copyright: years: 2017, 2023 lastupdated: "2023-01-07"
Port and endpoint settings for firewalls
If you deploy IBM® Voice Gateway behind a firewall, you must open several ports and URL endpoints in the firewall to allow inbound and outbound connections.
Port settings
To view the ports and IP addresses that are exported from the Docker containers, run the following command:
docker ps
Voice Gateway processes SIP and RTP media streams on one side of the firewall and connects out to Watson services on the other side. For these connections to be successful, the following IPs and ports must be open in your firewall:
Purpose | IP value | Default port value | Direction | Protocol | Configuration environment variable |
---|---|---|---|---|---|
Audio to Voice Gateway | IP address of the Media Relay | 16384-16394 | Inbound | RTP over UDP | RTP_UDP_PORT_RANGE |
RTCP for audio to Voice Gateway | IP address of the Media Relay | Port for audio to Voice Gateway + 1 | Inbound | RTCP over UDP | N/A |
SIP to Voice Gateway (unsecured) | IP address of the SIP Orchestrator | 5060 | Inbound | UDP or TCP | SIP_PORT and SIP_PORT_TCP |
SIP to Voice Gateway (secured) | IP address of the SIP Orchestrator | 5061 | Inbound | TLS only | SIP_PORT_TLS |
SIP from Voice Gateway (if UDP) | IP address of the SIP trunk | 5060 | Outbound | UDP only | SIP_PORT |
Audio from Voice Gateway | IP address of the SIP trunk | Defined by SIP Trunk | Outbound | RTP over UDP | N/A |
RTCP for audio from Voice Gateway | IP address of the SIP trunk | Port for audio from Voice Gateway + 1 | Outbound | RTCP over UDP | N/A |
Connect to Watson services | Configured Watson endpoints | 443 | Outbound | TCP (Web Sockets and REST) | N/A |
For most firewalls, you only have to configure inbound access because ports for outbound traffic are typically open.
If you want to change the ports that Voice Gateway uses, you can specify different ports on the related configuration environment variable. For more information about configuring Voice Gateway, see Configuration environment variables for Voice Gateway.
Endpoint settings
The firewall must allow outbound connections to the API endpoints for the Watson services used by Voice Gateway.
The endpoint URLs vary by service and location:
Service | API endpoint |
---|---|
Watson Assistant | https://api.{location}.assistant.watson.cloud.ibm.com |
Speech To Text | https://api.{location}.speech-to-text.watson.cloud.ibm.com |
Text To Speech | https://api.{location}.text-to-speech.watson.cloud.ibm.com |
IAM authentication | https://iam.cloud.ibm.com |
where {location}
is the location of your service instance (for example, us-south
or jp-tok
). You can verify the correct URL on the dashboard page for your service instance.