Two specific policies must be put in place on your network's firewall to ensure you receive all audio on Flowroute calls. SIP signaling (call control) Allow UDP and TCP traffic over port 5060 from the following server IP addresses: NOTE: If your system has issues connecting over port 5060 , you can use 5160 as an alternate SIP port. Point of Presence (PoP) SIP Proxy IP Range UNITED STATES US-West-OR us-west-or.sip.flowroute.com 34.210.91.112/28 US-East-VA us-east-va.sip.flowroute.com 34.226.36.32/28 ASIA PACIFIC AP-East-HK ap-east-hk.sip.flowroute.com 16.163.86.112/30 AP-Southeast-SIN ap-southeast-sin.sip.flowroute.com 3.0.5.12/30 EMEA EU-West-LDN eu-west-ldn.sip.flowroute.com 3.8.37.20/30 EU-Central-FRA eu-central-fra.sip …

IP Tables script A fairly simple IP Tables script for allowing Flowroute, SSH, and HTTPS access to your system can be implemented as follows: To allow SIP Signaling from Flowroute's Primary and Secondary proxies are as follows: iptables -A INPUT -s sip-la1.flowroute.com -p UDP --dport 5060 -j ACCEPT iptables -A INPUT -s sip-lv1.flowroute.com -p UDP --dport 5060 -j ACCEPT To allow RTP Media (audio) into your system (verify the RTP range your system needs as this may vary): iptables -A INPUT -p UDP --dport 10000:20000 -j ACCEPT To allow SSH Access into your system (allow this only if you need it) , where xxx.xxx.xxx.xxx is a trusted source IP or hostname you would be connecting from. iptables -A INPUT -s xxx.xxx.xxx.xxx -p TCP --dport 22 -j ACCEPT To allow HTTPS access to your system (allow this …

… rtp.conf from 10000-20000 down to 19000-20000 . This reduces the number of open ports on your system. Change the default ARI, AMP, and FOP passwords in the amportal.conf . It is ideal to lock-out the AMI port—the default is 5038 using IP Tables from anyone outside your network. NOTE: This file only exists on systems which have the FreePBX installed. Ensure that your Asterisk phone system uses strong passwords and that no blank password is set as a default password. You can generate strong passwords from any of the following sites: www.strongpasswordgenerator.com Norton Password Generator Gibson Research Corporation Use a Firewall to restrict traffic from and into your system. For example, this might be done using IP Tables. See IP Tables for information on using IP Tables. Review your system logs as well keep your system patched and up-to-date from application flaws.

On occasion, configured PBX systems may need to have internal configurations changed due to service updates. When a change occurs on an edge proxy (Point of Presence), there are a few details to consider to continue service uninterrupted. Resources: Edge Proxy information IPs of new Edge Proxies Access to local/remote PBX configurations Access to firewall configurations Access to the Flowroute Manage portal Checklist: Access the Flowroute Manage portal Navigate to Interconnection > Registration Make note off ALL displayed Point of Presence Options Review and change all IPs referencing the previous/current PoP details in the active firewall The PBX registered to Flowroute network will need to be reviewed for active PoP IPs/SRV On the DID page of the Manage Portal, there may be usage of inbound routes Review existing inbound routes for active PoP routing. If any routes reference a retired PoP, you will need to change it …

… next month) IMPACT: This change will affect any PBX which connects to EU-West-AMS Edge Proxy. Affected Edge Proxy Information: SRV: eu-west-ams.sip.flowroute.com CIDR: 147.75.81.150/31 (Alternative) EU-Central-FRA Edge Proxy Information: SRV: eu-central-fra.sip.flowroute.com CIDR: 3.71.103.56/30 NOTE: In-flight calls will be unaffected. The decommissioning of Amsterdam Edge Proxy will be permanent and will not be restored at a later date. ACTION REQUIRED: Edge proxies found on the Flowroute Interconnection page will need to be added to your current firewall whitelist. You will also need to replace the existing EU-West-AMS EP with another EP. We recommend connecting to Frankfurt Edge Proxy (eu-central-fra.sip.flowroute.com, the next closest option) before June 21, 2022. For more detailed information please refer to our Knowledge Base article . Sincerely, The Flowroute Team

