Seitenhistorie

The network in which the STARFACE is located or its security settings must take into account the following port use usage of the STARFACE if the underlying functions of the STARFACE are to be used. This is especially important when port forwardings or NAT is used.Further down in the documentation are some example scenariosapplies in particular when using port forwarding, firewall settings or using NAT.

The partner or network administrator is generally responsible for securing the network. The partner or administrator must decide which of the following ports, URLs and IP addresses must be released or accessible for the individual configuration. No individual recommendations can be made to secure a network. However, a general recommendation is, whenever possible, to set up a VPN to access STARFACE or the network for additional security.

Port	Protocol	Description

80

53	UDP und TCP

Access to the STARFACE web interface via http

DNS
80	TCP	Access to the STARFACE

address book in the UCC client (Mac and Windows)

web interface and the STARFACE REST interface via http
123	UDP	Set/adjust system time via an external NTP server
389	LDAP	Unencrypted access to an external address book
443	TCP	Access to the STARFACE web interface

via https

via https
636	LDAP	Accessing an external address book using TLS
443	TCP	Access to basic functions in the STARFACE

address book and the function key configurationin the UCC client (Mac and Windows)

Desktop Apps and in the STARFACE Mobile Apps. If the standard port in the web server is changed, the firewall releases must also be adjusted.
1902	UDP	User authentication via Active Directory
3090	TCP

and

und UDP	Set-up and use of the system network
5060	UDP	Use of SIP (e.g. setting up calls)
5060	TCP	Use of SIP (e.g. setting up calls)
5061	TCP	TLS encryption in the STARFACE

UCC client

Desktop Apps and for encrypted connections belonging to some SIP providers
5222	TCP

UCC and mobile client login onto the

Registration of the STARFACE Desktop Apps and the STARFACE Mobile Apps on the STARFACE XMPP server

10.000

to

bis 20.000	UDP	Incoming RTP audio data
1.025

to

bis 65.535	UDP	Outgoing RTP audio data
50080	TCP	Autoprovisioning (all 3 types) and telephone menus (unencrypted)
50081	TCP	Autoprovisioning (all 3 types) for Openstage and Snom (with TLS)

The use of TLS 1.0 is not possible for the following ports, all higher versions of TLS are supported:

443
5061
52235222

Access

...

to

...

push.starface.de

...

Server Addresses

The following server addresses must be accessible from STARFACE:

Adress	Port	Protocol	Description
iplookup.starface.com	80	HTTP	Automatic determination of the external IP address of STARFACE
license.starface.de	80	HTTP	Access to the STARFACE license server concerning the cross-checking of licences
license.starface.de	443	HTTPS	Access to the STARFACE license server concerning the cross-checking of licences
license.starface.de	8383	HTTPS	Access to the STARFACE license server concerning the cross-checking of licences
update.starface.de	80	HTTP	Access to STARFACE updates
update.starface.de	443	HTTPS	Access to STARFACE updates
starface-cdn.de	80	HTTP	Access to STARFACE updates
starface-cdn.de	443	HTTPS	Access to STARFACE updates
www.starface-cdn.de	80	HTTP	Access to STARFACE updates
www.starface-cdn.de	443	HTTPS	Access to STARFACE updates
siptrunk.de	443	HTTPS	Access to the provider portal

Access for STARFACE Mobile Apps

The following DNS entry must be accessible via port 443 for the STARFACE and the mobile apps to ensure the functionality of the STARFACE mobile apps:

push-cluster.starface.de (from version 7.0.0.19)
push.starface.de (up to version 7.0.0.8)

STARFACE Connect

The following IP addresses subdomain must be accessible from the STARFACE if a STARFACE Connect line is to be used:

cluster.starface-connect.com

If this is not possible, the following IP addresses can also be entered in the firewall:

212.79.202.134
194.36.60.125
45.143.185.251
212.79.207.78
45.143.185.126
212.79.220.36
212.79.220.34
212.79.206.208
212.79.220.37
212.79.200.42
212.79.203.47
212.79.220.35

It is not recommended to enter individual IP addresses in the firewall, as the IP addresses used can always be expanded and/or changed.

STARFACE NEON

The system requirements for accessing STARFACE NEON are listed in another part of the documentation (Link to the STARFACE NEON documentation).

