Maxotel

Configuring your firewall or ACL whitelist

Support Centre Frequently Asked Questions Configuring your firewall or ACL whitelist

The MaxoTel network operates across multiple IP ranges, which you may need to whitelist on your firewall ACL to ensure proper operation of your service.


Avoid adding specific IP addresses into your ACL or firewall, as our SBC and SIP Proxy IP addresses can change from time to time.


Multiple IP addresses and origins:

Our network is configured as a complex call distribution fabric, which includes multiple points of load balancing, SIP proxies and media servers (RTP handlers).

On our network, it's important to be aware that:

  • The IP addresses used by particular endpoints may change from time to time
  • Different devices, even on the same account, may resolve a different IP address for the same service
  • Calls (both SIP and RTP) originating from the MaxoTel network to your devices may originate from multiple or mixed IP addresses
  • SIP "INVITE" packets can result in devices sending RTP packets being sent to a different IP address (Media Server)

For these reasons, It's important that when configuring your ACL's, you include the entirety of our subnets, and not just the individual IP that an endpoint may resolve to at the time of setup.

This includes the configuration on your firewall, as well as any IP address restriction configurations on your devices.


IP Address Ranges:

Please ensure the following subnets are whitelisted:

  • 202.52.129.0/24
  • 103.5.76.0/24

We recommend adding these to a blanket whitelist, ensuring that all of your SIP devices (including any on-premise PBX's or handsets) can access any IP on the MaxoTel network.



Referring to IP addresses in device configuration:

Please note that the IP addresses used by individual endpoints our service (eg. sip.maxo.com.au / pbx.maxo.com.au / etc) may change from time to time.

We do not recommend or support using IP addresses in your configuration. Doing so may work in the short term, but you may encounter issues if our infrastructure changes in the future. A notification will always be sent out when decommissioning an IP address.

For a reliable and supported connection configuration, you must use the DNS hostname as specified in the configuration guide for your device and service.



Firewall Port Forwarding:

Note that we do NOT recommend forwarding ports from your firewall to your VoIP devices. This can create security risks, and is generally unnecessary.

Our network has inherent NAT traversal handling, so under normal circumstances here is no need to forward any ports.