Network and IT Requirements for TOPS Zultys Hosted Platform
Reliable Internet Connection
A reliable internet connection is a vital requirement for uninterrupted voice communication. Downtime or fluctuations in an internet connection can result in poor call quality and dropped phone calls. TOPS defines a reliable internet connection as a connection with sufficient bandwidth to support existing data traffic requirements while maintaining low average latency and jitter over an extended period of time.
TOPS performs a network assessment for all customers before installing cloud-based phones. TOPS network assessment uses open-source and proprietary tools to measure latency, jitter, packet loss, and simulate VoIP phone calls on a network. The results of TOPS network assessment determine the reliability of the network and its capacity to support VoIP.
Ability to Install Required Software
TOPS Zultys platform includes the Zultys Advanced Communicator (ZAC) desktop software with all Premium user licenses. The software offers many useful features beyond what is available through desktop phones or even web-based applications.
The software can be deployed by IT personnel or installed by TOPS technicians. Local administrator access is required for software installation by TOPS technicians.
In some cases, IT personnel may prefer to deploy the software themselves. If so, please contact TOPS for installation instructions and required user list.
Firewall Configuration
A basic NAT firewall, such as a service provider modem/router combination unit with default settings, can support most small businesses with low-to-moderate phone usage - no configuration changes required.
Advanced firewalls with active security features and/or outbound traffic filtering often require dedicated configuration to optimize the performance of VoIP phones and applications. If not properly configured, these firewalls can cause a wide range of issues which can often appear random or intermittent.
Please reference these general guidelines to optimize your firewall for TOPS Zultys Hosted Platform:
SIP ALG
Disable SIP ALG (Application Layer Gateway).
Session and State Table Tuning
Increase RTP/UDP media stream timeouts to at least 180–300 seconds.
Increase UDP session timeout values for SIP (recommend 90–300 seconds).
VPN Users
If remote workers connect via VPN, configure split tunneling on the VPN server.
Multiple WAN Connections
If the firewall has multiple WAN connections, configure a policy to send VoIP over the most reliable link at all times and use other link(s) for failover only.
Traffic Prioritization (QoS)
Enable Quality of Service (QoS) on the firewall to prioritize VoIP packets over general data traffic. Mark VoIP traffic with DSCP (Differentiated Services Code Point) values:
- Voice/RTP: EF (Expedited Forwarding) — DSCP 46
- SIP Signaling: CS3 — DSCP 26
Traffic Shaping and Bandwidth Restriction
High speed fiber internet usually does not require traffic shaping and bandwidth restriction policies to be implemented. These settings are only recommended if normal data traffic approaches the maximum bandwidth (upload or download) available on the internet connection:
- Reserve dedicated bandwidth for VoIP — 5-10 mbps upload and download is recommended for VoIP phone calls and VoIP application traffic.
- Set a traffic shaper or bandwidth restriction policy to guarantee dedicated bandwidth is always available for VoIP traffic even during peak usage times.
- Do not over-provision bandwidth. These policies are only effective when total throughput is restricted significantly below advertised/tested bandwidth on the internet connection. TOPS recommends 80% utilization.
