# What are the IP and firewall settings for the sipgate app? In most cases, the sipgate app will work without any further configuration of routers and firewalls. However, in corporate networks in particular, it may be necessary to make adjustments and configure allow rules. Below we have listed all gateways and ports to which the sipgate app requires a connection. Regardless of this, the internet connection must meet the following requirements in order to enable uninterrupted telephony: * A bandwidth of at least 100-400 kbit/s in download/upload is required. * The response time should be faster than 270 ms, otherwise you will see an offline message in the client and cannot place calls. * The sipgate app uses QoS via prioritized packet transmission (DSCP 46) (Expedited Forwarding - EF) {% tabs %} {% tab title="sipgate classic" %} **For accounts on sipgate classic** **Calling - call setup (without audio)** Below is an overview of domain + port + protocol used by the sipgate app for communication: * [gateway.clinq.com](http://gateway.v2.clinq.com/) + Port: 443 + TCP (call setup) * api.q.clinq.com + Port 443 + TCP (negotiate codecs etc. before call acceptance) * socket.clinq.com + Port 443 + TCP (CLINQ client↔Google server connection) * [ws-eu.pusher.com](http://ws-eu.pusher.com/) + PORT 443 + TCP (CLINQ client↔Pusher server connection) * The Google IP ranges can be found [here](https://www.gstatic.com/ipranges/cloud.json). For a typical home router, domains should normally be allowed without additional configuration. However, in especially restrictive corporate networks that block many domains and IPs, it may be necessary to speak with the network admin and ask them to allow certain domains and ports. **Calling - call accepted with audio** * IP range + UDP + port range 10,000 - 60,000 (audio) When using the sipgate app, the IP address of the VoIP device (visible on the web under "My telephony") may differ from the IP address of the desktop on which the app is running. This is because SIP registration does not take place directly through the client on your desktop, but is carried out via the app's backend services. The following fixed IP addresses can be used: ```auto 18.153.199.104 18.192.192.27 18.193.158.169 18.195.254.166 18.196.255.246 18.197.212.58 18.199.119.88 3.125.165.239 3.64.29.229 3.74.37.174 3.75.1.227 3.77.130.221 35.157.146.136 52.29.34.109 ``` {% endtab %} {% tab title="sipgate neo" %} **For accounts on sipgate neo** **Calling - call setup (without audio)**\ [socket.clinq.com](http://socket.clinq.com/) **(35.246.194.107**) Port 443 + TCP\ [integration.sipgate.cloud](https://integration.sipgate.cloud/) (35.246.154.68) Port 443 + TCP\ [sip.sipgate.de](http://sip.sipgate.de/) Port 443 + TCP + TLS\ **IPv4**: 212.9.44.242, 212.9.44.244, 217.10.77.242, 217.10.77.244\ **IPv6**: IP: \[2001:ab7::17], \[2001:ab7::18], \[2001:ab7::19], \[2001:ab7::1a]\ **Port**: 5060/TCP, 5061/TLS, 443/WSS\ **Protocol**: TCP, TLS, WSS **Calling - call accepted with audio**\ **IPv4**: 212.9.44.0/24 and 217.10.77.0/24\ **IPv6**: \[2001:ab7:2000:3::0/64]\ **Port**: 5060/TCP, 5061/TLS, 443/WSS\ **Protocol**: UDP **Port range:** 15000 - 30000 {% endtab %} {% endtabs %} **Login existing customers and new customers** * **sipgate app Firebase (all logins):** 35.208.0.0 - 35.247.255.255 * **via Apple**: [www.apple.com](http://www.apple.com/) + appleid.apple.com + Port 443 + TLS 1.2 * **via Microsoft**: live.com + microsoftonline.com + microsoft.com + Port 443 + TLS 1.2 **sipgate app updates existing customers and new customers** * Allow Amazon AWS downloads[ s3-eu-central-1.amazonaws.com](http://s3-eu-central-1.amazonaws.com/) ![2023.07.12 sipgate SIP registration.png](/files/9f6f5b524982fcddc9b16aa11b61eca0eb02724e) **CRM contacts existing customers and new customers** * Integration platform (all contacts) [integration.sipgate.cloud](https://integration.sipgate.cloud/) **Voice and