Fonolo is compatible with all major call center platform vendors and can connect to your call center through a SIP connection over the internet.
This guide outlines the steps for setting up a SIP connection between your phone system and the Fonolo Cloud. To provide the information needed to set up the Fonolo deployment, fill out the SIP Setup Form:
In-Queue Offer Message
The Fonolo call-back starts with an offer message played to the caller while they are on hold. Each queue that will be offering call-backs must have:
- An offer message that offers the caller a call-back.
- DTMF breakout logic that transfers the call to a Fonolo SIP extension.
The offer message must be added to your existing messaging, using any appropriate logic or wording. Optionally, we are happy to make suggestions on frequency and the threshold for activating the offer.
SIP Extension Programming
To connect to Fonolo using a SIP connection, you must configure one SIP extension per queue that will be offering call-backs. For example, if you want to offer call-backs on three queues, you need three unique SIP extensions.
You must provide:
- A Queue Name that appears for each queue in the Call-Back Portal.
- A Queue SIP Extension that lets Fonolo call directly into each queue and bypass the IVR.
We will provide a parallel Fonolo SIP extension for each of your Queue SIP extensions.
The Fonolo SIP extensions are automatically allocated from a unique range assigned to you. If a specific range is required, please let us know.
Your SIP extensions may need to have audio playing on them. Some phone systems will not answer a call unless it can play something to the caller. A file with a few seconds of silence will work.
SIP and Network Configurations
Fonolo uses six SIP gateways for inbound and outbound connections to your phone system. You must configure:
- 1 or more public IP addresses that lets Fonolo reach your phone system. Load balancing or fail-over configurations are acceptable. If you are using NAT, Fonolo requires 1-to-1 NAT.
- 64.190.42.33 and 64.190.42.34 as SIP peers for call transfers between your system and Fonolo. You can load balance requests between these SIP gateways.
- 64.190.42.35, 64.190.42.36, 64.190.42.37, and 64.190.42.38 as SIP peers for calls from the Fonolo system to yours. These gateways handle both the calls to the queue extension and the outbound calls to the caller.
Call Routing
Fonolo requires two call route patterns be configured:
- One routing pattern in your dial plan that matches the inbound extension, so that Fonolo can connect to the queue directly.
- One routing pattern in your dial plan to place outbound calls to callers. For example, Fonolo can add a 9 to the call number to route to your carrier trunk. By default, Fonolo adds a 1 as a telephone prefix, formatting outbound numbers with 11 digits.
Firewall Configurations
For Fonolo to be able to connect to your phone system, firewall rules must be configured in your system to allow the required inbound and outbound traffic:
- Fonolo IP Block 64.190.42.32/28 must be permitted for both inbound and outbound call traffic in your firewall.
- The port TCP/5061 must be permitted (inbound and outbound) as Fonolo supports secure SIP only. Please refer to the “Secure SIP requirements” mentioned below for more details.
- A UDP port range matching the media ports on your phone system inbound and UDP/10000-20000 outbound must be permitted for SRTP (Secure RTP) data.
Secure SIP Requirements
When connecting to your phone system, Fonolo only supports using Secure SIP (e.g., Transport=TLS) over port TCP/5061. This connectivity option offers an extra layer of security and must be configured for customers connecting to Fonolo using the Cloud-Based SIP integration option.
The Fonolo service will utilize secure SIP that provides encryption on data in transit, utilizing TLS with AES-256 encryption (supporting the ciphers listed below).
It will require a valid certificate signed by a known certificate authority publisher; self-signed certificates will be rejected.
An optional IPSec VPN is also available as an add-on to the service.
Secure SIP Supported Configurations
When setting up a Secure SIP connection, Fonolo supports the following configuration options that must match what your phone system and hardware devices are capable of.
Fonolo Secure SIP:
- Supports TLS v1.2
- SSL v2, SSL v3, and TLS v1.0 & TLS v1.1 are all disabled by default.
- Is limited to the following ciphers:
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_CCM_SHA256
Media
Fonolo uses the following media settings for a SIP connection:
- g711u (μ-law), with a ptime of 20ms.
- RFC 2833 / RFC 4733 DTMF
Call-Back Portal Setup
The Call-Back Portal is used to manage Fonolo features and view call stats. To set up the Portal, some additional information on your company and phone system must be provided:
- The Hours of Operation for each of your phone queues that will offer call-backs.
- Any Advanced Scheduling for holidays and other times the call center will have reduced hours or be closed.
- The Caller ID and Phone Number that you want callers to see when they get a call-back.
