Overview of Port Usage of the STARFACE

The network in which STARFACE is located and its security settings must take the following port usage of STARFACE into account if the underlying functions are to be used. This applies in particular to the use of port forwarding, firewall settings, or the use of NAT.

Responsibility for securing the network generally lies with the partner or network administrator. They must decide which of the following ports, URLs, and IP addresses are to be released or accessible for the individual configuration. No specific recommendations can be made for securing a network. However, a general recommendation is to set up a VPN for access to STARFACE or the network whenever possible for additional security.

STARFACE PBX (Ports)

Port	Protocol	Description
53	UDP	DNS
53	TCP	DNS
80	TCP	Access to the STARFACE web interface and the STARFACE REST interface via http
80	TCP	Access to the REST Interface of the STARFACE via http
123	UDP	Set/adjust system time via an external NTP server
389	LDAP	Unencrypted access to an external address book
443	TCP	Access to the STARFACE web interface via https
636	LDAP	Accessing an external address book using TLS
1902	UDP	User authentication via Active Directory
3090	TCP	Set-up and use of the system network
3090	UDP	Set-up and use of the system network
3478	UDP	Use of the STUN service
5060	UDP	Use of SIP (e.g. setting up calls)
5060	TCP	Use of SIP (e.g. setting up calls)
5061	TCP	TLS encryption in the STARFACE Desktop Apps and for encrypted connections belonging to some SIP providers
5061	UDP	TLS encryption in the STARFACE Desktop Apps and for encrypted connections belonging to some SIP providers
5062	UDP	SIP registration
5062	TCP	SIP registration
5062	UDP	Connecting STARFACE to SIP providers when using Kamailio
5062	TCP	Connecting STARFACE to SIP providers when using Kamailio
5063	TCP	SIP registration / connection of the STARFACE to SIP providers when using Kamailio (encrypted connection)
10.000 bis 20.000	UDP	Incoming RTP audio data
1.025 bis 65.535	UDP	Outgoing RTP audio data
50080	TCP	Autoprovisioning of devices on the STARFACE
50080	TCP	Unencrypted access to the phone menus
50081	TCP	Autoprovisioning of SNOM devices with TLS

The use of TLS 1.0 is not possible for the following ports, all higher versions of TLS are supported:

443
5061
5222

STARFACE PBX (Server Addresses)

The following server addresses must be accessible from STARFACE:

Address	Port	Protocol	Description
iplookup.starface.com	80	HTTP	Automatic determination of the external IP address of STARFACE
license.starface.de	80	HTTP	Access to the STARFACE license server concerning the cross-checking of licences
license.starface.de	443	HTTPS	Access to the STARFACE license server concerning the cross-checking of licences
license.starface.de	8383	HTTPS	Access to the STARFACE license server concerning the cross-checking of licences
siptrunk.de	443	HTTPS	Access to the provider portal
starface-cdn.de	80	HTTP	Access to updates and STARFACE firmware
starface-cdn.de	443	HTTPS	Access to STARFACE updates
stun.starface.com	3478	UDP	Access to the STUN server
stun.teamfon.com	3478	UDP	Access to the STUN server
update.starface.de	80	HTTP	Access to STARFACE updates
update.starface.de	443	HTTPS	Access to STARFACE updates
www.starface-cdn.de	80	HTTP	Access to STARFACE updates
www.starface-cdn.de	443	HTTPS	Access to STARFACE updates

STARFACE Desktop Apps (Ports)

The following ports must be enabled in both directions between STARFACE and the desktop app to use the two STARFACE desktop apps:

Port	Protocol	Description
443	TCP	Access to basic functions
443	HTTPS	Access to the STARFACE address book
554	UDP	RTSP Streams
5060	UDP	Autoprovisioning of the server address
5061	TCP	Establishing a SIP call with TLS encryption
5222	TCP	Login to the STARFACE XMPP server
8554	TCP	RTSP Streams
10.000 bis 20.000	UDP	incoming RTP audio data
1.025 bis 65.535	UDP	outgoing RTP audio data

In addition, the correct configuration of the host name, the XMPP domain and the server address used on the STARFACE must be ensured.

