SHORETEL IS NOW PART OF MITEL. See how powering connections in the cloud is now brilliantly simple.

Remote Phone


ShoreTel is now part of Mitel! Powering Connections ® that are Brilliantly Simple ®.

As part of the ShoreTel Sky phone system, you can use an IP phone from a remote location, such as a home office or any location with a broadband connection to the Internet. A remote phone enables you to call associates in different offices as if you were calling from your desk in your main office. In addition, you have access to all of the features of the phone, including the ability to access voicemail and directly dial extensions. The remote phone functionality of ShoreTel Sky's service is ideal for salespeople and employees who work from home or from remote locations.

Note: If your location is an off-net Location, then your phones are considered remote.

Table of Contents

Network Diagrams
Firewall Settings
Off-Net Firewall Best Practices
Related Topics


In order to operate a remote phone in the ShoreTel Sky phone system, you must have the following:

You or your IT Department are responsible for the purchase or maintenance of any cables, modems, routers, hubs, Network Address Translation (NAT) devices, PC network cards, switches, and any other required network equipment. Your Phone Manager is responsible for the purchase of any IP phones, power supplies and phone profiles. The specific equipment required for each installation will depend on your Broadband Internet Service Provider.


Review and confirm the following information before proceeding:

After you have confirmed the requirements listed above, the last step is confirming that the TFTP/Config Server IP address on your phone is set correctly. Note the following:

In the list below, click the link that corresponds to your IP phone model. Review the instructions for accessing the TFTP/Config Server setting on your phone to make sure the setting is correct. See the TFTP/Config Server article for a list of all instances (clusters) and the associated TFTP/Config Server IP addresses utilized in the ShoreTel Sky phone system. Compare the setting on your phone with the "TFTP/Config Server 1" setting listed next to the instance (cluster) associated with your account. Note that Authorized Contacts can view the "Instance" for their account in the Account Details screen. See the Account Facts section of our Account Details article for more information.

Network Diagrams

The following diagrams show the two most common ways to setup your remote network:

Connect Ethernet line to phone & phone to computerConnect Ethernet line to router & router to phone and computer
Remote Phone Network DiagramAlternate Remote Phone Network Diagram

The following image shows the "10/100 SW" port on the back of a Cisco IP phone where the Ethernet cable from your router or modem should be connected. If you connect the Ethernet line from the modem to your phone and then connect your phone to your computer, use the port on the far right to connect your phone to your computer.

Remote Phone Image

Firewall Settings

To enable IP phones (or the Phone Assistant application) to communicate with the ShoreTel Sky phone system over a broadband internet connection, if you have a firewall, it must be configured to allow outbound and inbound traffic to and from the ports listed below.

Depending on your firewall type, you may not be able to specify individual ports or port ranges. In this situation, we recommend opening all outbound/inbound traffic for your instance (cluster). See the TFTP/Config Server article to identify the "Primary TFTP/Config Server 1" IP address and "Server/API Port Number" associated with the instance assigned to your organization's account. Note that the instance is the server where all of your organization's phones are connected.

Off-Net Firewall Best Practices

A firewall is an information technology (IT) security device, which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based. Our Network Services team can configure firewalls per a Network Delivery billable engagement. However, we do not make recommendations on what firewalls to use other than what capabilities are required.

Network Address Translation

A public IP address is generally not assigned directly to a user’s computer. Computers are generally located on a private network behind a router or firewall providing network address translation (i.e., NAT) or a dedicated NAT device. In these cases, the firewall configuration needs to be considered for all services and features. The following ports for the ShoreTel Sky platform need to be opened with a policy on the firewall when configuring the NAT for the appropriate traffic to pass through.

ShoreTel Sky Port Usage and DNS

For ShoreTel Sky IP Phones and Phone Assistant to work over a broadband Internet connection, firewalls must be configured to allow outbound and inbound traffic from/to the ports listed in the Firewall Settings section of this article to the appropriate URL or IP Address:

For more detailed technical information about stateful firewall/NAT configuration, connectivity troubleshooting, SCCP phones, Cisco Pix firewalls, and router configuration for 3rd party MPLS DHCP scope, download the Data Network Best Practices Guide for ShoreTel Sky and see the "Off-Net Firewall Best Practices" section. Note that the downloaded PDF is more user-friendly than the version you can view online.


Q: Why does my remote phone experience call quality issues such as one-way talk paths.
A: Remote phones transmit through a broadband connection to the internet. Because of this, call quality issues can occur. If you are having one-way talk paths, the firewall component of your router could be blocking voice traffic. You may need to add your phone's IP address to your firewall's DMZ (demilitarized zone). The DMZ is a section of a firewall that allows traffic from a particular IP address to pass through a network while maintaining security. For more information on how to edit the DMZ on your router's firewall, contact your router's distributor or your IT partner. After adding your phone's IP address to the DMZ zone in your router's firewall, you will need to statically assign the IP address on your phone. If you have questions about this, contact ShoreTel Sky Support.

Q: Can we utilize load balancing for our phone system's voice traffic?
A: No. Load balancing should never be used for voice traffic.

Related Topics

Offnet Location
Local Area Network (LAN)
Server/API Port
TFTP/Config Server
Supported Phones and Devices
Phone Setup and Log In
Phone Log In and Log Out
ShoreTel Sky Portal
ShoreTel Sky Support
Resolve Issues via Support Cases

ShoreTel Dates

Created Date 2013-04-12 - Modified Date 2017-09-25

Article: 000003984