- A list of users who need access to the Portal, as well as their role within it:
| Permission | Stats Only User | Standard User | Account Manager |
|---|---|---|---|
| View graphs, call logs, and real-time stats | ✓ | ✓ | ✓ |
| Edit service settings | × | ✓ | ✓ |
| Set up new queues and profiles | × | ✓ | ✓ |
| Manage other users | × | × | ✓ |
Optional Features and Procedures
While not required, there are other features or procedures that may complement your Fonolo deployment.
IPSec VPN
Fonolo supports connecting to companies via a direct site-to-site IPsec VPN. Please find more details below:
Fonolo supports connections using a direct site-to-site IPsec VPN. This provides an extra layer of security and can be configured for customers connecting to Fonolo using either the cloud-based SIP option, or through Fonolo appliances. To provide the information we need to set up an IPSec VPN for you, fill out the IPSec VPN Setup Form:
Only advertise public (non-RFC1918) IP space using the VPN. In cases where private subnets are required for media, all endpoints must use NAT to a public IP.
IPSec Configuration
Fonolo uses two Cisco Catalyst 8000 Series Edge nodes, in master-master mode for increased redundancy, using the endpoint IP addresses 64.190.42.1 (VPN1 – default primary) and 64.190.42.2.
Fonolo can support the following encryption and hashing algorithms:
- IKEv1
Attribute Setting Encryption AES-256 Hashing SHA-256, SHA-384, SHA-512 DH Groups 5, 14, 15, 16, 19, 20, 21, 24 PFS Groups 5, 14, 15, 19, 20, 21, 24 - IKEv2 (preferred)
Attribute Setting Encryption AES-256 Hashing SHA-256, SHA-384, SHA-512 DH Groups 14, 15, 16, 19, 20, 21, 24 PFS Groups 14, 15, 19, 20, 21, 24 PRF SHA-256, SHA-384, SHA-512
Fonolo’s default Phase 1/Phase 2 Lifetime configuration is set to 86400 seconds and 3600 seconds, respectively. This can be adjusted to meet your requirements.
Fonolo only supports Pre-Shared Key authentication for security.
Routing Configuration
For SIP Connect deployments, Fonolo uses 64.190.42.32/28 for the various SIP peers. For Appliance deployments, Fonolo uses 64.190.42.128/25 for the various cloud infrastructure required for the service.
Fonolo supports multiple different routing configurations for IPSec connectivity:
(Preferred) Route/Tunnel-Based VPN with VTIs and BGP Routing
- Fonolo assigns a /30 subnet per VTI for BGP peering in the link-local 169.254.64.0/18 range. The first usable IP is assigned to the customer side of the VTI, with the second usable IP assigned to the Fonolo side.
- Fonolo’s public ASN is 63350. Your ASN can be either public or private. If you prefer private, your ASN must be agreed upon with Fonolo before configuration.
- Fonolo supports either point-to-multipoint (single customer node) or multipoint-to-multipoint (multiple customer nodes) in this configuration.
- Fonolo controls route preference through advertisement of an increased BGP MED attribute.
- This configuration provides the best redundancy and failover time.
Route/Tunnel-Based VPN with VTIs and Static Routing
- Fonolo assigns a /30 subnet per VTI for static route source/destination in the link-local 169.254.64.0/18 range. The first usable IP is assigned to the customer side of the VTI, with the second usable IP assigned to the Fonolo side.
- Fonolo weights route traffic to prefer the VPN1 endpoint 64.190.42.1. You must align your configuration to prefer this endpoint to prevent asymmetric routing.
Policy-Based VPN
- Fonolo supports either point-to-multipoint (single customer node) or multipoint-to-multipoint configuration (multiple customer nodes) in this configuration.
- We strongly recommend that both VPN endpoints are configured in both scenarios for redundancy.
- Tunnel connectivity is established by customer-side traffic only, meaning that SIP OPTIONS must be configured for a SIP Connect deployment. Fonolo Appliance deployments send regular keepalive pings to the Fonolo infrastructure to maintain tunnel connectivity.
Custom Audio Prompts and Messaging
The Fonolo service uses audio prompts that we provide in English, French, and Spanish. All prompts—for the caller or agent—are customizable using your own voice talent, letting you keep a consistent voice and terminology as your callers transition to Fonolo.
This file contains a list of all Audio Prompts that need to be recorded and uploaded into the Call-Back Portal. English, French and Spanish Audio Prompts can be found on each page within the below file.
To use your own audio or voice talent, you must provide a voice file for each of the audio prompts listed in the spreadsheet that you want to use.
Audio files must be in the .wav, 16bit, 8kHz, mono PCM format.