When using your own SIP Trunk (BYOT) in combination with a SBC to setup Direct Routing to Microsoft Teams you will need to make some firewall rules. You can find the up to date IP addresses in belows chapters.
This will only be for Microsoft 365, Office 365, and Office 365 GCC tenants.
When configuring Direct Routing you will need to setup 3 FQDNs for signaling.
The first one will be located by location and performance metrics. If your location is EMEA, you 2nd location will be US and the 3th ASIA.
|Primary DC sip.pstnhub.microsoft.com||EMEA||NOAM||ASIA|
|Secondary DC sip2.pstnhub.microsoft.com||US||EU||US|
|Tertiary DC sip3.pstnhub.microsoft.com||ASIA||ASIA||EU|
These FQDN’s resolve to the following IP Addresses ranges:
In belows list you will find the extracted IP Address Ranges:
If your firewall supports DNS names you can use the following FQDN, this one resolves all above addresses. sip-all.pstnhub.microsoft.com
When we talk about media ports (not in media Bypass mode) the following ranges are used. Media is using a serparate service in the Microsoft cloud, these are called Media Processors.
Locations where both SIP proxy and media processor components deployed:
- US (two in US West and US East datacenters)
- Europe (Amsterdam and Dublin datacenters)
- Asia (Singapore and Hong Kong datacenters)
Locations where only media processors are deployed (SIP flows via the closest datacenter listed above):
- Japan (JP East and West datacenters)
- Australia (AU East and Southeast datacenters)
The following ranges are being used: