Ctrlk
Kontakt

What are the IP and firewall settings for the sipgate app?

IP addresses, ports, and firewall settings for smooth operation of the sipgate app in the company network.

In most cases, the sipgate app will work without any further configuration of routers and firewalls. However, in corporate networks in particular, it may be necessary to make adjustments and configure allow rules. Below we have listed all gateways and ports to which the sipgate app requires a connection.

Regardless of this, the internet connection must meet the following requirements in order to enable uninterrupted telephony:

  • A bandwidth of at least 100-400 kbit/s in download/upload is required.

  • The response time should be faster than 270 ms, otherwise you will see an offline message in the client and cannot place calls.

  • The sipgate app uses QoS via prioritized packet transmission (DSCP 46) (Expedited Forwarding - EF)

For accounts on sipgate classic

Calling - call setup (without audio)

Below is an overview of domain + port + protocol used by the sipgate app for communication:

  • gateway.clinq.com + Port: 443 + TCP (call setup)

  • api.q.clinq.com + Port 443 + TCP (negotiate codecs etc. before call acceptance)

  • socket.clinq.com + Port 443 + TCP (CLINQ client↔Google server connection)

  • ws-eu.pusher.com + PORT 443 + TCP (CLINQ client↔Pusher server connection)

  • The Google IP ranges can be found here.

For a typical home router, domains should normally be allowed without additional configuration. However, in especially restrictive corporate networks that block many domains and IPs, it may be necessary to speak with the network admin and ask them to allow certain domains and ports.

Calling - call accepted with audio

  • IP range + UDP + port range 10,000 - 60,000 (audio)

When using the sipgate app, the IP address of the VoIP device (visible on the web under "My telephony") may differ from the IP address of the desktop on which the app is running. This is because SIP registration does not take place directly through the client on your desktop, but is carried out via the app's backend services.

The following fixed IP addresses can be used:

18.153.199.104
18.192.192.27
18.193.158.169
18.195.254.166
18.196.255.246
18.197.212.58
18.199.119.88
3.125.165.239
3.64.29.229
3.74.37.174
3.75.1.227
3.77.130.221
35.157.146.136
52.29.34.109

Login existing customers and new customers

  • sipgate app Firebase (all logins): 35.208.0.0 - 35.247.255.255

  • via Apple: www.apple.com + appleid.apple.com + Port 443 + TLS 1.2

  • via Microsoft: live.com + microsoftonline.com + microsoft.com + Port 443 + TLS 1.2

sipgate app updates existing customers and new customers

2023.07.12 sipgate SIP registration.png

CRM contacts existing customers and new customers

Voice and signal encryption

Signals are encrypted via TLS, while voice encryption is done via SRTP.

sipgate.de App + Sophos Firewall

In connection with the Sophos Firewall, undesirable behavior such as connection drops or one-sided voice transmission can sometimes occur. The cause is often the way an additional module, the SIP Helper, works, which analyzes VoIP traffic in the firewall. To avoid disruptions, this module should be disabled as follows:

1. Disable SIP Helper

  1. Connect to the firewall via SSH

  2. Option 4. Device Console select

  3. Display SIP module status: system system_modules show

  4. Disable SIP module: system system_modules sip unload

  5. If needed, re-enable the SIP module: system system_modules sip load

Important: After disabling the SIP Helper, the VoIP firewall rules must be configured correctly so that communication works smoothly.

2. Increase UDP session timeout

  1. Connect to the firewall via SSH

  2. Option 4. Device Console select

  3. Show current value: show advanced-firewall

  4. Set timeout value (e.g. 180 seconds): set advanced-firewall udp-timeout-stream 180

Note: Values between 30 and 3600 seconds are allowed.

3. Create a specific firewall rule for VoIP

  • Source Zone: LAN

  • Source Network: VoIP devices (e.g. IP phones or phone system)

  • Destination Zone: WAN

  • Destination Network: IP addresses or hostnames of the VoIP provider

  • Services: SIP (port 5060), RTP (e.g. ports 10000–20000)

The rule should be placed as high as possible in the policy order and logging should be enabled.

