Which IPs should I whitelist in my firewall?

Which IPs should I whitelist in my firewall?

If you use a firewall that limits access from and/or to certain IPs, please whitelist the IP ranges listed below for both TCP and UDP.

  Subnet   Start IP   End IP
  185.19.236.0/22     185.19.236.0         185.19.239.255  
   
  Service     Port number
  SIP   5060 UDP  
  5060 TCP  
  5061 TLS 
  RTP     ANY PORT - UDP 
  Provisioning

  https://dm.yealink.com
  https://api-dm.yealink.com
  https://rps.yealink.com

  51.11.241.228
  20.19.96.56
  20.242.144.0
  20.242.144.1
  52.71.103.102
  35.156.148.166
  106.15.89.161
  47.75.58.202
  47.89.187.0

  80 TCP  
  80 TLS  
  443 TCP  
  443 TLS
  443 UDP 
  Fonzie C2D + SIP calling   116.203.206.88
  116.203.244.240
  WebRTC 8088-8089/TCP
  RTP 10000-60000/UDP
  websockets.myfonzer.com of 116.203.115.89 port 4343
  88.198.109.252 port 1323 (Yealink phonebook)

Do not forget: Disable SIP Application Layer Gateway (SIP ALG).

One last thing to check in the firewall is to allow fragmented packets. If we send packets of more than 1500 bytes, they will be sent in a fragmented way. Not all firewalls allow fragmented packets and this should also be checked.

  • Disable SPI (Stateful Packet Inspection).
  • Disable Strict Security in the Firewall options.
  • MTU size 1500
  • Port Closing Time 20 ms
  • NAT timer + 300sec
And of course a stable Internet: