Hello everyone, I need to obtain the IP addresses and port ranges that must be allowed on my firewall for both incoming and outgoing traffic. This is for SIP signaling (default UDP 5060) and Media SRTP traffic (default UDP 10000-20000). I have set up a SIP trunk that routes calls to a SIP URL similar to sip:mynumbervapi@sip.vapi.ai, but I couldn't find this specific information in the documentation. My current configuration is as follows: DNS: sip.vapi.ai IP: 44.229.228.186 IP: 44.238.177.138 SIP Registration Port: 5060 UDP Media RTP/SRTP Ports: 10000-20000 Thank you in advance for your help. Best regards, Sergio C.H

Thanks for the information, I hope to see if port confirms the IPs that need to be allowed for SRTP traffic.

Hello Sergio, glad you were able to get that resolved. Need anything else?

Hi Mason Adams, I haven't been able to resolve this issue. I need to confirm the CIDR IP range and specific UDP ports I need to allow on my firewall for SIP and Media RTP. I've set up a SIP trunk attacking sip.vapi.ia. So far, I've identified some of their Elastic IP addresses that are involved in SIP traffic: 44.229.228.186 44.238.177.138 44.245.172.82 44.233.34.47 44.229.228.186. I'd appreciate it if you could confirm this information for me. Thanks.

For maximum security, I recommend allowing only these specific IP addresses rather than opening the ports to all traffic. 44.229.228.186 44.238.177.138 We use the default port range for RTP/SRTP traffic. Port Range: 40000-60000 (this is the range Vapi's infrastructure uses for RTP/SRTP) cc: @masonadams

Good afternoon, thank you very much for the information about the port range we should allow. I captured the SIP traffic and identified the range you indicated, which is perfect. However, regarding the IP addresses in my captures, I see that the RTP traffic coming from Jambonz-Mediaserver shows the IP addresses 34.221.215.39 and 44.242.252.90.

We use Jambonz as our SIP service provider/vendor, that's why you see the media server IP address of Jambonz. So it's Jambonz which powers our SIP service.

I understand. Thanks for the explanation. I'm testing by restricting traffic to only the sip.vapi.ai IPs. Thank you very much.

Marking this ticket as Solved ✅

@caballero330 Were you able to narrow down on the list of jambonz media server ip address? I am noticing different ip address every time?