4. Enable Quality of Service (QoS) for VoIP

  1. Go to System ServicesTraffic Shaping switch

  2. Create a new policy, e.g. "VoIP Priority"

  3. Policy settings:

    • Policy Type: Guarantee

    • Priority: High

    • Bandwidth Usage: Real-Time

    • Guaranteed Bandwidth: depending on codec and number of simultaneous calls

  4. Assign Traffic Shaping Policy to the VoIP firewall rule

5. Monitoring & troubleshooting

  • Firewall logs (Log Viewer ➔ Firewall)

  • Live view (Diagnostics > Packet Capture)

sipgate.de App + SecurePoint Firewall

Sometimes the SIP Helper of the SecurePoint Firewall leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper can help here.

Detailed information can be found on the manufacturer's help pages:

UTM/FAQ-VoIP

sipgate.de App + Mikrotik Firewall

Sometimes the SIP Helper/AG leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper/ALG can help here.

via Terminal: Terminal: ip firewall service-port disable sip via Web: IP ➔ Firewall ➔ Service ports: disable SIP

Restart firewall and VoIP apps/phones

Further information can be found on the manufacturer's help pages:

Mikrotik Blog

sipgate.de app + Lancom Firewall

Sometimes the SIP Helper/AG leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper/ALG can help here.

In LANconfig under Other services > Services > SIP Application Layer Gateway: disable (disabled by default)

Notes on SIP ALG:

SIP Application Layer Gateway (SIP-ALG) Disable SIP ALG: Configuration

sipgate.de app + TP-Link Firewall

Sometimes the SIP Helper/AG leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper/ALG can help here.

In the Deco app, please go to More ➔ Advanced ➔ NAT Forwarding ➔ SIP ALG to disable this option.

Further information can be found on the manufacturer's help pages:

How do I disable SIP ALG on my Decos? | TP-Link Germany

sipgate.de app + Netgear Firewall

Sometimes the SIP Helper/AG leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper/ALG can help here.

  1. Click the "Advanced" tab.

  2. Click "Configure".

  3. Then click "WAN Configuration".

  4. Then check the box for "Disable SIP ALG".

Please note that this setting is only available from firmware 1.0.0.50 onward.

sipgate.de app + Huawai Firewall

Sometimes the SIP Helper/AG leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper/ALG can help here.

Under "Security" and then under the submenu "SIP ALG settings"➔ disable SIP ALG

sipage.de app + Vodafone GigaCube Firewall

Sometimes the SIP Helper/AG leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper/ALG can help here.

Under "Security" and then under "SIP ALG settings" ➔ disable SIP ALG.

Errors and solutions

Error: Login works, outgoing calls drop / incoming calls cannot be accepted (audio connection / webrtc connection)

Error: Login works, outgoing calls drop / incoming calls cannot be accepted. Error message: "Audio connection could not be established, please check network and microphone". Analysis 1: sipgate app ➔ Help ➔ Log ➔ renderer.log Call could not be dialed ➔ Saving local call event {error: 'Error: Timeout: Could build a webrtc connection.', [sip] Call could not be dialed ➔ Saving local call event {error: 'Error: Timeout: Could not build a webrtc connection in 10s.', Cause: gateway.v2.clinq.com:443 + TLS 1.2 blocked via firewall / filter / VPN filter Solution: gateway.v2.clinq.com:443 allow in software/hardware firewall or VPN

Error: Login works but an error message appears "You are offline. Check your internet connection."

Error: Login works but an error message appears "You are offline. Check your internet connection." Analysis: sipgate app ➔ Help ➔ Logs ➔ renderer.log: [error] [ws] Socket error Error: websocket error falsesocket.clinq.com + 443 + TLS 1.2 blocked via firewall / filter. Solution: Allow socket.clinq.com:443. Wi-Fi on the train via LTE at 80-200 km/h has loading times of +250 ms. Wait until you are in a main station and the train stops, then CTRL+R/CMD+R or View ➔ "Reload"

Error: "Connection to Google failed"

Error: "Connection to Google failed" Cause: google.bridge.clinq.com + 443 + TLS 1.2 blocked via firewall / filter Solution: Allow google.bridge.clinq.com:443

Error: "Connection to Microsoft failed"

Error: "Connection to Microsoft failed" Cause: outlook-contacts.bridge.clinq.com + 443 + TLS 1.2 blocked via firewall / filter Solution: Allow outlook-contacts.bridge.clinq.com:443

Error: Error message: "Data could not be saved."