Note: We do not recommend using the app's softphone functionality on a terminal server. This often results in voice quality issues due to the high network load.

STARFACE Mobile Apps (Ports)

Die folgenden Ports müssen für die Nutzung der beiden STARFACE Desktop Apps in beiden Richtungen zwischen STARFACE und Desktop App freigegeben sein:

Port	Protocol	Description
80	TCP	Access to the STARFACE address book
443	TCP	Access to basic functions
5060	UDP	Use via SIP (e.g. call setup)
5061	TCP	TLS encryption
5222	TCP	Login to the STARFACE XMPP server
10.000 bis 20.000	UDP	incoming RTP audio data
1.025 bis 65.535	UDP	outgoing RTP audio data

STARFACE Mobile Apps (Server Addresses)

The following DNS entry must be accessible via port 443 for STARFACE and the two mobile apps to ensure the functionality of both STARFACE mobile apps:

push-cluster.starface.de

The following address must be accessible via HTTPS for both apps via port 443 to ensure the functionality of the apps:

starface-cdn.de

In addition, the correct configuration of the host name, the XMPP domain and the server address used on the STARFACE must be ensured.

STARFACE Connect (Ports and Server Addresses)

The following subdomain must be accessible from the STARFACE PBX if a STARFACE Connect line is to be used:

cluster.starface-connect.com

If this is not possible, the following IP addresses can also be entered in the firewall:

45.143.185.126
45.143.185.251
194.36.60.125
212.79.207.78
212.79.200.42
212.79.202.134
212.79.203.47
212.79.206.208
212.79.220.34
212.79.220.35
212.79.220.36
212.79.220.37
212.79.220.43
212.79.220.44
212.79.220.45
212.79.220.46
212.79.220.47
212.79.220.132
212.79.220.134
212.79.220.135
212.79.220.136

Note: We advise against entering individual IP addresses in the firewall. IP addresses can be extended and/or changed at any time.

STARFACE NEON (Ports and Server Addresses)

A bandwidth of 6 Mbit/s downstream and 3 Mbit/s upstream is required. The following ports must be enabled for each individual workstation (PC or MAC):

Port	Protocol	Description
443	TCP	Web Socket
443	HTTPS	Access the interface via HTTPS
40.000 bis 60.000	UDP	RTP Streams

Port 443 must also be able to access the following DNS entries:

meeting.starface-neon.com
cluster.starface-neon.com
start.starface-neon.com

Ports 40,000 to 60,000 must also be able to access the following DNS entries:

cluster.starface-neon.com

If the DNS entry "cluster.starface-neon.com" cannot be used, the following IP addresses must be used alternatively:

37.120.180.35
46.38.248.10
81.173.112.199
81.173.114.122
81.173.115.149
81.173.115.58
82.165.231.100
82.165.231.146
82.165.231.99
85.184.248.3
85.184.249.183
85.184.249.241
85.184.249.3
85.184.249.83
85.215.237.133
85.215.237.134
85.215.237.135
85.215.237.136
85.215.237.140
85.215.250.229
85.215.250.231
85.215.58.48
85.215.77.95
85.215.77.96
87.106.113.231
87.106.114.223
87.106.114.224
87.106.115.145
87.106.115.146
87.106.115.147
87.106.115.148
157.97.106.186
157.97.108.61
157.97.110.180
157.97.111.160
185.132.45.173
185.132.47.107
185.132.47.211
185.132.47.44
185.48.116.187
185.48.116.212
185.48.116.221
185.48.116.223
212.227.166.69
212.227.179.95
212.227.183.74
212.227.183.75
212.227.183.76
212.227.183.77
212.227.51.220
212.227.68.102
212.227.68.33
212.227.68.65
213.165.73.195
213.165.76.94
217.160.201.100
217.160.201.101
217.160.201.102
217.160.201.103
217.160.201.104
217.160.201.105
217.160.201.106
217.160.201.107
217.160.201.110
217.160.202.66
217.160.203.128
217.160.203.230
217.160.210.120
217.160.210.237
217.160.211.179
217.160.211.180
217.160.216.156
217.160.217.206
217.160.217.207