Configuring 8x8 Voice Services on Palo Alto Networks Firewalls

There are several steps to configuring your Palo Alto Networks firewall for best performance with 8x8 services. The steps are broken down into the sections below.

For your convenience, routers and firewalls pre-configured for optimal QoS are also available from 8x8. Contact your 8x8 Sales representative to ask about ordering.

Note: We highly recommend consulting an IT or network professional when configuring advanced network settings or devices.

See also: Virtual Office Technical Requirements

Import Application XMLs into the Palo Alto Network System
  1. Log in to your Palo Alto Networks firewall.
  2. Go to Objects > Applications and click Import.

  3. Import the following application XMLs into the Palo Alto Networks system.
Add 8x8 Public IP Subnets to the Palo Alto Network System
  1. Go to Objects > Addresses and click Add.

  2. Add the 8x8 Public IP subnets to the Palo Alto Networks system (a total of 12 entries). These can be found in the Virtual Office Technical Requirements document.
Create an Address Group for 8x8 Public Subnets
  1. Go to Objects > Address Groups.

  2. Create an Address Group for the 8x8 Public IP Subnets and add all 12 entries you created in the previous step.
Create an Application Override Rule for UDP
  1. Go to Policies > Application Override and click Add.

  2. Create an application override rule for UDP.
  3. Name the rule and add a description (can be anything).

  4. Set Source addresses or zones (any subnet or zone that will have 8x8 Phones or 8x8 Virtual Office Desktop or Virtual Office Mobile running on it).

  5. Set Destination addresses. (Add the Destination Address group you created previously and untrust zone for your network.)

  6. Set Protocol/Application.
    1. Select UDP as Protocol.
    2. Copy and paste all ports below.
    3. Under application select the 8x8_UDP_Application.
    4. Click OK.
      • UDP Ports: 3478-3480,5060-5061,5196-5199,5299,5301,5399,5401,5443,24000-30000,38000-44000,

        52000-58000,5196-5199,3478-3480,2222-2269,16384-16404,5299,58000-58050,15044,15062
Create an Application Override Rule for TCP
  1. Go to Policies > Application Override and click Add.

  2. Create an application override rule for TCP.
  3. Name the rule and add description (can be anything).

  4. Set Source addresses or zones (any subnet or zone that will have 8x8 Virtual Office Desktop or Virtual Office Mobile running on it).

  5. Set Destination addresses. (Add the Destination Address group you created previously and untrust zone for your network.)

  6. Set Protocol/Application.
    1. Select TCP as Protocol.
    2. Copy and paste all ports below.
    3. Under application select the 8x8_TCP_Application.
    4. Click OK.
      • TCP Ports: 54545,16003,15215,37210,5199,15000,2099,20080-23080

Create a Security Policy Rule on the Palo Alto Network System
  1. Go to Policies > Security and click Add.

  2. Create a Security Policy Rule on the Palo Alto Networks System.
  3. Name the Security Policy Rule (can be anything).

  4. Set Source Addresses or Zones (any subnet or zone that will have 8x8 Virtual Office Desktop or Virtual Office Mobile running on it).

  5. The User tab can be left blank.
  6. Set Destination addresses (Add the Destination Address group you created previously and untrust zone for your network).

  7. Set Application by adding both 8x8_TCP_Application and 8x8_UDP_Application.

  8. The Service/URL Category can be left blank (or on default).
  9. Set Actions to Allow.

  10. Move new rule to top of rule list to avoid rule conflicts.
  11. Click Commit to save changes.