signal encryption** Signals are encrypted via TLS, while voice encryption is done via SRTP. #### **sipgate.de** App + Sophos Firewall In connection with the Sophos Firewall, undesirable behavior such as connection drops or one-sided voice transmission can sometimes occur. The cause is often the way an additional module, the SIP Helper, works, which analyzes VoIP traffic in the firewall. To avoid disruptions, this module should be disabled as follows: 1\. Disable SIP Helper 1. Connect to the firewall via SSH 2. Option **4. Device Console** select 3. Display SIP module status:\ `system system_modules show` 4. Disable SIP module:\ `system system_modules sip unload` 5. If needed, re-enable the SIP module:\ `system system_modules sip load` {% hint style="warning" %} **Important:** After disabling the SIP Helper, the VoIP firewall rules must be configured correctly so that communication works smoothly. {% endhint %} 2\. Increase UDP session timeout 1. Connect to the firewall via SSH 2. Option **4. Device Console** select 3. Show current value:\ `show advanced-firewall` 4. Set timeout value (e.g. 180 seconds):\ `set advanced-firewall udp-timeout-stream 180` {% hint style="info" %} **Note:** Values between 30 and 3600 seconds are allowed. {% endhint %} 3\. Create a specific firewall rule for VoIP * **Source Zone:** LAN * **Source Network:** VoIP devices (e.g. IP phones or phone system) * **Destination Zone:** WAN * **Destination Network:** IP addresses or hostnames of the VoIP provider * **Services:** SIP (port 5060), RTP (e.g. ports 10000–20000) The rule should be placed as high as possible in the policy order and logging should be enabled. 4\. Enable Quality of Service (QoS) for VoIP 1. Go to **System Services** ➔ **Traffic Shaping** switch 2. Create a new policy, e.g. *"VoIP Priority"* 3. Policy settings: * **Policy Type:** Guarantee * **Priority:** High * **Bandwidth Usage:** Real-Time * **Guaranteed Bandwidth:** depending on codec and number of simultaneous calls 4. Assign Traffic Shaping Policy to the VoIP firewall rule 5\. Monitoring & troubleshooting * Firewall logs (Log Viewer ➔ Firewall) * Live view (Diagnostics **>** Packet Capture) #### **sipgate.de** **App + SecurePoint Firewall** Sometimes the SIP Helper of the SecurePoint Firewall leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper can help here. Detailed information can be found on the manufacturer's help pages: [UTM/FAQ-VoIP](https://wiki.securepoint.de/UTM/FAQ-VoIP#VoIP_ohne_SIP_Helper) #### **sipgate.de** **App + Mikrotik Firewall** Sometimes the SIP Helper/AG leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper/ALG can help here. **via Terminal:** Terminal: ip firewall service-port disable sip\ **via Web:** IP ➔ Firewall ➔ Service ports: disable SIP Restart firewall and VoIP apps/phones Further information can be found on the manufacturer's help pages: [Mikrotik Blog](https://mikrotik-blog.com/disable-sip-alg-sip-alg-deaktivieren-sip-helper-mikrotik) #### **sipgate.de app + Lancom Firewall** Sometimes the SIP Helper/AG leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper/ALG can help here. In LANconfig under **Other services** > **Services** > **SIP Application Layer Gateway: disable** (disabled by default) Notes on SIP ALG: [SIP Application Layer Gateway (SIP-ALG)](https://www.lancom-systems.de/docs/LCOS/Refmanual/DE/topics/voip_sip-alg.html)\ Disable SIP ALG: [Configuration](https://www.lancom-systems.de/docs/LCOS/Refmanual/DE/topics/voip_sip-alg_configuration.html) #### **sipgate.de app + TP-Link Firewall** Sometimes the SIP Helper/AG leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper/ALG can help here. In the Deco app, please go to More ➔ Advanced ➔ NAT Forwarding ➔ SIP ALG to disable this option. Further information can be found on the manufacturer's help pages: [How do I disable SIP ALG on my Decos? | TP-Link Germany](https://www.tp-link.com/de/support/faq/2422/) #### **sipgate.de app + Netgear Firewall** Sometimes the SIP Helper/AG leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper/ALG can help here. 1. Click the "Advanced" tab. 2. Click "Configure". 