STARFACE WIKI (English)

Seitenhierarchie

Suche

Versionen im Vergleich

Alte Version 3

changes.mady.by.user Redakteur 4

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user Redakteur 1

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

Inhalt

The network in which the STARFACE is located or and its security settings must take into account the following port use usage of the STARFACE into account if the underlying functions are to be used. This is especially important when port forwardings or NAT is used.Further down in the documentation are some example scenarios.applies in particular to the use of port forwarding, firewall settings, or the use of NAT.

Responsibility for securing the network generally lies with the partner or network administrator. They must decide which of the following ports, URLs, and IP addresses are to be released or accessible for the individual configuration. No specific recommendations can be made for securing a network. However, a general recommendation is to set up a VPN for access to STARFACE or the network whenever possible for additional security.

STARFACE PBX (Ports)

address book in the UCC client (Mac and Windows) via https443Access to the STARFACE address book and the function key configurationin the UCC client (Mac and Windows) UCC client 5222UCC and mobile client login onto the XMPP server to to (all 3 types) and telephone menus (unencrypted) (all 3 types) for Openstage and Snom ()

Port

Protocol

Description

53UDPDNS
53TCPDNS

80

TCP

Access to the STARFACE web interface and the STARFACE REST interface via http

80

TCP

Access to the REST Interface of the STARFACE

via http

123

UDP

Set/adjust system time via an external NTP server

389

LDAP

Unencrypted access to an external address book

443

TCP

Access to the STARFACE web interface

via https

636

TCP

LDAP

Accessing an external address book using TLS

1902

UDP

User authentication via Active Directory

3090

TCP

Set-up and use of the system network

3090

UDP

Set-up and use of the system network

3478

UDP

Use of the STUN service

5060

UDP

Use of SIP (e.g. setting up calls)

5060TCPUse of SIP (e.g. setting up calls)

5061

TCP

TLS encryption in the STARFACE Desktop Apps and for encrypted connections belonging to some SIP providers

5061

UDP

TLS encryption in the STARFACE

Desktop Apps and for encrypted connections belonging to some SIP providers

5062

UDP

SIP registration

5062

TCP

SIP registration

5062

UDP

Connecting STARFACE to SIP providers when using Kamailio

5062

TCP

Connecting STARFACE to SIP providers when using Kamailio

5063

TCP

SIP registration / connection of the STARFACE to SIP providers when using Kamailio (encrypted connection)

10.000

bis 20.000

UDP

Incoming RTP audio data

1.025

bis 65.535

UDP

Outgoing RTP audio data

50080

TCP

Autoprovisioning

of devices on the STARFACE

50080

TCP

Unencrypted access to the phone menus

50081

TCP

Autoprovisioning

of SNOM devices with TLS

The use of TLS 1.0 is not possible for the following ports, all higher versions of TLS are supported:

  • 443
  • 5061
  • 52235222

Access for STARFACE Mobile Clients

The following DNS entry must be accessible via port 443 for the STARFACE and the mobile clients to ensure the functionality of the STARFACE mobile clients:

  • push.starface.de
Access to Server Addresses

STARFACE PBX (Server Addresses)

The following server addresses must be accessible from STARFACE:

Adressupdate.starface updatesupdate.-cdn-cdnHTTPS

Address

Port

Protocol

Description

iplookup.starface.com80HTTPAutomatic determination of the external IP address of STARFACE
license.starface.de80HTTPAccess to the STARFACE license server concerning the cross-checking of licences
license.starface.de443HTTPSAccess to the STARFACE license server concerning the cross-checking of licences
license.starface.de8383HTTPSAccess to the STARFACE license server concerning the cross-checking of licences
siptrunk.de443HTTPSAccess to the provider portal
starface-cdn.de80HTTPAccess to updates and STARFACE
firmware
starface-cdn.de443HTTPSAccess to STARFACE updates
stun.starface.com3478UDPAccess to the STUN server
stun.teamfon.com3478UDPAccess to the STUN server
update.starface
.de80HTTPAccess to STARFACE updates
update.starface
.de443HTTPSAccess to STARFACE updates
www.starface-cdn.de80HTTPAccess to STARFACE updates
www.starface-cdn.de443HTTPSAccess to STARFACE updates

siptrunk.de

443

Access to the provider portal

STARFACE Connect

STARFACE Desktop Apps (Ports)

The following IP addresses ports must be accessible from the STARFACE if a STARFACE Connect line is to be used:

  • 37.120.180.58
  • 37.120.180.6

  • 37.120.181.198

  • 37.120.181.229
  • 85.184.250.15

Example scenarios

Here you find some example scenarios and the necessary settings:

