Update: Configuring Untangle for AT&T, Verizon, & T-Mobile WIFI calling

Update: 29 August 2023 – here is the latest list of ports and destination IPs/CIDRs to enable WIFI calling and other carrier services that I am using for AT&T, Verizon, and T-Mobile. Some of the rules are more lax that others (allowing an entire subnet versus just an IP address).


  • TCP /UDP 143

AT&T, Verizon, & T-Mobile:

  • TCP/UDP 500

AT&T, Verizon, & T-Mobile:

  • TCP/UDP 4500


  • TCP/UDP 5061

Verizon & T-Mobile E-911 registration:

  • TCP

T-Mobile CRL check:

  • TCP 80,443

IPs, addresses, and other information can be found here:

  1. Verizon (archived) – https://web.archive.org/web/20210108090450/https://www.verizon.com/support/knowledge-base-25525/
  2. T-Mobile – https://www.t-mobile.com/support/coverage/wi-fi-calling-on-a-corporate-network
  3. AT&T – https://www.att.com/support/article/wireless/KM1114459/

If you are configuring this on your edge device or other network security device, don’t forget to properly set your QOS settings to ensure smooth voice quality.

Update: 08 October 2020

This is an update to the original post “Configuring Untangle NG Firewall 13.x for AT&T WIFI calling“.

Verizon WIFI calling (no specific URL, pieced together information from logs and various forums):

  • Protocol: UDP; port: 500; destination address (CIDR):,
  • Protocol: UDP; port: 4500; destination address (CIDR):,

Verizon e-911 registration:

  • Protocol: TCP; port: 443; destination address (CIDR):

T-Mobile WIFI calling (https://www.t-mobile.com/support/coverage/wi-fi-calling-on-a-corporate-network):

  • Protocol: UDP; port: 500; destination address (CIDR):
  • Protocol: UDP; port: 4500; destination address (CIDR):
  • Protocol: TCP/UDP; port: 5061; destination address (CIDR):

T-Mobile handset auth:

  • Protocol: TCP; port: 443; destination address (CIDR):
  • Protocol: TCP; port: 993; destination address (CIDR):
    • *TCP 993 for T-Mobile is bypassed in another section on my firewall and I did not include it in my screenshot or bypass rule set.

T-Mobile CRL check:

  • Protocol: TCP; ports: 80,443; destination address (CIDR):


Bypass rules for Untangle NG Firewall 15. Note that these are bypass rules and not part of the application set, therefore these rules are not checked against any application suites (firewall, application scanner, etc.). Rename .txt to .json and import. Configure each rule for your source networks as mine are GUEST, Trusted, and OpenVPN.

Leave a Reply

Your email address will not be published. Required fields are marked *