… current registrations and find out if your phone system is impacted. 2. Chan_sip based systems don't properly resolve our PoPs' SRV records, which contain 16 IP addresses in each IP block. You need to upgrade to PJSIP in order to use modern PoPs. More information is below: Chan_SIP and Chan_PJSIP PSA: chan_sip status changed to “deprecated” & Asterisk 17.0.0-rc2 Release Migrating from chan_sip to res_pjsip 3. Firewall requirements can be found in our Knowledge Base: Setting up your firewall for Flowroute PoPs and in Flowroute Manage Portal: Interconnection->Registration . You will need to whitelist ALL our IP ranges regardless of the PoP you have chosen as the preferred one. 4. Select your preferred Point of Presence based on your geographical and infrastructure preferences. Please visit this article How to set up your preferred PoP in our Knowledge Base. 5. Our Generic …

… your audio stream. Direct Media allows us to offer competitive rates and great domestic and international connections for all of our customers, regardless of geographic location. IMPORTANT: Keep Direct Media in mind while configuring your SIP device's local network, as the only call data that passes through our servers directly is your SIP signaling traffic – mere kilobits of data that allow us to connect your call to a media gateway delivering the highest call quality available. To optimize your call audio, the Firewall Policies , NAT Configuration (Port Forwarding) , and Quality of Service (QoS) settings should allow and prioritize call audio (RTP media via UDP transport) from any source IP over your system's public media port range. NOTE: If you've used other VoIP Providers in the past that don't have Direct Media network architecture, you may find that you need new network settings when transitioning to Flowroute.

… 226.36.32/28 NOTE: In-flight calls will be unaffected. The decommissioning of the New Jersey Edge Proxy will be permanent and will not be restored at a later date. For US customers, OR and VA Edge proxies will remain redundant alternatives for each other. Our unique Direct Media Delivery technology allows this change with NO impact on audio quality, including when your PBX is located on the East coast and connecting to the West coast Edge Proxy. ACTION REQUIRED: Edge proxies found on the Flowroute Interconnection page will need to be added to your current firewall whitelist. You will also need to replace the existing US-East-NJ EP with another EP. We recommend connecting to Virginia Edge Proxy (US-East-VA.sip.flowroute.com, the next closest option) before August 16, 2022. For more detailed information please refer to our Knowledge Base article .   Sincerely, The Flowroute Team

… addresses. Affected Edge Proxy Information: FQDN (no change): ap-east-hk.sip.flowroute.com Old (current) CIDR: 147.75.42.200/31 New (future) CIDR: 16.163.86.112/30 NOTE: In-flight calls will be unaffected. The IP range change of Hong Kong Edge Proxy will be permanent and will not be restored at a later date. ACTION REQUIRED: Edge proxies found on Flowroute Interconnection page will need to be added to your current firewall whitelist. You’ll need to whitelist the new IP range before June 14, 2022 , to make sure your PBX is ready to receive inbound calls from the new IPs. We’ll be announcing the exact time frame IP range is changing in the next email communication. For more detailed information please refer to our Knowledge Base article . If you have any questions, please don't hesitate to contact our support team using this form …

… the PBX is still looking for the us-west-wa.sip.flowroute.com: check any settings that are blocking the other PoP's IP addresses. A PBX that is using a SIP Registration as the connection is refusing to connect or accept calls: Check the SIP Registration route on the PBX to make sure any established connections are NOT pointing to us-west-wa.sip.flowroute.com. Update the SIP Registration to any of the other Flowroute edge proxies The PBX uses Host routes and does not use SIP Registration, but it will not accept new calls: Check a potential firewall to verify the other Flowroute edge proxy IPs are allowed through If the firewall has not been restarted since the change in your PBX, restart and allow for some time to re-establish the connection and check for the rules allowing the other PoP IPs through Flowroute edge proxies

… Please learn about Anticipatory charges which might be applied if system determines that your upcoming monthly charges will put your balance below the auto-replenishment balance trigger. Review our Pricing Schedule The standard pricing schedule can be found on our public website Account-specific Inbound rates Account-specific Outbound rates Standard Messaging rates Port Order costs CNAM lookup cost E911 costs Interconnections and SIP Setup Setup your Phone System You can find basic PBX and Firewall guides in the Configuration Guides section on the left. Setup Messaging API NOTE: You can only send/receive SMS/MMS using our Messaging API , this feature isn't available in Manage Portal. Please refer to these guidelines to get more information. Get Help Discover our Support Knowledge Base and learn how to build simple yet powerful voice and texting applications with the API Resources . Our Phone Support is available Monday through Friday, from 8 …