Netgear ProSafe VPN Firewall - FVS Series

Aptela Knowledge Base » Network Configuration » Firewalls & Routers » Netgear ProSafe VPN Firewall - FVS Series

Netgear ProSafe VPN Firewall - FVS Series

DEFAULT SETTINGS

Our test lab results show that the default settings are sufficient in order to allow two-way communication. The phones will initially send a request to register with Aptela. The registration process will open a pinhole in the firewall and allow communication to that phone in and out.

When users begin to add their custom rules to accommodate their network with security, there is a tendency to add rules that will inadvertently block the same ports that the VoIP phones are using. This is why it is necessary to be careful when creating rules. Also, be careful not to have overlapping rules as well as this will slow down the processing time and increase CPU load.

RULES SECTION

Outbound Services

This lists all existing rules for outbound traffic. If you have not defined any rules, only the default rule will be listed. The default rule allows all outgoing traffic, including your phone traffic.

For the default Outgoing Rule, an option is provided to set the action to "Allow Always" or "Block Always".

"Allow Always" is the default. All users can make outgoing connections. However, connections could be blocked by the Block Sites filter. Also, you could make other outgoing rules to block certain traffic. You will want this option to allow all outbound traffic from the phones.
If the action is changed to "Block Always", then no outgoing connections are permitted. In this case, you must create some outgoing rules to allow outgoing traffic, or all Internet access will be blocked. This option will block SIP signaling and audio from leaving your network.

Inbound Services

This lists all existing rules for inbound traffic. If you have not defined any rules, only the default rule will be listed. The default rule blocks all inbound traffic. Again, after the phone registers with the Aptela network, this default rule is sufficient to allow two-way communication. Once other custom rules are added, be careful not to only point port ranges that the phones use to other devices or servers on your network.

The phones will use the following port ranges:

SIP

Start port = 5060
End Port = 50xx

The end port needs to be 5060 + the number of phones you have registered. You may want to add some extra ports in case of adding future employees. So if you have 10 employees, you may want to use 5080 (5060 + 10 phones + 10 extra).

RTP

10,000 through + 100*n (where n is the total number of users ever by your account).

For example, if you have 20 or fewer employees, you may want to open up 2000 ports to provide room for growth and employee turnover, so the range would be 10000 through 12000.

Traffic Type
If the rules ask for the traffic type for your rules, select UDP.

Again, be careful not to point any custom services to any of the port numbers in the above ranges as it will affect your phone's behavior.

Email Print

Netgear ProSafe VPN Firewall - FVS Series

Related Articles

Router / Firewall Settings

Troubleshooting Firewall/NAT Issues

Netgear WGR series routers

Cisco SPA 500 Series Phones - User Guides

Cisco SPA 300 Series Phones - User Guides

Related Articles

Troubleshooting Firewall/NAT Issues

Cisco SPA 500 Series Phones - User Guides

Cisco SPA 300 Series Phones - User Guides