Archived and Closed
This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: We have archived this topic as it has either reached a resolution has become inactive, or information contained in this thread is no longer accurate. If you have a related question on this subject, please post a new topic.
Here is information to help you with the rules
Configuring Firewalls for a RingCentral Service & Checking the Quality of your Internet Service
For other brand of firewall, you need to consider the following
1. If the modem is a gateway, have it on a bridged mode to disable the NAT and have the NAT of the firewall enabled so there will only be one translation for the whole network.
2. If the gateway is already bridged or half bridge wherein they need to put in certain information like Account Internet Access(usually these information are provided by your ISP, Internet Service Provider).
3. Steps 1 and 2 should be configured by your ISP(Internet Service Provider)
4. If everything has been configured as mentioned above, the next step is to configure the firewall with the help of your IT guy. It might require for them to create services and policies for our service and these are the information that is needed. Please remember to enable NAT and disable SIP ALG. Remember if there are more than 1 NAT enabled on the network, voice data and registration of the phones will not work because there will be no way for those phones to communicate with our servers and vice versa.
Ports that we use and if the firmware doesn't change the information for the assigned ports inside the IP Packets, it should follow these rule(Sonicwall uses a different algorithm and that is why a wide range of port is opened for the LAN side)
• RCPorts1 – 5060 to 5090 UDP, User Diagram Protocol, used by RingCentral Softphone(Mac and PC versions) and SIP Phones(Polycom, CISCO, Android App SIP Phones, IOS App SIP Phones, etc.)
• RCPorts2 – 16384 to 16482 UDP, User Diagram Protocol, ports being used by actual voice data delivered to and from SIP Hardphones and third party SIP phones(Polycom, CISCO, Android App SIP Phones, IOS App SIP Phones, etc.)
• RCPorts3 – 8000 to 8200, User Diagram Protocol, ports being used by actual voice data delivered to and from RingCentral Softphones(Mac and PC versions)
• Time Server – IP Address Range: 126.96.36.199 to 188.8.131.52
• SIP Server1 – IP Address Range: 184.108.40.206 to 220.127.116.11
• SIP Server2 – IP Address Range: 18.104.22.168 to 22.214.171.124
How do I troubleshoot Call Quality issues - QoS?
SIPVicious “friendly-scanner” Attacks --- SIPVicious is a free SIP security testing suite. SIPVicious scans IP addresses looking for SIP devices, helps identify active PBX extensions and provides a mechanism to crack SIP user passwords.
RingCentral is not responsible for fixing SIP port scanning attacks, and can only make recommendations. Selection, configuration and maintenance of customer network equipment is not handled by RingCentral. RingCentral is not your ISP.
SIPVicious can only be stopped by configuring a router to block SIP signaling from all but a selection of specific IP address ranges. Routers which support access control lists (ACL) can do this.
The only stable resolution is to lock down the SIP ports on the router to only allow inbound and outbound traffic to RingCentral IP networks 126.96.36.199/22 and 188.8.131.52/22. SonicWALL routers or ACL (Access Control List) compatible Cisco routers can do this. Most SOHO (small office/home office) routers do not have the capability to set up rules like these.
So they best thing to do is adjust your firewall so that your phones ONLY talk to the Ring central servers and then if the SIP scanner is looking for your phones the FW will block it.
There is also a secure setting that could be turned on your account but I think there is some dependency on the type of phone you have.
It is a good practice anyways to have these FW rules in place.
Hope this helps shed some light.
Certified RC Installer
Just lock down our Firewall so your phones could ONLY see RC servers.
I think depending on the phone type there is some other encryped settings that could be turned on but as a best practice, you should be doing this.
Any competient IT service could configure your Firewall with the settings.
How many phones in your environment?
As an engineer for RingCentral I can tell you with authority we are definitely not doing this to rack up minutes. This is actually a result of malicious intent. "Hackers" use a program called SIP vicious to probe people's networks and compromise phones. They then attack your phones by ringing them and ultimately get your login information from your phone. They can then use your specific login information to login to the RingCentral and make calls on your behalf. You can validate one of these attacks if your phone rings with a suspicious caller ID ("100") and then if you look in your RingCentral call log it will not show the call. That means the call didn't come through RingCentral servers, and the attackers have found a way in to your network. This can be mitigated one of 2 ways.
1. Recommended that you limit traffic to and from your phones ONLY from RingCentral IP addresses. You may need to enage the help of an IT professional to do this. The IP ranges you should be accepting traffic from are 184.108.40.206/22 and 220.127.116.11/22
IMPORTANT! - VIEW THE LATEST RECOMMENDED NETWORK CONFIGURATION SETTINGS HERE: RingCentral Network Requirements andRecommendations
Let me explain this strange behavior I am seeing.
A coworker used my phone to make simple test call to himself by dialing his 4 digit extension from my phone.
Ever since that single call was made I see a phantom call initiated from my phone to his extension about every 5-10 minutes. I have a presence button of his extension on my VVX410 and I see it flash green.
Further, his phone never actually rings and after about 30 seconds it stops and the cycle begins again. I have check the call log and call history and these calls do not display. I have rebooted the phone and they still continue.
Anyone have any idea about this?
This conversation is no longer open for comments or replies.
This conversation is no longer open for comments or replies.