Routers
      Back to home
      1. Luminate Knowledge Base
      2. VOIP & NETWORKING
      3. Routers

      Router and Firewall Best Practices

      Router Support

      In general we’ve found that the Netsapiens platform works well with most commercial routers.

      However, please consider that most “off-the-shelf” Residential and SOHO routers usually don’t have the processing power needed to manage several VoIP NAT connections as necessary for multiple VoIP phones, 3+ concurrent calls, and or other resource intensive features like Presence, BLF and QoS.

      Although these smaller more affordable routers have been deployed, and in some cases perform well, the high variations in hardware/firmware combinations make them unpredictable and not worth the possible issues they could present.

      Tested Routers

      Luminate does not make any guarantees when it comes to router setups, and neither can we provide any support for router configuration. However, the below router's have been tested working in multiple setups.

      • Technicolor DGA0122
      • Zyxel VMG8623-T50B
      • TP-Link Archer VR400 - Requires SIP ALG Disabling
      • Draytek (Most Models) - Disable SIP ALG and Strict Security Firewall.
      • Ubiquiti Unifi Dream Machine

      Routers With Known Issues

      • BT Home Hub
      • Virgin Media Hitron

      Both of the above routers cannot have SIP ALG fully disabled and are notorious for causing issues with VoIP setups.

      Basic recommendations for any router used in a VoIP implementation.

      • Disable ‘SIP ALG’ (Application Layer Gateway) functions.
      • Disable ‘DMZ’ and ‘Port Forwarding’ options (Unless using advanced pre-tested configurations)
      • Disable SPI (Stateful Packet Inspection) settings.
      • Set UDP Port Timeout values to between 30-60 seconds (can set as high as 120 seconds if really needed).
      • Ensure the Router’s WAN is assigned a public IP (NO double NATing).

      Firewall Support

      Complex firewall setups can interfere with VoIP implementations, and as such we cannot provide support when it comes to setups with this requirement.

      VoIP Firewall Best Practices.

      • Follow our firewall rules guide.
      • If a firewall is required try to have the VoIP CPE outside of its control.
      • If the VoIP CPE is on a Public IP you will need to manually engage the RTP Proxy within the Admin portal to limit the possible IP’s used for “whitelist’ or “allowed’ traffic settings.

      VoIP CPE Support

      Most VoIP devices will perform properly with basic factory default settings. As long as you auto provision a device the appropriate settings should be automatically configured for you.

      NOTE - Polycoms and Yealinks tend to function relatively smoothly on their default settings, however Grandstreams do not.

      If you are manually provisioning a Grandstream we recommend keeping this in mind.

      List of basic settings recommended for all VoIP CPE (IP Phone or IP PBX).

      • Do not use any STUN or ICE functions.  While there may be valid reasons to do so they are typically not required unless you have a concrete reason and know exactly how to with a pre-tested and pre-approved configuration.
      • Enable any available SIP “Keep Alive’ features with a timeout of 30 seconds.