PBX VoIP Network and Firewall FAQ

This article outlines best practices to ensure high-quality, secure VoIP calls while minimizing network disruptions

How should I set up a VoIP network with dual ISPs?

The best practice is to dedicate one ISP for VoIP traffic and another for data traffic. This ensures voice quality by preventing congestion from general data usage. Configure your network to route VoIP traffic/devices through the VoIP ISP while data traffic/devices use the other.

If using one ISP for both VoIP and data:

Enable QoS on your router to prioritize VoIP traffic.
Allocate bandwidth specifically for VoIP to prevent interference.
Use VLANs to separate VoIP and data traffic for better performance.

Security considerations:

Open UDP 10000-20000 for RTP media traffic to/from CommPeak PBX's IP .
Limit SIP (UDP 5060, TCP 443/5060 , TLS 5061 ,WSS 8089) access only to CommPeak PBX's IP to prevent attacks.
Disable SIP ALG on routers/firewalls to avoid call issues.

Do I need to configure my home firewall for VoIP?

Most home routers support UPnP, which automatically handles VoIP traffic. If UPnP is disabled or unavailable:

Ensure outbound SIP (UDP 5060 / TCP 5060 , TLS 5061/5065 ,WSS 8089) and 10000-20000 (RTP) are allowed.
If facing one-way audio, manually forward RTP ports to your device.
Security tip: If opening ports, limit access to your CommPeak PBX's IP only.

What firewall settings are needed for business networks?

Business firewalls must explicitly allow VoIP traffic:

Allow (UDP 5060, TCP 443/5060 , TLS 5061 ,WSS 8089) to/from CommPeak PBX's IP.
Open UDP 10000-20000 for RTP media only for CommPeak PBX's IP.
Disable SIP ALG and deep packet inspection to avoid call disruptions.

If using a shared ISP, QoS is essential to prioritize VoIP traffic:

Enable QoS settings to give SIP and RTP highest priority.
Reserve bandwidth for VoIP to prevent congestion.
Monitor network usage to adjust QoS as needed.

Following these best practices ensures high-quality, secure VoIP calls while minimizing network disruptions.

❗️

IMPORTANT

For using your classic PBX, please disable SIP ALG on your firewall.

You can find the IP address of your classic PBX server at CommPeak Portal > Cloud PBX > PBX Instances.

Please check the PBX IP ACL Settings article to learn how to add IP addresses to Web, SIP, and Click2Call access lists and review the blocked IP addresses.