| Inhalt |
|---|
The network in which
theSTARFACE is located
orand its security settings must take
into accountthe following port usage of
theSTARFACE into account if the underlying functions
of the STARFACEare to be used. This applies in particular
when usingto the use of port forwarding, firewall settings, or
usingthe use of NAT.
The partner or network administrator is generally responsibleResponsibility for securing the network
. Thegenerally lies with the partner or network administrator. They must decide which of the following ports, URLs, and IP addresses
mustare to be released or accessible for the individual configuration. No
individualspecific recommendations can be made
to securefor securing a network. However, a general recommendation is
, whenever possible,to set up a VPN for access to
accessSTARFACE or the network whenever possible for additional security.
STARFACE PBX (Ports)
Port | Protocol | Description |
|---|---|---|
| 53 | UDP |
| DNS | ||
| 53 | TCP | DNS |
80 | TCP | Access to the STARFACE web interface and the STARFACE REST interface via http |
80 | TCP | Access to the REST Interface of the STARFACE via http |
123 | UDP | Set/adjust system time via an external NTP server |
389 | LDAP | Unencrypted access to an external address book |
443 | TCP | Access to the STARFACE web interface via https |
636 | LDAP | Accessing an external address book using TLS |
443
1902 | UDP | User authentication via Active Directory |
3090 | TCP |
Set-up and use of the system network | ||
3090 | UDP | Set-up and use of the system network |
3478 | UDP | Use of the STUN service |
5060 | UDP | Use of SIP (e.g. setting up calls) |
| 5060 | TCP | Use of SIP (e.g. setting up calls) |
5061 | TCP | TLS encryption in the STARFACE Desktop Apps and for encrypted connections belonging to some SIP providers |
5062 | UDP | SIP registration |
5062 | TCP |
SIP registration | ||
5062 | UDP | Connecting STARFACE to SIP providers when using Kamailio |
5062 | TCP | Connecting STARFACE to SIP providers when using Kamailio |
5063 | TCP | SIP registration / connection of the STARFACE to SIP providers when using Kamailio (encrypted connection) |
10.000 bis 20.000 | UDP | Incoming RTP audio data |
1.025 bis 65.535 | UDP | Outgoing RTP audio data |
50080 | TCP | Autoprovisioning |
of devices on the STARFACE | ||
50080 | TCP | Unencrypted access to the phone menus |
50081 | TCP | Autoprovisioning |
of SNOM devices with TLS |
The use of TLS 1.0 is not possible for the following ports, all higher versions of TLS are supported:
- 443
- 5061
- 5222
...
STARFACE PBX (Server Addresses)
The following server addresses must be accessible from STARFACE:
...
Address | Port | Protocol | Description |
|---|---|---|---|
| iplookup.starface.com | 80 | HTTP | Automatic determination of the external IP address of STARFACE |
| license.starface.de | 80 | HTTP | Access to the STARFACE license server concerning the cross-checking of licences |
| license.starface.de | 443 | HTTPS | Access to the STARFACE license server concerning the cross-checking of licences |
| license.starface.de | 8383 | HTTPS | Access to the STARFACE license server concerning the cross-checking of licences |
...
| siptrunk.de | 443 | HTTPS | Access to the provider portal |
| starface-cdn.de | 80 | HTTP | Access to updates and STARFACE |
...
| firmware |
...
| starface-cdn.de | 443 | HTTPS | Access to STARFACE updates |
...
| stun.starface.com | 3478 | UDP | Access to the STUN server |
| stun.teamfon.com | 3478 | UDP | Access to the STUN server |
| update.starface.de | 80 | HTTP | Access to STARFACE updates |
| update.starface |
...
| .de | 443 | HTTPS | Access to STARFACE updates |
| www.starface-cdn.de | 80 | HTTP | Access to STARFACE updates |
| www.starface-cdn.de | 443 | HTTPS | Access to STARFACE updates |
...
