How To | Understand network ports and firewalls to make a SIP call using Q-SYS

Gain an understanding of the network ports required to make a SIP call through a Q-SYS firewall.

Updated at June 8th, 2023

Your engagement helps us create the content you need. Click here to review this article.

Table of Contents


There are two distinct elements to a VoIP call:

  • The Session Initiation Protocol (SIP), which is responsible for call negotiation, setup and teardown
  • The Real Time Protocol (RTP), which transports call audio between parties.


Most phone systems will use port 5060 for non-encrypted signaling traffic, whether UDP or TCP. There may be exceptions, so check the PBX user documentation. Port 5061 is typically used for TLS encrypted traffic.

Additional information: Older versions of the Q-SYS softphone only supported UDP but current versions support UDP as well as TCP and TLS (Transport Layer Security, a protocol that runs over TCP and provides end-to-end security for SIP signaling by encrypting SIP messages that are exchanged between the Q-SYS SIP softphones and far end SIP endpoints or PBXs.



While the SIP ports used by a VoIP system are typically fixed, The RTP ports are typically dynamic.  The typical RTP port range of a given system are UDP ports 10,000-30,000.



To make VoIP calls through a firewall, open:
UDP/TCP ports 5060-5061
UDP ports 10,000-30,000

This assumes the firewall is not making use if Port Address Translation (PAT).  This may complicate matters with proper VoIP call transversal.