Call Us: 888-727-5776 or Email:

SIP / VOIP Firewall Configuration Guide is a networked app - it communicates back and forth between your computer and our servers in order to deliver phone calls and real-time info to users. This article describes network requirements that relies on to operate smoothly. 


For the Web Phone

The Web Phone is a Google Chrome extension that uses the Twilio Client which uses Chrome's WebRTC stack.

You can see the detailed document of connectivity requirements here 

1) Top section: - Twilio Client WebRTC 1.x (Twilio.js) Port Requirements

2) IP address ranges to traffic shape - We use the us1 region ID for the most part but not exclusively.

3) Firewall configuration

See section at top of this page

As of this writing:

Twilio Client WebRTC 1.x (Twilio.js) Port Requirements

Component Address Server-side port used † Protocol
Signaling - GLL
(Global Low Latency)
443 TCP
Signaling -
(Regions: au1, br1, de1, ie1, jp1, sg1, us1)
443 TCP
RTP Static IP range * 10,000 - 20,000 UDP
Insights 443 TCP 

 The client-side will select any available port from the ephemeral range. On most machines, this means the port range 1,024 to 65,535.
* Twilio Client 1.3 and higher lets you select the specific Twilio data center used when your Twilio Client Device connects to Twilio. Network communication to and from Twilio will originate/terminate from the fixed, static IP address ranges listed here for each region.

And please take a moment to read this backgrounder 

For IP Phones

If you're trying to use a SIP softphone or IP phone to get phone calls from and the devices are sitting behind a firewall (this is the most common network setup), you may have to open some ports in the firewall to ensure that the audio gets through. 

Disable SIP ALG. Sometimes this is called a SIP Transformations or SIP Application Layer Gateway. You must disable them because most implementations are broken.

Make sure that your firewall / broadband router allows inbound traffic (from the internet to your personal network) on these ports:

  • 1-65535 UDP
  • 5060-5066 TCP

If you must, you may provide these source/destination IP ranges:

  • through
  • through
  • through
  • through

If you can, increase UDP Timeout to 120 seconds. This will make sure that the firewall doesn't arbitrarily close UDP ports that the IP phones rely on to receive incoming calls.


If you can, create a class of service from traffic sourcing from and transferring to those IP ranges and those ports.

Finally, make sure that you are not doing more than one NAT or Network Address Translation. This can happen, for example, if your computer or IP phone is plugged to a series of network devices (mostly routers, firewalls or security appliances) that are daisy chained and more than one device is translating a private IP into another private IP.


For the Desktop Application

Our Desktop application relies on 2 kinds of traffic to operate:

  • Outbound HTTP and HTTPS requests from the Desktop to our servers on TCP ports 80, 443 and 5280
  • Bi-directional XMPP over TCP traffic on port 5222, which can be initiated by either the Desktop application or our servers.

Please make sure that you allow these traffic flows through your firewall so that the Desktop application can work correctly.

Have more questions? Submit a request


Please sign in to leave a comment.