iPhone Wi-fi calling firewall rules
studerje1
Enthusiast - Level 3

It appears that the wi-fi calling feature that has finally rolled out for iPhones with iOS 9.3 will require some firewall changes for corporate firewalls.

It looks like the feature establishes a per app vpn for the calling feature. IPsec and ike protocols appear to be in use.

I'm hoping to find documentation from Verizon on what ports and addresses to enabled for this feature.

Can anyone point me in the right direction?

Labels (1)
1 Solution

Correct answers
Re: iPhone Wi-fi calling firewall rules
Weth
Legend

Have you seen this Cisco document fo getting wifi calling working?  IPSec using UDP ports 500 and 4500. 

Wi-Fi Calling White Paper - Cisco

View solution in original post

0 Likes
Re: iPhone Wi-fi calling firewall rules
Weth
Legend

Have you seen this Cisco document fo getting wifi calling working?  IPSec using UDP ports 500 and 4500. 

Wi-Fi Calling White Paper - Cisco

0 Likes
Re: iPhone Wi-fi calling firewall rules
studerje1
Enthusiast - Level 3

@Weth, thanks for the document, I had not seen it yet.

I see the line that states: "IPsec: The enterprise firewall policy needs to enable User Datagram Protocol (UDP) ports 500 and 4500 for IPsec to work properly."

I'm looking for a specific range of destination IP addresses to allow for the outbound rule. Just allowing the ports outbound without a specific destination won't work for use. We need to keep our outbound traffic limited to specific destinations.

Thanks,

-Jon

0 Likes
Re: iPhone Wi-fi calling firewall rules
Weth
Legend

Got it.  Same reason I can't get it turned on in our hospital.  Sure would be great for the far reaches of the basement with X-ray blocking walls near the radiology suite!  Unless someone chimes in at a level of Verizon network technical knowledge that I have not seen in this forum, you'll need to get by the first 2 layers of CS so a third level can put in a request for a technical contact.  

Did you see where it is connecting to from a less controlled network, I.e. Home? 

0 Likes
Re: iPhone Wi-fi calling firewall rules
studerje1
Enthusiast - Level 3

agreed. Not going to hold my breath.

I called CS today and they told me to call Apple Care Support number because CS had not been briefed on 9.3 calling feature yet, and since it's an Apple device, I needed to call Apple.

I think I'm going to try our business rep.

I also sent a tweet to @VZWSupport to see if they had any info, nothing yet. trying multiple channels to see if I can get a quick resolution.

0 Likes
Re: iPhone Wi-fi calling firewall rules
studerje1
Enthusiast - Level 3

Still haven't found any official documentation yet but I did some sleuthing and found the following needs to be enabled.

As @Weth noted, the Cisco document recommends the following ports need to be allowed outbound

udp/4500

udp 500

Only 2 Verizon IP addresses appear in the destination list, but not sure if they are regional.

141.207.225.232 - 232.sub-141-207-225.myvzw.com (Appears to be West coast)

141.207.227.232 - 232.sub-141-207-227.myvzw.com (Appears to be East coast)

We've enabled outbound traffic to these addresses on these ports and it works.

YMMV

Re: iPhone Wi-fi calling firewall rules
studerje1
Enthusiast - Level 3

This continues to work successfully for us. Still nothing back from Verizon support.

0 Likes
Re: iPhone Wi-fi calling firewall rules
vzw_customer_support
Customer Service Rep

studerje1, We always want your concerns to be addressed and solved properly. This is a community forum and we provide the community the initial opportunity to answer here. We do see here that @Weth was able to provide you with a great solution to your concern. Is everything working currently? Do you have any other concerns?
JoelR_VZW
Follow us on Twitter @VZWSupport
If my response answered your question please click the �Correct Answer� button under my response. This ensures others can benefit from our conversation. Thanks in advance for your help with this!!

0 Likes
Re: iPhone Wi-fi calling firewall rules
studerje1
Enthusiast - Level 3

as you can see by my initial response to his post.

I acknowledged that it was helpful, but was only half of the answer I'm seeking.

"I'm looking for a specific range of destination IP addresses to allow for the outbound rule. Just allowing the ports outbound without a specific destination won't work for us. We need to keep our outbound traffic limited to specific destinations."

0 Likes
Re: iPhone Wi-fi calling firewall rules
vortix
Enthusiast - Level 2

For what it's worth, I detected a connection to IP 141.207.175.232 when making a WiFi call in Ohio.  Hopefully Verizon can chime in with an official, complete list of IPs.

0 Likes