Port Overview | Firewall Configuration
Here you will find an overview of the necessary port clearances in your firewall.
Configure your firewall
Many companies have no restricted Internet access and can therefore use the pascom server immediately, without any adjustment to the firewall.
However, if you specify exactly which Internet services your company network may access, please activate the following ports in your firewall to allow smooth operation of the pascom phone system
| Port | Function | Device | Source | Target |
|---|---|---|---|---|
| 123/UDP/TCP | Access to TimeServer (NTP) | Your Network | ntp.pool.org | |
| 5061/TCP | SIP-Connection | Your Network | pascom.cloud* | |
| 30.000-35.000/UDP | RTP-Voice | Your Network | pascom.cloud* | |
| 636/TCP | LDAPS, Phonebook | Your Network | pascom.cloud* | |
| 8884/TCP | Phone Provisioning | Your Network | pascom.cloud* | |
| 443/TCP | Updates, Push, Fax, Voicemail, Recordings, Filetransfer, WebClient | Your Network | pascom.cloud* | |
| 3478 | Video-Functionality/UDP | Your Network | pascom.cloud* | |
| 5222/TCP | Chat | Your Network | pascom.cloud* | |
| 19302/UDP+TCP | WebRTC / Google STUN | Your Network | pascom.cloud*, stun.l.google.com, stun1.l.google.com, stun2.l.google.com, stun3.l.google.com | |
| 8885/TCP | VPN Tunnel to PBX | Your Network | pascom.cloud* |
Legend
= pascom Server
= Desktop Client
= Mobile Client
= IP-Phone
= WebClient
| * = The pascom.cloud can target different IP addresses
| Port | Function | Device | Source | Target |
|---|---|---|---|---|
| 80 / 443/TCP | Licenseserver, Push | Your Network | my.pascom.net | |
| 443/TCP | pascom Remote Support via VPN | Your Network | tunnel.pascom.net | |
| 25/TCP | Access to pascom Mailserver | Your Network | cloudmx1.pascom.net, cloudmx2.pascom.net | |
| 123/TCP | Access to TimeServer (NTP) | Your Network | ntp.pool.org | |
| 19302/UDP+TCP | WebRTC / Google STUN | Your Network | stun.l.google.com, stun1.l.google.com, stun2.l.google.com, stun3.l.google.com |
To access your devices via the Internet in your network to the pascom telephone system, you need the same port clearances as for the cloud variant. (or also with subnets)
| Port | Function | Device | Target |
|---|---|---|---|
| 5061/TCP | SIP-Connection | Your Network | |
| 30.000-35.000/UDP | RTP-Voice | Your Network | |
| 636/TCP | LDAPS, Phonebook | Your Network | |
| 8884/TCP | Phone Provisioning | Your Network | |
| 443/TCP | Updates, Push, Fax, Voicemail, Recordings, Filetransfer, Client Authentication | Your Network | |
| 3478/UDP | Video-Functionality | Your Network | |
| 5222/TCP | Chat | Your Network | |
| 19302/UDP+TCP | WebRTC / STUN | Your Network | |
| 8885/TCP | VPN Tunnel to PBX | Your Network | |
| 80/TCP | Let’s Encrypt Certificate | Your Network |
Legend
= pascom Server
= Desktop Client
= Mobile Client
= IP-Phone
= WebClient
| * = The pascom.cloud can target different IP addresses
IP addresses of the pascom.cloud
The IP addresses of pascom.cloud are dynamic and can change at any time. For this reason, it is not advisable to set a fixed IPv4 or IPv6 IP address as the firewall rule.
Instead, use the DNS entry “ip.pascom.cloud “. If you resolve it, you will get all IPv4 and IPv6 IP addresses that pascom.cloud is using at the moment.
The DNS record “ip.pascom.cloud “ can be used in two ways
Resolve DNS record manually
Resolve it manually with tools like “dig “ or “nslookup “ to get the IP addresses:
# ipv4 with dig:
dig +short ip.pascom.cloud A
# ipv6 with dig:
dig +short ip.pascom.cloud AAAA
# ipv4 with nslookup
nslookup -q=A ip.pascom.cloud
# ipv6 with nslookup
nslookup -q=AAAA ip.pascom.cloud
Set DNS entry directly in the firewall
Use the DNS record “ip.pascom.cloud “ directly in your firewall as destination or source. This only works if your firewall can use or resolve DNS names instead of IP addresses and updates them regularly.