Error: Error message: "Data could not be saved." Cause: sipgate.bridge.clinq.com + 443 + TLS 1.2 blocked via firewall / filter Solution: Allow sipgate.bridge.clinq.com:443

Error: Integration ➔ Microsoft opens for 1s and the window closes again immediately

Error: Integration ➔ Microsoft opens for 1s and the window closes again immediately Cause: microsoft.com and/or microsoftonline.com / live.com blocked via firewall Solution: Allow microsoft.com, microsoftonline.com, live.com

Error: "Update could not be installed"

Error: "Update could not be installed" Cause 1: http://s3-eu-central-1.amazonaws.com + 443 + TLS 1.2 blocked via firewall / filter Solution 1: http://s3-eu-central-1.amazonaws.com allow. Cause 2: sipgate app (Linux) installed in a system folder without write permissions Solution 2: Uninstall sipgate app (Linux) and install it in a user folder with write permissions Cause 3: sipgate.dmg / sipgate.exe was installed from NAS/network drive Solution 3: Uninstall sipgate app, copy sipgate app.dmg/exe from the network drive to your own hard drive, install it, start it, the update will now be installed.

Error: Outgoing calls not possible "Call could not be started. Please check your network connection"

Error: Outgoing calls not possible "Call could not be started. Please check your network connection" Cause 1: sipgate app log: renderer.log: [api] Could not create call event local-e580d81e-xxxx-xxxxxx-xxxxx-xxxxxxgateway.v2.clinq.com:443 + TLS 1.2 blocked via firewall / filter Solution 1: Allow gateway.v2.clinq.com:443 Analysis: sipgate app ➔ Help ➔ Logs ➔ renderer.log: [error] [ws] ⛔️ Socket disconnected transport close ( https://socket.clinq.com) after sleep/power saving, network change no reconnect occurs Solution: quit sipgate app, restart, or CMD+R/CTRL+R or sipgate app ➔ View ➔ "Reload" Cause 2: incorrectly configured internet proxy Solution 2: Disable internet proxy and test the connection, then adjust the proxy setting. Cause 3: VPN blocks the transmission Solution 3: test without VPN; if VPN is the cause, inform the VPN admin Cause 4: Docker set up with various network connections and configured incorrectly Solution 4: Test the connection without virtual Docker network adapters, then check Docker settings

Error: Outgoing call drops (Could not get microphone stream)

Error: Outgoing call drops Analysis: sipgate app ➔ Help ➔ Logs ➔ renderer.log "[error] [call] Could not build a web-rtc connection in 10s." "Error: "Could not get microphone stream" Cause: - (software) firewall blocks access to the microphone - In Windows Defender Firewall ➔ Advanced Security ➔ Inbound Rules you will find 2x sipgate.exe entries with red warning shield Solution: - Add sipgate app to trusted apps in the (software) firewall - Allow media access (microphone) for sipgate app in the (software) firewall - In Windows Defender Firewall ➔ Advanced Security ➔ Inbound Rules, combine the 2x sipgate app rules into 1 rule and allow the connection

Error: The sipgate app can be installed without prompting Windows Defender Firewall (audio connection could not be established)

Error: The sipgate app can be installed without prompting Windows Defender Firewall; when making an outgoing call, a prompt appears asking whether the sipgate app may access the private network. If you deny the prompt, you cannot make calls with the sipgate app. Error message: "The audio connection could not be established." Solution 1: Windows Firewall ➔ Advanced Settings -> Outbound Rules "Right-click both sipgate entries in the firewall ➔ Properties ➔ General: Allow connection ➔ "Apply" and save Cause 2: sipgate outage in CLINQ Asterisk only for legacy/classic users Solution 2: contact team support Deviation 2: since only the sipgate app is affected, you can alternatively use the sipgate webphone, SIP apps from other vendors, or VoIP phones

Error: Login works, outgoing calls drop / incoming calls cannot be accepted (gateway.v2.clinq.com)

Error: Login works, outgoing calls drop / incoming calls cannot be accepted. Error message: "Audio connection could not be established, please check network and microphone". Analysis 1: sipgate app ➔ Help ➔ Log ➔ renderer.log Call could not be dialed ➔ Saving local call event {error: 'Error: Timeout: Could build a webrtc connection.', [sip] Call could not be dialed ➔ Saving local call event {error: 'Error: Timeout: Could not build a webrtc connection in 10s.', gateway.v2.clinq.com:443 + TLS 1.2 blocked via firewall / filter Solution: Allow gateway.v2.clinq.com:443

Error: Windows Defender ➔ Outbound rule ➔ sipgate.exe ➔ outgoing all connections blocked