Erweitern
titleSTARFACE + SIP Provider

Incoming ports:

enabled in both directions between STARFACE and the desktop app to use the two STARFACE desktop apps:

Port

Protocol

Description

443TCPAccess to basic functions
443HTTPSAccess to the STARFACE address book
554UDPRTSP Streams
5060UDPAutoprovisioning of the server address
5061TCPEstablishing a SIP call with TLS encryption
5222TCPLogin to the STARFACE XMPP server
8554TCPRTSP Streams
10.000 bis

Port

Protocol

Description

Setting

5060

UDP

unencrypted VoIP signaling over SIP

Port Forwarding

5061¹

TCP

encrypted VoIP signaling over SIP

Port Forwarding

10.000 to
20.000UDPincoming RTP audio data
1.025 bis 65.535UDPoutgoing RTP audio data

Port Forwarding

In addition, the correct configuration of the host name, the XMPP domain and the server address used on the STARFACE must be ensured.

Hinweis
Note: We do not recommend using the app's softphone functionality on a terminal server. This often results in voice quality issues due to the high network load.

STARFACE Mobile Apps (Ports)

Die folgenden Ports müssen für die Nutzung der beiden STARFACE Desktop Apps in beiden Richtungen zwischen STARFACE und Desktop App freigegeben sein

Outgoing ports

:

Port

Protocol

Description

80TCPAccess to the STARFACE address book
443TCPAccess to basic functions
Setting
5060UDP

unencrypted VoIP signaling over SIP

Allow direction to WAN

5061¹

TCP

encrypted VoIP signaling over SIP

Allow direction to WAN

Use via SIP (e.g. call setup)
5061TCPTLS encryption
5222TCPLogin to the STARFACE XMPP server
10.000 bis 20.000UDPincoming RTP audio data
1.025 bis
1025 to
65.535UDPoutgoing RTP audio
RTP data

Allow direction to WAN

¹ if supported by the SIP provider

data

STARFACE Mobile Apps (Server Addresses)

The following DNS entry must be accessible via port 443 for STARFACE and the two mobile apps to ensure the functionality of both STARFACE mobile apps:

  • push-cluster.starface.de

The following address must be accessible via HTTPS for both apps via port 443 to ensure the functionality of the apps:

  • starface-cdn.de

In addition, the correct configuration of the host name, the XMPP domain and the server address used on the STARFACE must be ensured.

STARFACE Connect (Ports and Server Addresses)

The following subdomain must be accessible from the STARFACE PBX if a STARFACE Connect line is to be used:

cluster.starface-connect.com

If this is not possible, the following IP addresses can also be entered in the firewall:

  • 45.143.185.126
  • 45.143.185.251
  • 194.36.60.125
  • 212.79.207.78
  • 212.79.200.42
  • 212.79.202.134
  • 212.79.203.47
  • 212.79.206.208
  • 212.79.220.34
  • 212.79.220.35
  • 212.79.220.36
  • 212.79.220.37
  • 212.79.220.43
  • 212.79.220.44
  • 212.79.220.45
  • 212.79.220.46
  • 212.79.220.47
  • 212.79.220.132
  • 212.79.220.134
  • 212.79.220.135
  • 212.79.220.136
Hinweis
Note: We advise against entering individual IP addresses in the firewall. IP addresses can be extended and/or changed at any time.

STARFACE NEON (Ports and Server Addresses)

A bandwidth of 6 Mbit/s downstream and 3 Mbit/s upstream is required. The following ports must be enabled for each individual workstation (PC or MAC):

PortProtocolDescription
443TCPWeb Socket
443HTTPSAccess the interface via HTTPS
40.000 bis 60.000UDPRTP Streams

Port 443 must also be able to access the following DNS entries:

  • meeting.starface-neon.com
  • cluster.starface-neon.com
  • start.starface-neon.com

Ports 40,000 to 60,000 must also be able to access the following DNS entries:

  • cluster.starface-neon.com

If the DNS entry "cluster.starface-neon.com" cannot be used, the following IP addresses must be used alternatively:

