GitHubContribute in GitHub: Edit online

copyright: years: 2017, 2023 lastupdated: "2023-01-07"


Port and endpoint settings for firewalls

If you deploy IBM® Voice Gateway behind a firewall, you must open several ports and URL endpoints in the firewall to allow inbound and outbound connections.

Port settings

To view the ports and IP addresses that are exported from the Docker containers, run the following command:

 docker ps

Voice Gateway processes SIP and RTP media streams on one side of the firewall and connects out to Watson services on the other side. For these connections to be successful, the following IPs and ports must be open in your firewall:

Table 1. IP addresses and ports that must be open
Purpose IP value Default port value Direction Protocol Configuration environment variable
Audio to Voice Gateway IP address of the Media Relay 16384-16394 Inbound RTP over UDP RTP_UDP_PORT_RANGE
RTCP for audio to Voice Gateway IP address of the Media Relay Port for audio to Voice Gateway + 1 Inbound RTCP over UDP N/A
SIP to Voice Gateway (unsecured) IP address of the SIP Orchestrator 5060 Inbound UDP or TCP SIP_PORT and SIP_PORT_TCP
SIP to Voice Gateway (secured) IP address of the SIP Orchestrator 5061 Inbound TLS only SIP_PORT_TLS
SIP from Voice Gateway (if UDP) IP address of the SIP trunk 5060 Outbound UDP only SIP_PORT
Audio from Voice Gateway IP address of the SIP trunk Defined by SIP Trunk Outbound RTP over UDP N/A
RTCP for audio from Voice Gateway IP address of the SIP trunk Port for audio from Voice Gateway + 1 Outbound RTCP over UDP N/A
Connect to Watson services Configured Watson endpoints 443 Outbound TCP (Web Sockets and REST) N/A

For most firewalls, you only have to configure inbound access because ports for outbound traffic are typically open.

If you want to change the ports that Voice Gateway uses, you can specify different ports on the related configuration environment variable. For more information about configuring Voice Gateway, see Configuration environment variables for Voice Gateway.

Endpoint settings

The firewall must allow outbound connections to the API endpoints for the Watson services used by Voice Gateway.

The endpoint URLs vary by service and location:

Table 2. API endpoint URLs that must be open
Service API endpoint
Watson Assistant https://api.{location}.assistant.watson.cloud.ibm.com
Speech To Text https://api.{location}.speech-to-text.watson.cloud.ibm.com
Text To Speech https://api.{location}.text-to-speech.watson.cloud.ibm.com
IAM authentication https://iam.cloud.ibm.com

where {location} is the location of your service instance (for example, us-south or jp-tok). You can verify the correct URL on the dashboard page for your service instance.