WirelessPhreak.com

I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me

How to Enable WiFi Calling on Your Firewall for AT&T, Verizon, T-Mobile, and Google Fi



By   WirelessPhreak      Friday, February 07, 2025      Labels: , , ,  

 

 

WiFi calling is an essential feature that ensures seamless voice calls when cellular signals are weak. However, if you have a firewall with strict outbound filtering, WiFi calling might not work properly unless you allow the necessary ports and domains.

 

In this guide, I’ve compiled the correct firewall rules for enabling WiFi calling on the three major U.S. carriers AT&T, Verizon, and T-Mobile as well as Google Fi. This information is often scattered across forums and carrier support pages, so my goal is to provide a centralized reference.

 

Why Your Firewall Might Block WiFi Calling

WiFi calling depends on specific ports and protocols to securely connect your mobile device to the carrier's network. Many firewalls block or inspect IPSec, SIP, and HTTPS traffic, which can interfere with call setup and quality. Configuring your firewall to allow the correct traffic ensures uninterrupted WiFi calling.

 

WiFi Calling Firewall Rules by Carrier

Verizon WiFi Calling Settings

  • Ports to Allow:
    • UDP 500, 4500
    • TCP 143
  • Destination FQDNs (Fully Qualified Domain Names):
    • spg.vzw.com
    • wo.vzwwo.com
    • sg.vzwfemto.com

 

AT&T Wireless WiFi Calling Settings

  • Ports to Allow:
    • UDP 500, 4500
    • TCP 143
  • Destination FQDNs:
    • epdg.epc.att.net
    • sentitlement2.mobile.att.net
    • vvm.mobile.att.net

 

Google Fi WiFi Calling Settings

  • Ports to Allow:
    • UDP & TCP 5060, 5061
    • TCP 443
  • Destination FQDNs:
    • voice.google.com

 

T-Mobile WiFi Calling Settings

  • Ports & Destination Networks:
    • UDP 500, 4500, and TCP/UDP 5061208.54.0.0/16
    • TCP 443, 99366.94.0.0/19

 

Best Practices for Configuring Your Firewall

  • Allow outbound UDP traffic on required ports (especially 500, 4500 for IPSec tunneling).
  • Ensure TCP/UDP 5060, 5061 are open for SIP signaling (Google Fi and T-Mobile).
  • Whitelisting carrier FQDNs and IP ranges can help avoid issues with content filtering.
  • Disable deep packet inspection (DPI) on IPSec traffic, if your firewall supports it.
  • Enable NAT traversal (NAT-T) to avoid issues with UDP encapsulation.
  • Ensure a valid NTP source as some carriers rely on time synchronization.

 

Final Thoughts & Future Updates

This is a preliminary guide, and I plan to update it as I gather more information or test additional configurations. If you have any firewall settings that have worked for other carriers, let me know in the comments!

 

By properly configuring your firewall, you can enjoy seamless WiFi calling without sacrificing network security. Stay tuned for updates as I refine this guide with more details.

About WirelessPhreak

Just your everyday Packet Wrangler who enjoy's traveling and anything techie...