Wifi Calling Firewall Holes to Punch
Alex Buie
alexander.buie at datto.com
Fri Jul 17 16:59:18 UTC 2020
It's been a minute since I've set this up in a corp/campus wifi scenario,
but my notes for Verizon VoWiFi from the last time I did say that you need
outbound udp/500 and udp/4500 IPSec protocol (IKE and ESP) permitted out
the firewall. Tunnel endpoints live in 141.207.0.0/16, so hopefully that
lets you scope the rule enough to please your ISO.
Devices will also need the ability to make an HTTPS request to
https://spg.vzw.com/SSFGateway/e911Location/changeAddress
As well, DNS queries for the ePDG domain wo.vzwwo.com need to be permitted.
That _should_ be all you need to get it bootstrapped.
Alex
On Fri, Jul 17, 2020 at 12:39 PM Lyden, John C <lyden at rowan.edu> wrote:
> Hey gang.
>
>
>
> We’re setting up a unified wireless network for the students here, and to
> get around the issues with Nintendo and NAT we devoted a large chunk of
> public IP space to them.
>
>
>
> We’re aware that this is causing issues with wifi calling on Verizon, TMo
> etc because it appears they initiate the SIP session inbound.
>
>
>
> Does anybody have a handy list of IP blocks and ports? T-Mobile had a
> decent page but other providers just said “open up 4500 and 500” and our
> ISO guys don’t like that.
>
>
>
> Thanks if someone can help.
>
>
>
> John C. Lyden
>
> Manager of Network Infrastructure, Infrastructure Services
>
> Division of Information Resources & Technology, Rowan University
>
>
>
--
*Alex Buie*
Associate Network Engineer
Datto, Inc.
475-288-4550 (o)
585-653-8779 (c)
www.datto.com
<http://www.datto.com/support-sig/>
Join the conversation! [image: Facebook] <http://www.facebook.com/dattoinc>
[image: Twitter] <https://twitter.com/Datto> [image: LinkedIn]
<https://www.linkedin.com/company/5213385> [image: Blog RSS]
<http://blog.datto.com/blog> [image: Slideshare]
<http://www.slideshare.net/backupify> [image: Spiceworks]
<https://community.spiceworks.com/pages/datto>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200717/4c80d2c5/attachment.html>
More information about the NANOG
mailing list