Lumen help

Configuring your firewall for VoIP service

A firewall controls the incoming and outgoing network traffic based on an applied rule set and establishes a barrier between a trusted, secure LAN and/or WAN network(s) and the internet (not secure, nor trusted).


Lumen recommends a LAN architecture where the voice traffic bypasses the firewall, as shown below:

VoIP configuration diagram

If a firewall feature is configured, it must allow the following traffic to pass. The IP address of the Lumen session border controller (SBC) varies and can be provided by the provisioner working the order.


The following must be allowed between all Hosted VoIP phones and the Lumen SBC (in both directions):

  • Allow TCP/UDP ports 5060, 5061, and 5068 (for SIP)
  • Allow UDP ports 8500–59999 (for RTP)1
  • Allow UDP port 123 (for NTP)
  • Allow TCP port 80 (for HTTP)
  • Allow TCP port 2208 (for HTTP: Business Communicator)
  • Allow TCP port 443–450 (for HTTP)

1. Some firewalls will dynamically open and close UDP ports for RTP and control signaling as required and do not need the entire range of UDP ports for RTP opened all the time. If the firewall is configured to build dynamic lists based on traffic that originated inside the firewall then it is not necessary to perform any configuration on the firewall.