RingQ Customer Centric Communications

Port Forwarding

Complete firewall port reference for every RingQ deployment scenario — SIP phones, mobile, desktop, WebApp, Meet, SIP trunks, admin, and secure tunnel — with copy-ready port lists and step-by-step router configuration for Cisco, DrayTek, pfSense, SonicWall, WatchGuard, and FortiGate.


Port 5061 (SIP TLS) is TCP-only. STUN/TURN servers (3478–3479) are configured on the device — not a firewall rule. All other ports listed are firewall rules.

SIP phone / remote extension network diagram

A remote SIP phone or softphone registers to the RingQ PBX over the internet. SIP signaling travels on port 5060, and voice audio flows over the RTP port range. NAT traversal uses the RingQ STUN servers — configured on the phone itself, not in the firewall.

Ports to Open — SIP Phone
Port(s)ProtocolDirectionPurpose
5060UDP+TCPInboundSIP signaling (standard)
16384–32767UDPInboundRTP voice media (primary range)

STUN Servers — NAT Traversal (Port 3478–3479 TCP)

Configure directly on the SIP phone — this is not a firewall rule: stun.ringq.com · stun1.ringq.com · stun2.ringq.com

Copy Port List for Firewall

Copy and paste into your firewall configuration, or send to your IT team.

UDP Inbound: 5060, 16384-32767
TCP Inbound: 5060
STUN (device setting only): stun.ringq.com, stun1.ringq.com, stun2.ringq.com — port 3478-3479 TCP
Use case: SIP Phone / Remote Extension
Quick Summary

UDP Inbound

506016384–32767

TCP Inbound

5060

STUN — device setting, not firewall

3478–3479 TCP