Firewall Requirements for Direct Routing

Firewall Rules

Session Border Controller


Direct Routing Interface

Service Traffic From To Source Port Destination Port
SIP Proxy SIP/TLS __ SBC 1024 – 65535 < Defined on the SBC >
SIP Proxy SIP/TLS SBC < SIP Proxy > < Defined on the SBC > 5061
Media Processor UDP/SRTP < Media Processor > SBC 49152 – 53247 < Defined on the SBC >
Media Processor UDP/SRTP < SBC > < Media Processor > < Defined on the SBC > 49152 – 53247



The SIP Proxy and Media Proxy above should resolve to all IP Addresses of sip-all.pstnhub.microsoft.com When defining the Ports always a minimum of 2 ports per concurrent call

SIP Trunk Interface

Service Traffic From To Source Port Destination Port
Signalling SIP/TLS ITSP SBC Defined by ITSP Defined on the SBC
Signalling SIP/TLS SBC ITSP Defined on the SBC Defined by ITSP
Media UDP/SRTP/RTP ITSP SBC Defined by ITSP Defined on the SBC
Media UDP/SRTP/RTP SBC ITSP Defined on the SBC Defined by ITSP

Management Interface


Service Traffic From To Source Port Destination Port
Management TCP Internal Network SBC any 443
Management TCP Internal Network SBC any 23
Management TCP Internal Network SBC any 22
Management ICMP Internal Network SBC any ICMP
Management TCP/UDP SBC Internal Network any 53
Management TCP/UDP SBC Internal Network any 514

Teams Client

Service Traffic From To Source Port Destination Port
Management TCP Internal Network