Firewall’s are a common cause of SIP registration failure with your VoIP device where the firewall blocks incoming traffic required by our SIP registration process. Remember that the process of any SIP registration comprises a sequential number of requests and challenges between your PBX or handset and YourCloudPBX as the registration server.
The underlying logic is YourCloudPBX authenticates your credentials, and secondly stores your IP address and port number at the moment of registration. When a call hits YourCloudPBX we in turn redirect that call to the last successfully registered IP address and port on your router. If your router blocks our incoming traffic, the call will fail.
Registration – Inbound only
We don’t require you to register to make an outbound call as we check your credentials on each call. Registration is merely the mechanism we use to direct incoming calls through to your router /firewall and ultimately phone or PBX (if using registration).
SIP Keep Alive
For security routers are oblivious to the requirements of SIP and by design regularly close the ports preventing YourCloudPBX from redirecting to your PBX or handset. To avoid, set your phones “Keep Alive” values to 180 seconds an interval generally well inside the period most routers close their incoming ports. This means every 3 minutes your phone updates our YourCloudPBX registration server with its latest IP address and port setting. When an incoming call is received to our network, we can be confident of your IP and port numbers.
- SIP ALG: We recommend disabling SIP ALG as most implementations outside of Juniper and Cisco incorrectly modify SIP and ultimately corrupt SIP packets rendering them unreadable causing unexpected behaviors such as registration and incoming calls failing.
- TLS: Is a reliable work around which alleviates interference caused by SIP ALG as TLS packets are encrypted ultimately preventing corruption. To use TLS set your phones or endpoints to port 5061.
- Port Forwards: We recommend port forwarding all traffic on UDP port 5060 to your device. Additionally we strongly recommend you set your firewall access control lists (ACL) to limit to traffic on 5060 to our trunking IP address (220.127.116.11) or our subnet 18.104.22.168/24. Note: we have also configured port 50600 on our end to receive SIP traffic.