IP Ports and Server Addresses used by TOPS Zultys Platform
Use the list of IP ports and server addresses below to identify TOPS VoIP traffic and whitelist it or explicitly allow it through the firewall:
| Protocol | Port | Usage |
| UDP | 123 | Network Time Protocol |
| UDP | 3478 | STUN |
| UDP | 3771 | Paging from softphones |
| UDP | 3000-3040 | Zultys phone RTP traffic* |
| UDP | 4060-4124 | Zultys softphone RTP traffic* |
| UDP | 5060-5062 | SIP |
| UDP | 5070 | Alternate SIP port |
| UDP | 19302 | WebRTC STUN |
| UDP | 33000-35000 | WebRTC RTP, conferencing, screenshare |
| TCP | 80 | HTTP |
| TCP | 443-444 | HTTPS and dedicated TLS phone provisioning |
| TCP | 3000 | Extended web services |
| TCP | 3306 | MX Report software |
| TCP | 3478 | STUN/TURN |
| TCP | 5060-5061 | SIP TLS |
| TCP | 7100-7156 | MX Administrator programming software |
| TCP | 7505 | MX Administrator programming software |
| TCP | 7778-7779 | ZAC desktop software |
| TCP | 7788 | Mobile ZAC software |
| TCP | 8080-8081 | MX Report software and XML phone directory |
Server Address: <Please contact TOPS for your unique server address>
| Protocol | Port | Usage |
| UDP | 3478 | STUN |
| UDP | 19302 | WebRTC STUN |
Server Addresses:
stn.zultys.com
3.101.130.99
stun.l.google.com
| Protocol | Port | Usage |
| UDP | 33000-35000 | WebRTC RTP, conferencing, screenshare |
Server Addresses:
3.227.196.20
3.228.149.138
3.228.183.197
3.228.88.249
3.228.90.168
| Protocol | Port | Usage |
| TCP | 443 | Mobile Push notifications |
| TCP | 7788 | Mobile Push notifications |
Server Addresses:
mxps1.zultys.com
mxps2.zultys.com
| Protocol | Port | Usage |
| UDP | 7060 | RTCP-XR |
| TCP | 7060 | RTCP-XR over TLS |
Server Address:
r1.topsoffice.ca
Recommendations
DHCP Option for Phone Provisioning
DHCP can be used to automate the provisioning process of new phones on the local network. Zultys VoIP phones use DHCP option 66. TOPS support will provide the text string.
Disable IGMP Snooping
IGMP (Internet Group Management Protocol) Snooping is a feature on managed network switches that controls how multicast traffic is forwarded across a network. It is enabled by default on some managed switches such as Aruba Instant-On series. TOPS often configures VoIP phones to perform multicast paging, which requires multicast traffic to be delivered to all other VoIP phones on the network. IGMP snooping should always be disabled on the voice VLAN to allow multicast traffic to flow freely.
Use of VLANs to Segregate Phone Traffic
Use of VLANs is an industry-wide best practice on larger networks. The benefits of VLANs include increased security, confinement of broadcast domains, and ease of administration. TOPS recommends deploying a separate VLAN for VoIP phones. All TOPS VoIP phones have two Gigabit Ethernet ports with VLAN assignment through LLDP/CDP or static configuration.
The steps to configure a basic Voice VLAN are:
- Choose a VLAN ID and subnet – TOPS often uses VLAN 6 for voice
- Create the new VLAN in the switch VLAN database
- Enable Voice VLAN or LLDP-MED in global/system config
- Enable Voice VLAN or LLDP-MED on all switch ports
- Configure all switch ports to tag traffic on the voice VLAN
- Create the VLAN interface on your router/firewall
- Assign the subnet, gateway and DNS settings
- Enable DHCP server
- Allow routing between voice and data subnets
If you would like further assistance please contact TOPS support.
Power over Ethernet (PoE) Network Switches
PoE switches can power your VoIP phones through your Ethernet cable, reducing the need for additional power adapters and improving cable management at each user's desk. PoE can also power other devices such as WiFi access points and surveillance cameras. Managed PoE switches offer additional network troubleshooting tools for IT personnel including remote power cycling of PoE devices.
Use Reputable Network Equipment
Use reputable managed network equipment designed for business applications such as Cisco, HPE Aruba, Fortinet, Watchguard, or Ubiquiti. Avoid consumer grade network equipment, specifically WiFi routers marketed for home use. Many WiFi routers from brands like Asus and TP-Link can support a small number of VoIP phones and low phone usage, but some can cause intermittent problems over time, especially older models.
Avoid CG-NAT and Double NAT
Carrier-Grade Network Address Translation (CG-NAT) can cause unexpected call drops or random loss of audio mid-call. In some instances, such as with Starlink internet, changes to CG-NAT tables can cause VoIP servers including Zultys to trigger security protocols that block end user devices and applications out of the system.
Double NAT refers to multiple NAT routers connected in series and most commonly occurs when service provider modem/router combination devices are misconfigured. Double NAT can cause issues with VoIP and other types of network traffic.
Company SMTP Server
TOPS provides secure SMTP over TLS email relay services for all Zultys applications, however some customers may prefer to use their own in-house email servers instead. If you would like to use your own email server, please speak to TOPS support.