Firewall Requirements for Direct Routing

Firewall Rules


SBC- Direct Routing Interface


Service Traffic From To Source Port Destination Port
SIP Proxy SIP/TLS 52.114.148.0, 52.114.132.46, 52.114.75.24, 52.114.76.76, 52.114.7.24, 52.114.14.70 {{ sbc public ipaddress }} 1024 – 65535 {{ sbc sip interface }}
SIP Proxy SIP/TLS {{ sbc public ipaddress }} 52.114.148.0, 52.114.132.46, 52.114.75.24, 52.114.76.76, 52.114.7.24, 52.114.14.70 {{ sbc sip interface }} 5061
Media Processor UDP/SRTP 52.112.0.0 /14 {{ sbc public ipaddress }} 49152 – 53247 {{ sbc media ports }}
Media Processor UDP/SRTP {{ sbc public ipaddress }} 52.112.0.0 /14 {{ sbc media ports }} 49152 – 53247



The SIP Proxy and Media Proxy above should resolve to all IP Addresses of sip-all.pstnhub.microsoft.com When defining the Ports always a minimum of 2 ports per concurrent call

SBC - SIP Trunk Interface


Service Traffic From To Source Port Destination Port
Signalling SIP/TLS {{ itsp ipaddress }} {{ sbc ipaddress }} any {{ sbc sip interface port }}
Signalling SIP/TLS {{ sbc ipaddress }} {{ itsp ipaddress }} {{ sbc sip interface port }} {{ itsp sip interface port }}
Media UDP/SRTP/RTP {{ itsp ipaddress }} {{ sbc ipaddress }} any {{ sbc media ports }}
Media UDP/SRTP/RTP {{ sbc ipaddress }} {{ itsp ipaddress }} {{ sbc media ports }} {{ itsp media ports }}

SBC - Management Interface


Service Traffic From To Source Port Destination Port
Management TCP {{ Internal Network }} {{ sbc ipaddress (oamp) }} any 443
Management TCP {{ Internal Network }} {{ sbc ipaddress (oamp) }} any 23
Management TCP {{ Internal Network }} {{ sbc ipaddress (oamp) }} any 22
Management ICMP {{ Internal Network }} {{ sbc ipaddress (oamp) }} any ICMP
Management TCP/UDP {{ sbc ipaddress (oamp) }} {{ Internal Network }} any 53
Management TCP/UDP {{ sbc ipaddress (oamp) }} {{ Internal Network }} any 514

Teams Client

Service Traffic From To Source Port Destination Port
Management TCP {{ Internal Network }}