Erweitern
titleIP-Adressen für cluster.starface-neon.com
  • 37.120.180.35
  • 46.38.248.10
  • 81.173.112.199
  • 81.173.114.122
  • 81.173.115.149
  • 81.173.115.58
  • 82.165.231.100
  • 82.165.231.146
  • 82.165.231.99
  • 85.184.248.3
  • 85.184.249.183
  • 85.184.249.241
  • 85.184.249.3
  • 85.184.249.83
  • 85.215.237.133
  • 85.215.237.134
  • 85.215.237.135
  • 85.215.237.136
  • 85.215.237.140
  • 85.215.250.229
  • 85.215.250.231
  • 85.215.58.48
  • 85.215.77.95
  • 85.215.77.96
  • 87.106.113.231
  • 87.106.114.223
  • 87.106.114.224
  • 87.106.115.145
  • 87.106.115.146
  • 87.106.115.147
  • 87.106.115.148
  • 157.97.106.186
  • 157.97.108.61
  • 157.97.110.180
  • 157.97.111.160
  • 185.132.45.173
  • 185.132.47.107
  • 185.132.47.211
  • 185.132.47.44
  • 185.48.116.187
  • 185.48.116.212
  • 185.48.116.221
  • 185.48.116.223
  • 212.227.166.69
  • 212.227.179.95
  • 212.227.183.74
  • 212.227.183.75
  • 212.227.183.76
  • 212.227.183.77
  • 212.227.51.220
  • 212.227.68.102
  • 212.227.68.33
  • 212.227.68.65
  • 213.165.73.195
  • 213.165.76.94
  • 217.160.201.100
  • 217.160.201.101
  • 217.160.201.102
  • 217.160.201.103
  • 217.160.201.104
  • 217.160.201.105
  • 217.160.201.106
  • 217.160.201.107
  • 217.160.201.110
  • 217.160.202.66
  • 217.160.203.128
  • 217.160.203.230
  • 217.160.210.120
  • 217.160.210.237
  • 217.160.211.179
  • 217.160.211.180
  • 217.160.216.156
  • 217.160.217.206
  • 217.160.217.207
Hinweis
Note: We advise against entering individual IP addresses in the firewall. IP addresses can be extended and/or changed at any time.

Telephones from the manufacturer Yealink on the STARFACE Cloud

If telephones from the manufacturer Yealink are to be connected to a STARFACE cloud via the Starface partner portal, the Yealink telephones must be able to reach the following hosts:

  • dm.yealink.com
  • api-dm.yealink.com
  • rps.yealink.com
  • rpscloud.yealink.com 
  • pscloud.yealink.com

The following ports must be enabled for the hosts listed above:

  • 80
  • 443
  • 8443
  • 8445
  • 8446
  • 9989
Erweitern
titleSTARFACE + SIP Provider + Homeoffice

Incoming ports:

Port

Protocol

Description

Setting

443TCPHTTPS web interface / REST-APIPort Forwarding

5060

UDP

unencrypted VoIP signaling over SIP

Port Forwarding

5061¹

TCP

encrypted VoIP signaling over SIP

Port Forwarding

5222

TCP

XMPP server of STARFACE (Chat and UCI)

Port Forwarding

50080

TCP

unencrypted autoprovisioning of telephones

Port Forwarding

50081

TCP

encrypted autoprovisioning of telephones

Port Forwarding

10.000 to 20.000

UDP

incoming audio RTP data

Port Forwarding

Outgoing ports:

Port

Protocol

Description

Setting

5060

UDP

unencrypted VoIP signaling over SIP

Allow direction to WAN

5061¹

TCP

encrypted VoIP signaling over SIP

Allow direction to WAN

5222

TCP

XMPP server of STARFACE (Chat and UCI)

Allow direction to WAN

50080

TCP

unencrypted autoprovisioning of telephones

Allow direction to WAN

50081

TCP

encrypted autoprovisioning of telephones

Allow direction to WAN

1.025 to 65.535

UDP

outgoing audio RTP data

Allow direction to WAN

¹ if supported by the SIP provider

Erweitern
titleSTARFACE + SIP Provider + Mobile Clients (Android & iPhone)

Incoming ports:

PortProtocolDescriptionSetting443TCPHTTPS web interface / REST-APIPort Forwarding5060UDPunencrypted VoIP signaling over SIPPort Forwarding5061¹TCPencrypted VoIP signaling over SIPPort Forwarding5222TCPXMPP server of STARFACE (Chat and UCI)Port Forwarding50080TCPunencrypted autoprovisioning of telephonesPort Forwarding50081TCPencrypted autoprovisioning of telephonesPort Forwarding10.000 to 20.000UDPincoming audio RTP dataPort Forwarding

Outgoing ports:

PortProtocolDescriptionSetting443TCPHTTPS web interface / REST-APIAllow direction to WAN5060UDPunencrypted VoIP signaling over SIPAllow direction to WAN5061¹TCPencrypted VoIP signaling over SIPAllow direction to WAN5222TCPXMPP server of STARFACE (Chat and UCI)Allow direction to WAN50080TCPunencrypted autoprovisioning of telephonesAllow direction to WAN50081TCPencrypted autoprovisioning of telephonesAllow direction to WAN1025 to 65.535UDPoutgoing audio RTP dataAllow direction to WAN¹ if supported by the SIP provider