Appliance Integration Guide

Fonolo Appliances

The Fonolo Appliance is a 1U rack-mount Dell server running a mix of open-source and proprietary Fonolo software. They are installed on your premise, and remotely monitored and maintained by Fonolo, as part of the Fonolo call-back license. Fonolo is currently using the Dell PowerEdge R430 server, but reserves the right to change the exact model used, as the Dell product line changes over time.

Specifications

The Appliances include:

  • Quad 1GB copper Ethernet ports.
  • Dual redundant power supplies.
  • Dual mirrored hard drives. One spare hard drive is included with the Appliances.
  • Four-post or two-post (relay rack style) rack-mount rails.

Power Requirements

The Appliances include dual redundant 550 W (100-240v, 50/60 Hz, C13) power supplies, and include two standard (C13) power cables.

Both power supplies must be connected to a power source. Fonolo recommends connecting each power supply to a distinct power source, so that in the event of a power failure, the Appliance continues to function.

Network Configuration

Before Fonolo can ship your Appliances, you must provide Fonolo with network configuration settings, so they can be pre-configured. The Appliances have four 1GB copper Ethernet ports, which can be set up in a variety of configurations. Fonolo will configure network ports, starting with physical port 1 on the Appliances.


Configurations you can choose from include:

  • Single Network Connection: a single IP address is configured on physical port 1.
  • Master/Slave Mode: (bond mode=1) using physical ports 1 and 2, a single IP address will be configured. Only one physical port will be active at a time, so it’s safe to plug both interfaces in the same switch, but using two different switches is recommended.
  • LACP (802.3ad): (bond mode=4) using physical ports 1 and 2, a single IP address will be configured, and traffic will be balanced across both interfaces. This mode requires a switch that supports 802.3ad link aggregation.

A combination of the above configurations is also possible using the additional physical ports 3 and 4.

Network Settings

Fonolo requires a unique, externally routable IP address per Appliance. The Appliances can be configured with the external IP addresses directly, or can be configured with private network space and placed behind a NAT gateway using 1-to-1 NAT – whichever way best suits your network security requirements.

Fonolo will require:

  • IP address / subnet for each network interface
  • Gateway IP address
  • DNS servers
  • NTP servers (if available, otherwise public NTP servers will be used)
Note

If the Appliances will be behind a NAT gateway, Fonolo needs both the public IP address (for remote connections), as well as the private IP address information (to configure on the network interfaces).

Firewall Rules

Fonolo will require that specific network ports be opened on your firewalls in order to communicate with the Appliance.

External Connections:

Three inbound network ports are required to support the Appliances; inbound, from the Fonolo Cloud (66.207.221.128/26), to the local Appliances, ports:

  • TCP/5061 – Secure SIP; the main Fonolo service.
  • TCP/443 – HTTPS; for remote management and monitoring.
  • TCP/22 –SSH; for remote management.
Note

All three of these inbound network ports are required for the Fonolo service to work.

If the Appliances are to be used behind a NAT gateway, NAT timeout rules will need to be adjusted to make sure that connections aren’t dropped mid-call, as the SIPS connections between the Fonolo Cloud and the Appliances often have long periods with no data transferred. We would suggest a 4-6 hour timeout.

Internal Connections:

Inside your network, the Appliances will need to communicate directly with your SIP gateway, media gateways, and in most implementations, your agent handsets. The Appliances listen on the follow ports for SIP/RTP:

  • UDP/5060 or TCP/5060 – SIP (UDP is recommended)
  • UDP/10,000–20,000. This RTP port range is configurable on the appliances, if there is a preferred range.

Your platform will communicate with the Appliances on these ports. Outbound (from the Appliances to your system), the follow ports are used:

  • UDP/5060 or TCP/5060 – SIP to your SIP gateway. For example, to Avaya Session Manager. (UDP is recommended)
  • A UDP port range (min/max) for RTP data, which matches the media settings on your phone system.

This connection will be between the Appliances and your media gateways and to your agent handsets directly, depending on your platform settings.

Note

Depending on your platform settings, your system may be configured to perform a re-INVITE (also referred to as “Direct Media”), instructing the Appliances to send RTP data directly to agent handsets, bypassing the media gateways. However for this work properly, firewall rules need to be configured in a way that allows the Appliances to communicate directly with agent handsets.

The Appliances also make outbound connections to support the service, and for server functionality (e.g. NTP to maintain the system clock, outbound HTTP connections for package management, etc.). If outbound ACLs are in-use, we can provide a list of outbound ports required. The Appliances must also be able to communicate with each other in order to synchronize data used for audio recordings and call attached data. This requires the following port to be open between all Appliances:

  • TCP/443 – HTTPS; for synchronization of the Appliances.

NTP and DNS Server Access:

The Appliances will require access to NTP and DNS server. You can use your own, or you can use ours. In either case, the appliances individually require access to these servers through the following ports:

  • UDP/123 (NTP)
  • TCP/53 AND UDP/53 (DNS)

Any internal firewall between the Appliances and the NTP and/or DNS server require access on the above ports.

In case you would like to use our DNS and/or NTP servers, access must be granted through your external firewall for the above ports to our corresponding servers.

IPSec VPN

Fonolo supports connecting to companies via a direct site-to-site IPsec VPN. For more details, see Connecting via an IPSec VPN.

 

Related Articles