Telephones from the manufacturer Yealink on the STARFACE Cloud

If telephones from the manufacturer Yealink are to be connected to a STARFACE cloud via the Starface partner portal, the Yealink telephones must be able to reach the following hosts:

dm.yealink.com
api-dm.yealink.com
rps.yealink.com
rpscloud.yealink.com
pscloud.yealink.com

The following ports must be enabled for the hosts listed above:

80
443
8443
8445
8446
9989

37.120.180.58
37.120.180.6
37.120.181.198
37.120.181.229
85.184.250.15

Example scenarios

Here you find some example scenarios and the necessary settings:

Erweitern

title	STARFACE + SIP Provider

Incoming ports:

Port

Protocol

Description

Setting

5060

UDP

unencrypted VoIP signaling over SIP

Port Forwarding

5061¹

TCP

encrypted VoIP signaling over SIP

Port Forwarding

10.000 to 20.000

UDP

incoming audio RTP data

Port Forwarding

Outgoing ports:

Port

Protocol

Description

Setting

5060

UDP

unencrypted VoIP signaling over SIP

Allow direction to WAN

5061¹

TCP

encrypted VoIP signaling over SIP

Allow direction to WAN

1025 to 65.535

UDP

outgoing audio RTP data

Allow direction to WAN

¹ if supported by the SIP provider

Erweitern

title	STARFACE + SIP Provider + Homeoffice

Incoming ports:

Port

Protocol

Description

Setting

443TCPHTTPS web interface / REST-APIPort Forwarding

5060

UDP

unencrypted VoIP signaling over SIP

Port Forwarding

5061¹

TCP

encrypted VoIP signaling over SIP

Port Forwarding

5222

TCP

XMPP server of STARFACE (Chat and UCI)

Port Forwarding

50080

TCP

unencrypted autoprovisioning of telephones

Port Forwarding

50081

TCP

encrypted autoprovisioning of telephones

Port Forwarding

10.000 to 20.000

UDP

incoming audio RTP data

Port Forwarding

Outgoing ports:

Port

Protocol

Description

Setting

5060

UDP

unencrypted VoIP signaling over SIP

Allow direction to WAN

5061¹

TCP

encrypted VoIP signaling over SIP

Allow direction to WAN

5222

TCP

XMPP server of STARFACE (Chat and UCI)

Allow direction to WAN

50080

TCP

unencrypted autoprovisioning of telephones

Allow direction to WAN

50081

TCP

encrypted autoprovisioning of telephones

Allow direction to WAN

1.025 to 65.535

UDP

outgoing audio RTP data

Allow direction to WAN

¹ if supported by the SIP provider

Erweitern

title	STARFACE + SIP Provider + Mobile Clients (Android & iPhone)

Incoming ports:

PortProtocolDescriptionSetting443TCPHTTPS web interface / REST-APIPort Forwarding5060UDPunencrypted VoIP signaling over SIPPort Forwarding5061¹TCPencrypted VoIP signaling over SIPPort Forwarding5222TCPXMPP server of STARFACE (Chat and UCI)Port Forwarding50080TCPunencrypted autoprovisioning of telephonesPort Forwarding50081TCPencrypted autoprovisioning of telephonesPort Forwarding10.000 to 20.000UDPincoming audio RTP dataPort Forwarding

Outgoing ports:

PortProtocolDescriptionSetting443TCPHTTPS web interface / REST-APIAllow direction to WAN5060UDPunencrypted VoIP signaling over SIPAllow direction to WAN5061¹TCPencrypted VoIP signaling over SIPAllow direction to WAN5222TCPXMPP server of STARFACE (Chat and UCI)Allow direction to WAN50080TCPunencrypted autoprovisioning of telephonesAllow direction to WAN50081TCPencrypted autoprovisioning of telephonesAllow direction to WAN1025 to 65.535UDPoutgoing audio RTP dataAllow direction to WAN¹ if supported by the SIP provider

Seitenhierarchie

Versionen im Vergleich

Alte Version 3

Neue Version 4

Schlüssel

Access

to

Server Addresses

Access for STARFACE Mobile Apps

STARFACE Connect

STARFACE NEON

Telephones from the manufacturer Yealink on the STARFACE Cloud

Example scenarios