MS Teams - Managed Gateway for MS Teams Setup Guide

Summary 

This document outlines the requirements and process for installing and configuring a managed gateway for CallTower services, including network requirements, firewall port configurations, hardware installation steps, and considerations for PSTN interoperability. Please follow these instructions carefully to ensure a smooth deployment. 

Network Requirements 

To ensure proper functionality of the CallTower managed gateway, specific network configurations, including firewall ports and IP addressing, must be set up correctly. The gateway requires outbound access to CallTower’s data centers and, if applicable, the PSTN provider’s network. If the gateway is behind a NAT (Network Address Translation), additional considerations are required to avoid issues such as one-way audio. The following firewall ports and IP addresses must be opened or forwarded for CallTower services. Ensure these are configured in your firewall or NAT device: 

Description	Prefix	IP Address	Protocol	Port	Secondary Protocol	Secondary Port
CallTower DC Monitoring	32	205.196.169.45	TLS	443	-	-
CallTower DC Monitoring	32	205.196.173.46	TLS	443	-	-
CallTower DC Management	32	50.238.7.10	TLS	443	TCP	22
CallTower DC Management	32	205.196.174.2	TLS	443	TCP	22
CallTower DC Management	32	206.80.73.229	TLS	443	TCP	22
CallTower DC Management	32	206.80.75.242	TLS	443	TCP	22
CallTower DC Management	32	69.54.77.25	TLS	443	TCP	22
CallTower DC Management	32	69.54.77.26	TLS	443	TCP	22
MS Teams	14	52.112.0.0	TCP	5067	-	-
MS Teams	15	52.122.0.0	TCP	5067	-	-
MS Teams	14	52.112.0.0	UDP/SRTP	3478-3481		49152-53247
MS Teams	14	52.120.0.0	UDP/SRTP	3478-3481		49152-53247

Note

• Plan Direct Routing - Microsoft Teams | Microsoft Learn – Microsoft documentation for required Ports and IP Ranges 

• PSTN Provider Ports and Subnets: In addition to the above, you must obtain and configure any specific firewall ports or subnets required by your PSTN provider. These must be provided to CallTower at least one week prior to the scheduled interoperability (interop) testing. 

• NAT Considerations: If the gateway is behind a NAT, it is the customer’s responsibility to ensure all required ports are correctly forwarded to the provided internal IP Address. Improper NAT configuration can lead to issues such as one-way audio, where one party cannot hear the other. To mitigate this, verify that both inbound and outbound traffic for the listed protocols and ports are properly mapped to the gateway’s internal IP address. Both Public and internal IP addresses must be static to ensure that service is not impacted by a change in IP address. 

Network Connectivity 

• The gateway requires a stable, low-latency internet connection with sufficient bandwidth to handle voice traffic. 

• If using a PRI circuit for PSTN connectivity, ensure the circuit is installed in a location free from electromagnetic interference (e.g., avoid running cables near power lines or heavy machinery). Consider grounding the gateway chassis to prevent electrical noise or surges. 

• For High Availability (HA) setups, both gateways must be connected to the same VLAN to ensure seamless failover and synchronization. 

Hardware Installation: AudioCodes Mediant 800 

Follow these steps to install the AudioCodes Mediant 800 gateway(s) in your environment

1. Rack Mounting: 

• Securely mount the AudioCodes Mediant 800 gateway(s) in a standard 19-inch rack using the provided rack ears. 

• Ensure proper ventilation and access to power and network connections. 

2. Network Cable Patching: 

• Connect a network cable to Port 1 on the gateway for primary network connectivity. 

• If deploying an HA pair: 

• Patch a network cable between the last ports on each gateway for the HA heartbeat connection. 

• Ensure Port 1 on both gateways is connected to the same VLAN to allow communication and failover between the devices. 

3. Power and Grounding: 

• Connect the gateway to a reliable power source. 

• If using a PRI circuit, ground the chassis to prevent interference or electrical issues. 

4. Verification: 

• Confirm that all cables are securely connected and that the gateway powers on successfully. 

3. Post-Installation Steps 

After the hardware is installed and networked, the following steps are required to bring the gateway online: 

1. Customer Pre-Configuration for Microsoft Teams: 

• GDAP DR Voice Only Configuration: The customer must configure Granular Delegated Admin Privileges (GDAP) with Direct Routing (DR) Voice Only permissions in their Microsoft Teams tenant prior to CallTower’s involvement. 

• CallTower Teams Voice Connector: The customer must set up the CallTower Teams Voice Connector in their tenant. 

• Voice Routing Policy and Phone Number Assignment: The customer is responsible for assigning the voice routing policy and phone numbers to users and resource accounts in the Microsoft Teams Admin Center. This process is documented at: 
  MS Teams Direct Routing – International - Assign Numbers – Managed Gateway. 
  Note: These configurations must be completed before the PSTN interoperability call. 

• CallTower Configuration: CallTower will run PowerShell scripts to configure the customer’s Microsoft Teams tenant for Direct Routing, leveraging the GDAP DR Voice Only permissions. This step requires the customer to have completed the above configurations to ensure successful script execution. 

2. Contact CallTower: 

• Notify your project manager so that CallTower can verify connectivity to the gateway. 

• CallTower will configure and activate the Teams trunk.  

• Provide CallTower with your PSTN provider’s connectivity requirements at least one week in advance of the interop call. 

3. Schedule PSTN Interop Testing: 

• Your project manager will coordinate with you and your PSTN provider to schedule an interoperability (interop) call. 

Note

That PSTN interop and testing can take several hours due to the variety of PSTN service types and configuration options. Plan accordingly to allocate sufficient time for testing.