What are the wifi calling firewall ports and destination IP addresses

"Negative Ghost Rider"

I am the employer, therefor I provide the internet to our employees and say where they can and can not go.

Our company uses multiple ISPs so who provides us internet will make no difference as I am the one under control of our corporate firewall. And I am the one who restricts access through it.

If you don't understand my original question, please step this up to level 2 or 3 support.

This is not that difficult of a question. Both ATT and T-Mobile give this information freely out on the internet. This should not be that hard for Verizon as well.

Here is ATT

https://www.att.com/esupport/article.html#!/wireless/KM1114459?gsi=OTUFR_I

Here is T-mobile

Wi-Fi Calling on a corporate network | T-Mobile Support

PCOVELL74, I fully understand your request over the firewall ports and destination IP addresses requested. As you're in charge of helping facilitate the internet connection, I know it's vital you have all the correct configurations on hand so your Verizon users can use Wi-Fi Calling.

At this time,we don't have an internal or public resource I can provide you with to fully confirm all the ports and IP addresses Verizon Wireless may use. Truthfully, no one via Verizon Customer Service or Tech Support would be able to answer this question and I'm the highest level of Tech Support. I wish I had better news and am surprised myself we don't have this information available to the public. Going forward as I do want to see a resolution to this, I will lift this concern up to the appropriate support team so that I can provide you with any information we can gather. Please allow me 2 to 3 business days to follow up with you directly. Thank you.

Alan_VZW
Follow us on TWITTER @VZWSupport
If my response answered your question please click the _Correct Answer_ button under my response. This ensures others can benefit from our conversation. Thanks in advance for your help with this!!

I found this Verizon article online.Looks to be for Verizon wireless extenders.

Unblock Ports / IP Addresses - Verizon Wireless Network Extender | Verizon Wireless

Some of these ports are the same that T-mobile and ATT are using. 500 and 4500 which are for IKE and IPSEC. That would make since its needed to create the VPN tunnel for the call.

53 is DNS

123 is NTP

5242 I'm not sure about. Must be some random port just used by Verizon.

They are also recommending access to these FQDNs  (sg.vzwfemto.com) and (gps.vzwfemto.com) with a list of IP addresses

I'm going to allow outbound access on ports 500,4500, and 5242 only to these domain names and see what it does.

If you guys @ Verizon do some more research to back this up, that would be helpful.

PCOVELL74, Thanks so much for your patience while I did some extra research for your firewall ports and IP addresses request.

The corporate Wi-Fi needs to allow clear access to the Internet and their devices must not have restrictions on Internet access. For Wi-Fi networks that block VPN traffic, they will need to ensure ports 500 and 4500 are open devices to connect to our ePDGs via IPSEC tunnels. IPSEC is the encryption used to secure these calls over the Internet. Corporate firewalls must allow ESP packets on any ports (0-65535) for both outbound and inbound directions.

In addition, to support 911 calls the corporate Wi-Fi also needs to support HTTPS protocol and its associated port 443. The URL the device client uses to register the emergency address is https://spg.vzw.com/SSFGateway/e911Location/changeAddress

The corporate Wi-Fi must also allow DNS access to the ePDG FQDN: wo.vzwwo.com

VoWiFi calls are carried within IPSEC tunnels. The key protocols to support the IPSEC tunnel are IKEv2 (Internet Key Exchange Version 2, RFC 5996), ESP (IP Encapsulating Security Payload, RFC 4303), and UDP Encapsulation of IPsec ESP Packets (RFC 3948). The enterprise Wi-Fi network/ISP must ensure they do not block these protocols and the corresponding ports used by these protocols. This is all the information we have regarding our available IPs, ports and protocol. I hope this information is helpful going forward.

Alan_VZW
Follow us on TWITTER @VZWSupport
If my response answered your question please click the _Correct Answer_ button under my response. This ensures others can benefit from our conversation. Thanks in advance for your help with this!!

Surely by now, Verison has gotten their act together. We provide Wi-Fi access to many people in many different locations. We need to be able to block a lot of internet activity for security reasons. We also need to allow Verizon Wi-Fi Calling and Text Messaging. I have been able to get this info from the other 'big 2' companies. Can you please provide a link where this is listed - perhaps in a private message if you are worried about releasing this information. Or perhaps a contact to where we can get this information.

Throw them on a Vlan with IPSec pass through enabled. Or static map the mac's and create a specific rule. If these parameters are too broad, do what the rest of us do and capture ports from the firewall logs.