3. Then click "WAN Configuration". 4. Then check the box for "Disable SIP ALG". Please note that this setting is only available from firmware 1.0.0.50 onward. #### **sipgate.de app + Huawai Firewall** Sometimes the SIP Helper/AG leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper/ALG can help here. Under "Security" and then under the submenu "SIP ALG settings"➔ disable SIP ALG #### **sipage.de app + Vodafone GigaCube Firewall** Sometimes the SIP Helper/AG leads to undesirable behavior such as connection drops or one-sided voice transmission. Disabling the SIP Helper/ALG can help here. Under "Security" and then under "SIP ALG settings" ➔ disable SIP ALG. #### Errors and solutions
Error: Login works, outgoing calls drop / incoming calls cannot be accepted (audio connection / webrtc connection) **Error:** Login works, outgoing calls drop / incoming calls cannot be accepted.\ **Error message:** "Audio connection could not be established, please check network and microphone".\ **Analysis 1:** sipgate app ➔ Help ➔ Log ➔ renderer.log\ Call could not be dialed ➔ Saving local call event {error: 'Error: Timeout: Could build a webrtc connection.',\ \[sip] Call could not be dialed ➔ Saving local call event {error: 'Error: Timeout: Could not build a webrtc connection in 10s.',\ **Cause**: [gateway.v2.clinq.com:443](http://gateway.v2.clinq.com:443) + TLS 1.2 blocked via firewall / filter / VPN filter\ **Solution:** [gateway.v2.clinq.com:443](http://gateway.v2.clinq.com:443) allow in software/hardware firewall or VPN
Error: Login works but an error message appears "You are offline. Check your internet connection." **Error:** Login works but an error message appears "You are offline. Check your internet connection."\ **Analysis:** sipgate app ➔ Help ➔ Logs ➔ renderer.log: \[error] \[ws] Socket error Error: websocket error falsesocket.clinq.com + 443 + TLS 1.2 blocked via firewall / filter.\ **Solution:** Allow socket.clinq.com:443. Wi-Fi on the train via LTE at 80-200 km/h has loading times of +250 ms. Wait until you are in a main station and the train stops, then CTRL+R/CMD+R or View ➔ "Reload"
Error: "Connection to Google failed" **Error:** "Connection to Google failed"\ **Cause:** google.bridge.clinq.com + 443 + TLS 1.2 blocked via firewall / filter\ **Solution:** Allow google.bridge.clinq.com:443
Error: "Connection to Microsoft failed" **Error:** "Connection to Microsoft failed"\ **Cause:** outlook-contacts.bridge.clinq.com + 443 + TLS 1.2 blocked via firewall / filter\ **Solution:** Allow outlook-contacts.bridge.clinq.com:443
Error: Error message: "Data could not be saved." **Error:** Error message: "Data could not be saved."\ **Cause:** sipgate.bridge.clinq.com + 443 + TLS 1.2 blocked via firewall / filter\ **Solution:** Allow sipgate.bridge.clinq.com:443
Error: Integration ➔ Microsoft opens for 1s and the window closes again immediately **Error:** Integration ➔ Microsoft opens for 1s and the window closes again immediately\ **Cause:** microsoft.com and/or microsoftonline.com / live.com blocked via firewall\ **Solution:** Allow microsoft.com, microsoftonline.com, live.com
Error: "Update could not be installed" **Error:** "Update could not be installed"\ **Cause 1:** + 443 + TLS 1.2 blocked via firewall / filter\ **Solution 1:** allow.\ **Cause 2:** sipgate app (Linux) installed in a system folder without write permissions\ **Solution 2:** Uninstall sipgate app (Linux) and install it in a user folder with write permissions\ **Cause 3:** sipgate.dmg / sipgate.exe was installed from NAS/network drive\ **Solution 3:** Uninstall sipgate app, copy sipgate app.dmg/exe from the network drive to your own hard drive, install it, start it, the update will now be installed.
