Use DIGITS behind a firewall

Learn how to set up DIGITS for use behind a corporate firewall.

 

To use T-Mobile DIGITS on devices within a corporate network, your IT department may need to configure security policies or devices to permit DIGITS traffic.

 

Configure security policies and devices for DIGITS traffic

 

Important: This document is meant for IT professionals with specific knowledge of their corporate firewall, and familiarity with making changes to the firewall configuration. If you are not an IT professional, please pass this document along to your IT folks.

 

  1. Make sure that all outbound proxy servers permit *.t-mobile.com.
  2. Ensure that the firewall permits the following network addresses and ports outbound to T-Mobile:
    • Destination networks
      • 66.94.0.0/19
      • 208.54.0.0/17
      • 208.54.128.0/19
    • TCP ports
      • 80
      • 443
      • 3030
      • 3478
      • 8080-8085
    • UDP ports
      • 500
      • high ports > 1024

If your firewall is configured as described above and your corporate network uses simple Network Address Translation, but you're still unable to use DIGITS devices behind the firewall, determine which network solution (SNAT, STUN, ICE, VoIP, or others) is appropriate for permitting UDP voice traffic (WebRTC/SIP) between the DIGITS device and T-Mobile in both directions. Stateful Network Address Translation devices aren't affected.