Error: Windows Defender ➔ Outbound rule ➔ sipgate.exe ➔ outgoing all connections blocked Cause 1.1: gateway.v2.clinq.com:443 + TLS 1.2 blocked via firewall / filter Cause 1.2: sipgate outbound UDP blocked via firewall Solution 1.1/1.2: Allow gateway.v2.clinq.com:443 + TLS + UDP in firewall Analysis 2: sipgate app ➔ Help ➔ Log ➔ renderer.log: Could not dial Error: Request timed out Cause 2: Firewall temporarily blocked api.q.clinq.com + Port 443 and/or audio IP ranges Solution 2: Allow api.q.clinq.com:443 and configure audio IP ranges Cause 3: temporary sipgate app disruption Note 3: Calls have error code 500 + Nexus 502 error message in logs Solution 3: Report the error to sipgate support and wait for a fix

Error message: sipgate app / sipgate app in the web: "Login failed. Please try again."

Error message: sipgate app / sipgate app in the web: "Login failed. Please try again." Cause: Google IPs blocked, preventing loading of Firebase settings etc. Solution: Allow Google IPs Analysis: sipgate app ➔ Help ➔ Export logs: renderer.log [2025-06-26 16:31:37.480] [error] [app] Could not subscribe to User in Firestore Error: Firestore shutting down [2025-06-26 16:31:37.481] [error] [app] Could not subscribe to Connected or Supported Integrations in Firestore Error: Firestore shutting down [2025-06-26 16:31:37.481] [error] [app] Could not subscribe to Providers in Firestore Error: Firestore shutting down [2025-06-26 16:31:37.481] [error] [app] Could not subscribe to FeaturesFlags in Firestore Error: Firestore shutting down [2025-06-26 16:31:37.482] [error] [app] Could not subscribe to MicrosoftPresenceConnector in Firestore Error: Firestore shutting down [2025-06-26 16:31:37.482] [error] [app] Could not subscribe to Experimental Flags in Firestore Error: Firestore shutting down [2025-06-26 16:31:37.482] [error] [app] Could not subscribe to SmartAnswersSets in Firestore Error: Firestore shutting down [2025-06-26 16:31:37.482] [error] [app] Could not subscribe to SmartAnswers in Firestore Error: Firestore shutting down [2025-06-26 16:31:37.482] [error] [app] Could not subscribe to Surveys in Firestore Error: Firestore shutting down [2025-06-26 16:31:37.482] [error] [app] Could not subscribe to Devices Flags in Firestore Error: Firestore shutting down [2025-06-26 16:31:37.482] [error] [app] Could not subscribe to Favorites in Firestore Error: Firestore shutting down [2025-06-26 16:31:37.483] [error] [app] Could not subscribe to User Status in Firestore Error: Firestore shutting down [2025-06-26 16:31:37.483] [error] [app] Could not subscribe to Adapters in Firestore Error: Firestore shutting down [2025-06-26 16:31:52.520] [error] [app] Error while syncing private phone numbers Error: Firebase auth token is not available for websocket authentication [2025-06-26 16:31:52.520] [error] [app] Could not get phone number labels Error: Firebase auth token is not available for websocket authentication [2025-06-26 16:34:11.821] [error] [app] Error fetching remote config Error: Failed to fetch at async zZ (file:///C:/Users/User/AppData/Local/Programs/sipgate-desktop/resources/app.asar/dist/renderer/assets/main-CffnPHyH.js:36:74762)

Error: CRM connection does not work + banner "Cannot read properties of undefined (reading 'detail')"

Error: CRM connection does not work + banner "Cannot read properties of undefined (reading 'detail')" Analysis: sipgate app ➔ Help ➔ Export logs ➔ renderer.log [error] [contacts] Cannot read properties of undefined (reading 'detail') undefined Cause: IP 35.246.154.68 (integration.sipgate.cloud) blocked outbound in hardware/software firewall Solution: allow IP 35.246.154.68 in hardware/software firewall

Error: "There is a problem with your account. Please contact our support."

Error: "There is a problem with your account. Please contact our support." Error pattern: logging in to the workspace works, but not in the sipgate app Cause: local, only app, unclear exactly what Solution: sipgate app ➔ Help ➔ "Reset cache" Logging in to the app should now work

PreviousWhich audio settings can I adjust in the sipgate app?NextVoicemails and IVR

Last updated