Nextiva networking guidelines

Guaranteeing the best audio quality with Nextiva Voice service involves maintaining a stable Internet connection and configuring the local network with the correct settings. See the guidelines below to ensure the local network is operating at peak efficiency. Click here to view router compatibility. 

  1. Verify the local network quality: Bandwidth, Packet Loss, and Jitter
  2. Add Firewall Access Rules
  3. Remove Double NAT
  4. Disable SIP ALG

Verifying the local network quality: bandwidth, packet loss, and jitter

The underlying Internet connection from a local ISP is the most critical factor in delivering high-quality audio. Low bandwidth, packet loss, or jitter causes choppy audio, voice delays, echoing, and dropped calls for Nextiva customers.


To learn more about bandwidth, click here.

To learn more about packet Loss, click here.

To learn more about jitter, click here.

Adding firewall access rules

Firewall Access Rules control the flow of inbound and outbound Internet traffic from the local network to the public Internet. Both routers and firewalls use access rules to control traffic and verify the source and destination addresses are permitted to send and receive traffic on the local network.

NOTE: Many router and firewall manufacturers have different interfaces. Nextiva suggests that a network administrator familiar with the local networking equipment enter Nextiva’s Firewall Access Rules (see below).

Nextiva recommends that a local network administrator whitelist the following rules in the firewall:

  • Nextiva Range 1: –
  • Nextiva Range 2: –
  • Nextiva Fax: –
  • Unity:
    • FQDN:
      • IP Addresses:
    • FQDN:
      • Existing IP Addresses:
      • NEW IP addresses (Effective 6/9/24):
    • Unity Web Applications
      • IP Addresses:

NOTE: After configuring the firewall, move Nextiva’s access rules to ensure that any access rules blocking Internet traffic are prioritized below Nextiva’s access rules.

Adding SIP and RTP ports

When adding firewall access rules, make sure also to put in rules allowing traffic on the SIP ports and RTP ports. By default, most advanced firewalls will block these.

  1. Choose “Dst IP” for the distribution IP address.
  2. Enter the server address ( and
  3. Make the classification apply to “TCP/UDP” for the NextOS and enter the appropriate ports per the model listed below.

Nextiva SBC

  • SIP Ports: 5060 – 5090
  • RTP Ports: 16384 – 32768

The SBCs also use HTTP, HTTPS, and NTP to communicate with the phones for provisioning and time sync purposes. 

Those ports are universal:

  • HTTP Port: 80
  • HTTPS Port: 443
  • NTP Port: 123


  • TCP: 443
  • SIP: 5060-5062
  • RTP: 16000-26000
  • STUN: 16000-26000


  • SIP: 5060-5080
  • RTP: 3000


  • SIP: 5060-5080
  • RTP: 16384-32766


  • SIP: 5060-5080
  • RTP: 5000-6000

Linksys & Cisco SPA Phones

  • SIP: 5060-5080
  • RTP: 16000-17000


  • SIP: 5060-5080
  • RTP: 16000-20000


  • SIP: 5060-5080
  • RTP: 49152-65534


  • TCP Port: 443, 2208, 2209, 8011 & 8012


  • SIP: 5060-5090
  • RTP: 18000-19000

X series

  • SIP: 5060-5090
  • RTP: 49150-65535


  • SIP: 5060-5090
  • RTP: 11780-12780

Removing double NAT

Double NAT (Network Address Translation) causes intermittent issues that include but are not limited to:

  • One-way audio
  • Phone deregistration
  • Unsuccessful transfers
  • Error messages when dialing a phone number
  • Call Groups not ringing properly
  • Dropped calls

Routers and Gateways are both networking devices that perform NAT, which helps route incoming Internet traffic to the correct device on the local network. Nextiva recommends that a Network Administrator ensure the WAN IP of the local network is an IP address that falls outside the private address ranges in the chart below:

To learn more about Double NAT, click here.

Disabling SIP ALG

Manufacturers often enable SIP ALG by default, and since this setting only affects VoIP services, SIP ALG often goes unnoticed.

To resolve this problem, Nextiva sends VoIP traffic over ports 5062 to 5090. Even with this safeguard, SIP ALG can cause one-way audio, deregistrations, or dropped calls. Nextiva recommends the Network Administrator disable SIP ALG on the router or firewall.

To learn more about SIP ALG, click here.

Need additional help? Click here.

Was this article helpful?