<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">It's been a minute since I've set this up in a corp/campus wifi scenario, but my notes for Verizon VoWiFi from the last time I did say that you need outbound udp/500 and udp/4500 IPSec protocol (IKE and ESP) permitted out the firewall. Tunnel endpoints live in <a href="http://141.207.0.0/16" target="_blank">141.207.0.0/16</a>, so hopefully that lets you scope the rule enough to please your ISO.</div><div dir="ltr"><br></div><div>Devices will also need the ability to make an HTTPS request to <a href="https://spg.vzw.com/SSFGateway/e911Location/changeAddress">https://spg.vzw.com/SSFGateway/e911Location/changeAddress</a></div><div><br></div><div>As well, DNS queries for the ePDG domain <a href="http://wo.vzwwo.com">wo.vzwwo.com</a> need to be permitted.</div><div><br></div><div>That _should_ be all you need to get it bootstrapped.</div><div dir="ltr"><br></div><div>Alex</div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jul 17, 2020 at 12:39 PM Lyden, John C <<a href="mailto:lyden@rowan.edu" target="_blank">lyden@rowan.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div>
<p class="MsoNormal">Hey gang.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">We’re setting up a unified wireless network for the students here, and to get around the issues with Nintendo and NAT we devoted a large chunk of public IP space to them.
<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">We’re aware that this is causing issues with wifi calling on Verizon, TMo etc because it appears they initiate the SIP session inbound.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Does anybody have a handy list of IP blocks and ports? T-Mobile had a decent page but other providers just said “open up 4500 and 500” and our ISO guys don’t like that.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thanks if someone can help.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">John C. Lyden<u></u><u></u></p>
<p class="MsoNormal">Manager of Network Infrastructure, Infrastructure Services<u></u><u></u></p>
<p class="MsoNormal">Division of Information Resources & Technology, Rowan University<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><table border="0" cellpadding="0" cellspacing="0" width="270" style="color:rgb(23,43,77);font-family:DattoDIN,Arial,sans-serif;font-size:14px"><tbody><tr><td height="17" width="270"><span style="font-size:16px"><strong>Alex Buie</strong></span></td></tr><tr><td height="16">Associate Network Engineer</td></tr><tr><td height="16">Datto, Inc.</td></tr><tr><td height="16">475-288-4550 (o)<br>585-653-8779 (c)</td></tr><tr><td height="16"><a href="http://www.datto.com/" style="color:rgb(0,128,198)" target="_blank"><span style="color:rgb(11,83,148)">www.datto.com</span></a></td></tr><tr><td height="16"><br><a href="http://www.datto.com/support-sig/" style="color:rgb(0,128,198)" target="_blank"><img alt="" src="https://www.datto.com/img/marketo/ClickLearnDone_EmailSignature.jpg" style="margin: 0px; padding: 0px; border: 0px;"></a><br><br></td></tr><tr><td height="15"><span style="font-size:xx-small;font-family:arial,helvetica,sans-serif">Join the conversation!</span> <a href="http://www.facebook.com/dattoinc" style="color:rgb(0,128,198)" target="_blank"><img alt="Facebook" border="0" height="16" src="https://www.datto.com/img/marketo/facebook_2.png" width="16" style="margin: 0px; padding: 0px; border: 0px;"></a> <a href="https://twitter.com/Datto" style="color:rgb(0,128,198)" target="_blank"><img alt="Twitter" border="0" height="16" src="https://www.datto.com/img/marketo/twitter_2.png" width="16" style="margin: 0px; padding: 0px; border: 0px;"></a> <a href="https://www.linkedin.com/company/5213385" style="color:rgb(0,128,198)" target="_blank"><img alt="LinkedIn" border="0" height="16" src="https://www.datto.com/img/marketo/linkedin_2.png" width="16" style="margin: 0px; padding: 0px; border: 0px;"></a> <a href="http://blog.datto.com/blog" style="color:rgb(0,128,198)" target="_blank"><img alt="Blog RSS" border="0" height="16" src="https://www.datto.com/img/marketo/blogRSS.png" width="16" style="margin: 0px; padding: 0px; border: 0px;"></a> <a href="http://www.slideshare.net/backupify" style="color:rgb(0,128,198)" target="_blank"><img alt="Slideshare" border="0" height="16" src="https://www.datto.com/img/marketo/slideshare.png" width="16" style="margin: 0px; padding: 0px; border: 0px;"></a> <a href="https://community.spiceworks.com/pages/datto" style="color:rgb(0,128,198)" target="_blank"><img alt="Spiceworks" border="0" height="16" src="https://www.datto.com/img/marketo/spiceworks-app_icon.jpg" width="16" style="margin: 0px; padding: 0px; border: 0px;"></a></td></tr></tbody></table></div></div></div></div>