STARFACE Desktop Apps (Ports)
The following ports must be enabled in both directions between STARFACE and the desktop app to use the two STARFACE desktop apps:
Port | Protocol | Description |
|---|---|---|
| 443 | TCP | Access to basic functions |
| 443 | HTTPS | Access to |
...
| the STARFACE address book | ||
| 554 | UDP | RTSP Streams |
| 5060 | UDP | Autoprovisioning of the server address |
| 5061 | TCP | Establishing a SIP call with TLS encryption |
| 5222 | TCP | Login to the STARFACE XMPP server |
| 8554 | TCP | RTSP Streams |
| 10.000 bis 20.000 | UDP | incoming RTP audio data |
| 1.025 bis 65.535 | UDP | outgoing RTP audio data |
In addition, the correct configuration of the host name, the XMPP domain and the server address used on the STARFACE must be ensured.
| Hinweis |
|---|
| Note: We do not recommend using the app's softphone functionality on a terminal server. This often results in voice quality issues due to the high network load. |
STARFACE Mobile Apps (Ports)
Die folgenden Ports müssen für die Nutzung der beiden STARFACE Desktop Apps in beiden Richtungen zwischen STARFACE und Desktop App freigegeben sein:
Port | Protocol | Description |
|---|---|---|
| 80 | TCP | Access to the STARFACE address book |
| 443 | TCP | Access to basic functions |
| 5060 | UDP | Use via SIP (e.g. call setup) |
| 5061 | TCP | TLS encryption |
| 5222 | TCP | Login to the STARFACE XMPP server |
| 10.000 bis 20.000 | UDP | incoming RTP audio data |
| 1.025 bis 65.535 | UDP | outgoing RTP audio data |
STARFACE Mobile Apps (Server Addresses)
Access for STARFACE Mobile AppsThe following DNS entry must be accessible via port 443 for the STARFACE and the two mobile apps to ensure the functionality of the both STARFACE mobile apps:
- push-cluster.starface.de (from version 7.0.0.19)
- push.starface.de (up to version 7.0.0.8)
The following address must be accessible via HTTPS for both apps via port 443 to ensure the functionality of the apps:
- starface-cdn.de
In addition, the correct configuration of the host name, the XMPP domain and the server address used on the STARFACE must be ensured.
STARFACE Connect (Ports and Server Addresses)
The following subdomain must be accessible from the STARFACE PBX if a STARFACE Connect line is to be used:
cluster.starface-connect.com
If this is not possible, the following IP addresses can also be entered in the firewall:
- 45.143.185.126
- 45.143.185.251
- 194.36.60.125
- 212.79.200.42
- 212.79.202.134
- 194212.3679.60203.12547
- 45212.14379.185206.251208
- 212.79.207.78
- 212.79.220.132
- 212.79.220.134
- 212.79.220.13545.143.185.126
- 212.79.220.36136
- 212.79.220.34
- 212.79.206220.20835
- 212.79.220.3736
- 212.79.200220.4237
- 212.79.203220.4746
- 212.79.220.35
- 47
| Hinweis |
|---|
| Note: We advise against entering individual IP addresses in the firewall |
| . IP addresses |
| can |
| be |
| extended and/or changed at any time. |
STARFACE NEON
...
(Ports and Server Addresses)
A bandwidth of 6 Mbit/s downstream and 3 Mbit/s upstream is required. The following ports must be enabled for each individual workstation (PC or MAC):
| Port | Protocol | Description |
|---|---|---|
| 443 | TCP | Web Socket |
| 443 | HTTPS | Access the interface via HTTPS |
| 40.000 bis 60.000 | UDP | RTP Streams |
Port 443 must also be able to access the following DNS entries:
- meeting.starface-neon.com
- cluster.starface-neon.com
- start.starface-neon.com
Ports 40,000 to 60,000 must also be able to access the following DNS entries:
- cluster.starface-neon.com
If the DNS entry "cluster.starface-neon.com" cannot be used, the following IP addresses must be used alternatively:
| Erweitern | ||
|---|---|---|
| ||
|
| Hinweis |
|---|
| Note: We advise against entering individual IP addresses in the firewall. IP addresses can be extended and/or changed at any time. |
Telephones from the manufacturer Yealink on the STARFACE Cloud
If telephones from the manufacturer Yealink are to be connected to a STARFACE cloud via the Starface partner portal, the Yealink telephones must be able to reach the following hosts:
- dm.yealink.com
- api-dm.yealink.com
- rps.yealink.com
- rpscloud.yealink.com
- pscloud.yealink.com
The following ports must be enabled for the hosts listed above:
- 80
- 443
- 8443
- 8445
- 8446
- 9989