200 (TCP & UDP)

IAX        4569 ► 192.168.1.200 (UDP)

HTTP         80 ► 192.168.1.200 (TCP)

HTTPS       443 ► 192.168.1.200 (TCP)

SSH          22 ► 192.168.1.200 (TCP)

If ports 80 and 443 are already forwarded elsewhere, alternate port forwarding is acceptable such as 8080 (or 8088, 8888) external port forwarded to 80 internal @192.168.1.200 and 4443 (or 4444, 4433) ext. forwarded to 443 @192.168.1.200. Substitute port for SSH can be 2022 (or 2222, 2228)

The CoolerMaster PBX has its own firewall and will further restrict inbound traffic to your phone system.

Quality of Service (QoS)

SIP   5004-5082 ► Highest Priority

RTP 10003-20000 ► Highest Priority

IAX        4569 ► Highest Priority

Everything else should be set to High Priority or lower.  The voice traffic will be very low overhead, however, unless it is given highest priority your call quality could suffer.

Other Settings

SIP Passthrough filter needs to be DISABLED

SIP/ALG needs to be DISABLED 

(or ENABLED depending on the make and model of the router.)

To allow for static IP addresses for the PBX and the IP phones the DHCP range needs to EXCLUDE 192.168.1.200 through 192.168.1.255.  Ideally, highest DHCP address should be 192.168.1.199. If this is not possible, but another range is, just let us know when we install or move your system. 

For troubleshooting purposes, the DMZ may need to be temporarily set to 192.168.1.200.

For additional information, please contact Cool Telecom technical support directly at 405.928.8898 or visit http://CoolTele.com/help.

  • firewall, port forwarding, router configuration
  • 26 Users Found This Useful
Was this answer helpful?

Related Articles

How to obtain your Cisco phone's IP address

To obtain your Cisco phone's IP address, please follow the instructions for your particular...

How to reboot your PBX (phone system)

You can reboot your PBX via the Cool Telecom web site, your PBX's web interface or manually with...

How to reboot your modem and router

Step 1: Locate your modem and unplug it briefly. Most modems are about 6 inches tall standing...