Error: Outgoing calls not possible "Call could not be started. Please check your network connection" **Error:** Outgoing calls not possible "Call could not be started. Please check your network connection"\ **Cause 1:** sipgate app log: renderer.log: \[api] Could not create call event local-e580d81e-xxxx-xxxxxx-xxxxx-xxxxxxgateway.v2.clinq.com:443 + TLS 1.2 blocked via firewall / filter\ **Solution 1:** Allow gateway.v2.clinq.com:443\ **Analysis:** sipgate app ➔ Help ➔ Logs ➔ renderer.log: \[error] \[ws] ⛔️ Socket disconnected transport close ( ) after sleep/power saving, network change no reconnect occurs\ Solution: quit sipgate app, restart, or CMD+R/CTRL+R or sipgate app ➔ View ➔ "Reload"\ **Cause 2:** incorrectly configured internet proxy\ **Solution 2:** Disable internet proxy and test the connection, then adjust the proxy setting.\ **Cause 3:** VPN blocks the transmission\ **Solution 3:** test without VPN; if VPN is the cause, inform the VPN admin\ **Cause 4:** Docker set up with various network connections and configured incorrectly\ **Solution 4:** Test the connection without virtual Docker network adapters, then check Docker settings
Error: Outgoing call drops (Could not get microphone stream) **Error:** Outgoing call drops\ **Analysis:** sipgate app ➔ Help ➔ Logs ➔ renderer.log\ "\[error] \[call] Could not build a web-rtc connection in 10s."\ "Error: "Could not get microphone stream"\ **Cause**:\ \- (software) firewall blocks access to the microphone\ \- In Windows Defender Firewall ➔ Advanced Security ➔ Inbound Rules you will find 2x sipgate.exe entries with red warning shield\ **Solution:**\ \- Add sipgate app to trusted apps in the (software) firewall\ \- Allow media access (microphone) for sipgate app in the (software) firewall\ \- In Windows Defender Firewall ➔ Advanced Security ➔ Inbound Rules, combine the 2x sipgate app rules into 1 rule and allow the connection
Error: The sipgate app can be installed without prompting Windows Defender Firewall (audio connection could not be established) **Error:** The sipgate app can be installed without prompting Windows Defender Firewall; when making an outgoing call, a prompt appears asking whether the sipgate app may access the private network. If you deny the prompt, you cannot make calls with the sipgate app.\ **Error message:** "The audio connection could not be established."\ **Solution 1: Windows Firewall ➔ Advanced Settings -> Outbound Rules** "Right-click both sipgate entries in the firewall ➔ Properties ➔ General: Allow connection ➔ "Apply" and save\ **Cause 2**: sipgate outage in CLINQ Asterisk only for legacy/classic users\ **Solution 2**: contact team support\ **Deviation 2**: since only the sipgate app is affected, you can alternatively use the sipgate webphone, SIP apps from other vendors, or VoIP phones
Error: Login works, outgoing calls drop / incoming calls cannot be accepted (gateway.v2.clinq.com) **Error:** Login works, outgoing calls drop / incoming calls cannot be accepted.\ **Error message:** "Audio connection could not be established, please check network and microphone".\ **Analysis 1:** sipgate app ➔ Help ➔ Log ➔ renderer.log\ Call could not be dialed ➔ Saving local call event {error: 'Error: Timeout: Could build a webrtc connection.',\ \[sip] Call could not be dialed ➔ Saving local call event {error: 'Error: Timeout: Could not build a webrtc connection in 10s.',\ gateway.v2.clinq.com:443 + TLS 1.2 blocked via firewall / filter\ **Solution:** Allow gateway.v2.clinq.com:443
Error: Windows Defender ➔ Outbound rule ➔ sipgate.exe ➔ outgoing all connections blocked **Error:** Windows Defender ➔ Outbound rule ➔ sipgate.exe ➔ outgoing all connections blocked\ **Cause 1.1:** gateway.v2.clinq.com:443 + TLS 1.2 blocked via firewall / filter\ **Cause 1.2:** sipgate outbound UDP blocked via firewall\ **Solution 1.1/1.2:** Allow gateway.v2.clinq.com:443 + TLS + UDP in firewall\ **Analysis 2:** sipgate app ➔ Help ➔ Log ➔ renderer.log: Could not dial Error: Request timed out\ **Cause 2:** Firewall temporarily blocked api.q.clinq.com + Port 443 and/or audio IP ranges\ **Solution 2:** Allow api.q.clinq.com:443 and configure audio IP ranges\ **Cause 3:** temporary sipgate app disruption\ **Note 3:** Calls have error code 500 + Nexus 502 error message in logs\ **Solution 3:** Report the error to sipgate support and wait for a fix
