The network in which the STARFACE is located or its security settings must take into account the following port usage of the STARFACE if the functions of the STARFACE are to be used. This applies in particular when using port forwarding, firewall settings or using NAT.

The partner or network administrator is generally responsible for securing the network. The partner or administrator must decide which of the following ports, URLs and IP addresses must be released or accessible for the individual configuration. No individual recommendations can be made to secure a network. However, a general recommendation is, whenever possible, to set up a VPN to access STARFACE or the network for additional security.

Port

Protocol

Description

53UDP und TCPDNS

80

TCP

Access to the STARFACE web interface and the STARFACE REST interface via http

123

UDP

Set/adjust system time via an external NTP server

389

LDAP

Unencrypted access to an external address book

443

TCP

Access to the STARFACE web interface via https

636

LDAP

Accessing an external address book using TLS

443

TCP

Access to basic functions in the STARFACE Desktop Apps and in the STARFACE Mobile Apps. If the standard port in the web server is changed, the firewall releases must also be adjusted.

1902

UDP

User authentication via Active Directory

3090

TCP und UDP

Set-up and use of the system network

5060

UDP

Use of SIP (e.g. setting up calls)

5060TCPUse of SIP (e.g. setting up calls)

5061

TCP

TLS encryption in the STARFACE Desktop Apps and for encrypted connections belonging to some SIP providers

5222

TCP

Registration of the STARFACE Desktop Apps and the STARFACE Mobile Apps on the STARFACE XMPP server

10.000 bis 20.000

UDP

Incoming RTP audio data

1.025 bis 65.535

UDP

Outgoing RTP audio data

50080

TCP

Autoprovisioning (all 3 types) and telephone menus (unencrypted)

50081

TCP

Autoprovisioning (all 3 types) for Openstage and Snom (with TLS)


The use of TLS 1.0 is not possible for the following ports, all higher versions of TLS are supported:

Access to Server Addresses

The following server addresses must be accessible from STARFACE:

Adress

Port

Protocol

Description

iplookup.starface.com

80

HTTP

Automatic determination of the external IP address of STARFACE

license.starface.de

80

HTTP

Access to the STARFACE license server concerning the cross-checking of licences

license.starface.de

443

HTTPS

Access to the STARFACE license server concerning the cross-checking of licences

license.starface.de8383HTTPS

Access to the STARFACE license server concerning the cross-checking of licences

update.starface.de

80

HTTP

Access to STARFACE updates

update.starface.de

443

HTTPS

Access to STARFACE updates

starface-cdn.de

80

HTTP

Access to STARFACE updates

starface-cdn.de

443

HTTPS

Access to STARFACE updates

www.starface-cdn.de

80

HTTP

Access to STARFACE updates

www.starface-cdn.de

443

HTTPS

Access to STARFACE updates

siptrunk.de

443

HTTPS

Access to the provider portal

Access for STARFACE Mobile Apps

The following DNS entry must be accessible via port 443 for the STARFACE and the mobile apps to ensure the functionality of the STARFACE mobile apps:

STARFACE Connect

The following subdomain must be accessible from STARFACE if a STARFACE Connect line is to be used:

cluster.starface-connect.com

If this is not possible, the following IP addresses can also be entered in the firewall:

It is not recommended to enter individual IP addresses in the firewall, as the IP addresses used can always be expanded and/or changed.

STARFACE NEON

The system requirements for accessing STARFACE NEON are listed in another part of the documentation (Link to the STARFACE NEON documentation).


Telephones from the manufacturer Yealink on the STARFACE Cloud

If telephones from the manufacturer Yealink are to be connected to a STARFACE cloud via the Starface partner portal, the Yealink telephones must be able to reach the following hosts:


The following ports must be enabled for the hosts listed above: