Recently wrestled with a Juniper SRX 220 router that a client needed help with securing RingCentral on. This entailed creating port forwarding rules for specific secure port ranges for TLS transport and linking those with rules for specific IP ranges belonging to RingCentral servers. Here are the specific lines of code that were used to make this connection possible (I am also throwing in the CoS settings used to shape traffic for good measure):
Setting to configure Juniper SRX for RingCentral
class-of-service classifiers dscp TRAFFIC_CLASSIFIER import default
class-of-service classifiers dscp TRAFFIC_CLASSIFIER forwarding-class PHONE_QOS_CLASS loss-priority low code-points 101110
class-of-service forwarding-classes queue 0 PHONE_QOS_CLASS
class-of-service forwarding-classes queue 1 Best_Effort_Class
class-of-service interfaces ge-0/0/0 scheduler-map WAN_SCHEDULE_MAP
class-of-service interfaces ge-0/0/0 unit 0 classifiers dscp TRAFFIC_CLASSIFIER
class-of-service scheduler-maps WAN_SCHEDULE_MAP forwarding-class PHONE_QOS_CLASS scheduler PHONE_SCHEDULER
class-of-service scheduler-maps WAN_SCHEDULE_MAP forwarding-class Best_Effort_Class scheduler BE_SCHEDULER
class-of-service schedulers PHONE_SCHEDULER transmit-rate percent 20
class-of-service schedulers PHONE_SCHEDULER buffer-size percent 20
class-of-service schedulers PHONE_SCHEDULER priority strict-high
class-of-service schedulers BE_SCHEDULER transmit-rate remainder
security alg sip disable
security policies from-zone Internet to-zone LAN policy RingCentral_IP1_NAT match source-address RingCentral_IP1
security policies from-zone Internet to-zone LAN policy RingCentral_IP1_NAT match destination-address any
security policies from-zone Internet to-zone LAN policy RingCentral_IP1_NAT match application RingCentral
security policies from-zone Internet to-zone LAN policy RingCentral_IP1_NAT then permit
security policies from-zone Internet to-zone LAN policy RingCentral_IP2_NAT match source-address RingCentral_IP2
security policies from-zone Internet to-zone LAN policy RingCentral_IP2_NAT match destination-address any
security policies from-zone Internet to-zone LAN policy RingCentral_IP2_NAT match application RingCentral
security policies from-zone Internet to-zone LAN policy RingCentral_IP2_NAT then permit
security zones security-zone Internet address-book address RingCentral_IP1 199.255.120.0/22
security zones security-zone Internet address-book address RingCentral_IP2 199.68.212.0/22
applications application RingCentral term Mobile_App_Media destination-port 4000-5000 protocol udp
applications application RingCentral term Phone_Registration_UDP destination-port 5060-6000 protocol udp
applications application RingCentral term Phone_Registration_TCP destination-port 5060-6000 protocol tcp
applications application RingCentral term RTP_SRTP_Softphone1 destination-port 8000-8200 protocol udp
applications application RingCentral term RC_Meeting_Signaling_UDP destination-port 8801-8802 protocol udp
applications application RingCentral term RC_Meeting_Signaling_TCP destination-port 8801-8802 protocol tcp
applications application RingCentral term RTP_SRTP_Deskphone destination-port 16384-16482 protocol udp
applications application RingCentral term RTP_SRTP_Softphone2 destination-port 20000-60000 protocol udp
This should be everything unless you have custom firewall filters to lock down management access or something else like that. Please feel free to contact us if you need any help configuring either your RingCentral account or Juniper routers or switches.