Error message: sipgate app / sipgate app in the web: "Login failed. Please try again." **Error message**: sipgate app / sipgate app in the web: "Login failed. Please try again."\ **Cause:** Google IPs blocked, preventing loading of Firebase settings etc.\ **Solution:** Allow Google IPs\ **Analysis**: sipgate app ➔ Help ➔ Export logs: renderer.log\ \[2025-06-26 16:31:37.480] \[error] \[app] Could not subscribe to User in Firestore Error: Firestore shutting down\ \[2025-06-26 16:31:37.481] \[error] \[app] Could not subscribe to Connected or Supported Integrations in Firestore Error: Firestore shutting down\ \[2025-06-26 16:31:37.481] \[error] \[app] Could not subscribe to Providers in Firestore Error: Firestore shutting down\ \[2025-06-26 16:31:37.481] \[error] \[app] Could not subscribe to FeaturesFlags in Firestore Error: Firestore shutting down\ \[2025-06-26 16:31:37.482] \[error] \[app] Could not subscribe to MicrosoftPresenceConnector in Firestore Error: Firestore shutting down\ \[2025-06-26 16:31:37.482] \[error] \[app] Could not subscribe to Experimental Flags in Firestore Error: Firestore shutting down\ \[2025-06-26 16:31:37.482] \[error] \[app] Could not subscribe to SmartAnswersSets in Firestore Error: Firestore shutting down\ \[2025-06-26 16:31:37.482] \[error] \[app] Could not subscribe to SmartAnswers in Firestore Error: Firestore shutting down\ \[2025-06-26 16:31:37.482] \[error] \[app] Could not subscribe to Surveys in Firestore Error: Firestore shutting down\ \[2025-06-26 16:31:37.482] \[error] \[app] Could not subscribe to Devices Flags in Firestore Error: Firestore shutting down\ \[2025-06-26 16:31:37.482] \[error] \[app] Could not subscribe to Favorites in Firestore Error: Firestore shutting down\ \[2025-06-26 16:31:37.483] \[error] \[app] Could not subscribe to User Status in Firestore Error: Firestore shutting down\ \[2025-06-26 16:31:37.483] \[error] \[app] Could not subscribe to Adapters in Firestore Error: Firestore shutting down\ \[2025-06-26 16:31:52.520] \[error] \[app] Error while syncing private phone numbers Error: Firebase auth token is not available for websocket authentication\ \[2025-06-26 16:31:52.520] \[error] \[app] Could not get phone number labels Error: Firebase auth token is not available for websocket authentication\ \[2025-06-26 16:34:11.821] \[error] \[app] Error fetching remote config Error: Failed to fetch at async zZ (file:///C:/Users/User/AppData/Local/Programs/sipgate-desktop/resources/app.asar/dist/renderer/assets/main-CffnPHyH.js:36:74762)
Error: CRM connection does not work + banner "Cannot read properties of undefined (reading 'detail')" **Error:** CRM connection does not work + banner "Cannot read properties of undefined (reading 'detail')"\ **Analysis**: sipgate app ➔ Help ➔ Export logs ➔ renderer.log\ \[error] \[contacts] Cannot read properties of undefined (reading 'detail') undefined\ **Cause**: IP 35.246.154.68 (integration.sipgate.cloud) blocked outbound in hardware/software firewall\ **Solution**: allow IP 35.246.154.68 in hardware/software firewall
Error: "There is a problem with your account. Please contact our support." **Error**: "There is a problem with your account. Please contact our support."\ **Error pattern**: logging in to the workspace works, but not in the sipgate app\ **Cause**: local, only app, unclear exactly what\ **Solution**: sipgate app ➔ Help ➔ "Reset cache"\ Logging in to the app should now work
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.sipgate.de/cloud-telefonanlage/en/using-sipgate/die-sipgate-app/was-sind-die-ip-und-firewalleinstellungen-fuer-die-sipgate-app.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.