Fonolo Appliances
The Fonolo Appliance is a 1U rack-mount Dell server running a mix of open-source and proprietary Fonolo software. They are installed on your premise, and remotely monitored and maintained by Fonolo, as part of the Fonolo call-back license. Fonolo uses Dell PowerEdge series servers.
Specifications
The Appliances include:
- Dual 1GB copper Ethernet ports.
- Dual redundant power supplies.
- Dual mirrored hard drives.
- Four-post or two-post (relay rack style) rack-mount rails.
Power Requirements
The Appliances include dual redundant 550 W (100-240v, 50/60 Hz, C13) power supplies, and include two standard (C13) power cables.
Both power supplies must be connected to a power source. Fonolo recommends connecting each power supply to a distinct power source, so that in the event of a power failure, the Appliance continues to function.
Network Configuration
Before Fonolo can ship your Appliances, you must provide Fonolo with network configuration settings, so they can be pre-configured. The Appliances have two 1GB copper Ethernet ports, which can be set up in a variety of configurations. Fonolo will configure network ports, starting with physical port 1 on the Appliances.
Configurations you can choose from include:
- Single Network Connection: a single IP address is configured on physical port 1.
- Active/Backup: (bond mode=1) using physical ports 1 and 2, a single IP address will be configured. Only one physical port will be active at a time, so it’s safe to plug both interfaces in the same switch, but using two different switches is recommended.
- LACP (802.3ad): (bond mode=4) using physical ports 1 and 2, a single IP address will be configured, and traffic will be balanced across both interfaces. This mode requires a switch that supports 802.3ad link aggregation.
Network Settings
Fonolo requires a unique, externally routable IP address per Appliance. The Appliances can be configured with the external IP addresses directly, or can be configured with private network space and placed behind a NAT gateway using 1-to-1 NAT – whichever way best suits your network security requirements.
Fonolo will require:
- IP address / subnet for each network interface
- Gateway IP address
If the Appliances will be behind a NAT gateway, Fonolo needs both the public IP address (for remote connections), as well as the private IP address information (to configure on the network interfaces).
Firewall Rules
Fonolo will require that specific network ports be opened on your firewalls in order to communicate with the Appliance.
External Connections:
Five network ports are required for 2-way communication between the local Appliances and the Fonolo Cloud (64.190.42.128/25):
- TCP/5061 – Secure SIP; Fonolo service
- TCP/443 – HTTPS; Fonolo service, remote management and monitoring
- TCP/22 –SSH; Remote management
- UDP/123 – NTP
- TCP&UDP/53 – DNS
All three of these network ports are required for the Fonolo service to work.
If the Appliances are to be used behind a NAT gateway, NAT timeout rules will need to be adjusted to make sure that connections aren’t dropped mid-call, as the SIPS connections between the Fonolo Cloud and the Appliances often have long periods with no data transferred. We would suggest a 4-6 hour timeout.
Internal Connections:
Inside your network, the Appliances will need to communicate directly with your SIP gateway, media gateways, and in most implementations, your agent handsets. The Appliances listen on the follow ports for SIP/RTP:
- UDP/5060 or TCP/5060 – SIP (UDP is recommended)
- UDP/10,000–20,000. This RTP port range is configurable on the appliances, if there is a preferred range.
Your platform will communicate with the Appliances on these ports. Outbound (from the Appliances to your system), the follow ports are used:
- UDP/5060 or TCP/5060 – SIP to your SIP gateway. For example, to Avaya Session Manager. (UDP is recommended)
- A UDP port range (min/max) for RTP data, which matches the media settings on your phone system.
This connection will be between the Appliances and your media gateways and to your agent handsets directly, depending on your platform settings.
Depending on your platform settings, your system may be configured to perform a re-INVITE (also referred to as “Direct Media”), instructing the Appliances to send RTP data directly to agent handsets, bypassing the media gateways. However for this work properly, firewall rules need to be configured in a way that allows the Appliances to communicate directly with agent handsets.
The Appliances also make outbound connections to support the service, and for server functionality (e.g. NTP to maintain the system clock, outbound HTTP connections for package management, etc.). If outbound ACLs are in-use, we can provide a list of outbound ports required. The Appliances must also be able to communicate with each other in order to synchronize data used for audio recordings and call attached data. This requires the following port to be open between all Appliances:
- TCP/443 – HTTPS; for synchronization of the Appliances.
IPSec VPN
Fonolo supports connecting to companies via a direct site-to-site IPsec VPN. For more details, see Connecting via an IPSec VPN.