Note: This article is applicable to ShoreTel Sky customers only. To access an article with information about remote phones that is applicable to ShoreTel Connect CLOUD customers, see the Configuring Remote Phones for Connect CLOUD article.
As part of the ShoreTel Sky phone system, you can use an IP phone from a remote location, such as a home office or any location with a broadband connection to the Internet. A remote phone enables you to call associates in different offices as if you were calling from your desk in your main office. In addition, you have access to all of the features of the phone, including the ability to access voicemail and directly dial extensions. The remote phone functionality of ShoreTel Sky's service is ideal for salespeople and employees who work from home or from remote locations.
Note: If your location is an off-net Location, then your phones are considered remote.
Table of Contents
In order to operate a remote phone in the ShoreTel Sky phone system, you must have the following:
- An "always-on" broadband connection. (Data rate must be at least 128 kbps, which most cable modems provide.)
- A router and/or a modem to provide your IP phone with a private IP address.
- A power supply for your IP Phone.
- Ethernet cable (Cat 5) to connect your IP Phone to your router or modem.
- An IP Phone supported by ShoreTel (see the Supported Phones and Devices article)
- A Managed Profile
You or your IT Department are responsible for the purchase or maintenance of any cables, modems, routers, hubs, Network Address Translation (NAT) devices, PC network cards, switches, and any other required network equipment. Your Phone Manager is responsible for the purchase of any IP phones, power supplies and phone profiles. The specific equipment required for each installation will depend on your Broadband Internet Service Provider.
Review and confirm the following information before proceeding:
- You have met all of the remote phone requirements.
- Your broadband internet connection is working.
- Your IP phone is powered and plugged into your network
- Your network is wired as shown in the Network Diagrams section of this article OR as described in the Connecting Your Phone to a Power Supply section of the Phone Setup and Log In article.
- If you have a firewall, verify that the appropriate ports have been opened. See the Firewall Settings section of this article.
After you have confirmed the requirements listed above, the last step is confirming that the TFTP/Config Server IP address on your phone is set correctly. Note the following:
- "Config Server" refers to the IP address settings configured on all ShoreTel phones
- "TFTP" refers to the IP address settings configured on all Cisco phones
In the list below, click the link that corresponds to your IP phone model. Review the instructions for accessing the TFTP/Config Server setting on your phone to make sure the setting is correct. See the TFTP/Config Server article for a list of all instances (clusters) and the associated TFTP/Config Server IP addresses utilized in the ShoreTel Sky phone system. Compare the setting on your phone with the "TFTP/Config Server 1" setting listed next to the instance (cluster) associated with your account. Note that Authorized Contacts can view the "Instance" for their account in the Account Details screen. See the Account Facts section of our Account Details article for more information.
- ShoreTel 480, 480g, and 485g
- Cisco 7940 and 7960
- Cisco 7942 and 7962
- Cisco 7941, 7961, 7970 and 7971
- Cisco 7945, 7965, and 7975
- Cisco 7937 IP Conference Phone
The following diagrams show the two most common ways to setup your remote network:
|Connect Ethernet line to phone & phone to computer||Connect Ethernet line to router & router to phone and computer|
The following image shows the "10/100 SW" port on the back of a Cisco IP phone where the Ethernet cable from your router or modem should be connected. If you connect the Ethernet line from the modem to your phone and then connect your phone to your computer, use the port on the far right to connect your phone to your computer.
To enable IP phones (or the Phone Assistant application) to communicate with the ShoreTel Sky phone system over a broadband internet connection, if you have a firewall, it must be configured to allow outbound and inbound traffic to and from the ports listed below.
- TCP/UDP 2000
- TCP/UDP 5060 SIP
- TCP/UDP 5061 SIP
- TCP 12000 SCCP
- TCP 12001 SCCP/HTTP
- TCP 15061 SIP
- UDP 10000-33000 RTP Media Server
- UDP 69 TFTP
- TCP 80
- TCP/UDP 443
- TCP 5443 and 5448 CAS
- 188.8.131.52 and 184.108.40.206 for ShoreTel DNS Servers (VoIP DHCP Scope)
- TCP Proxy.m5net.com:8XXX (where 8XXX is the Server/API Port Number for your organization's account as explained in the TFTP/Config Server article)
Depending on your firewall type, you may not be able to specify individual ports or port ranges. In this situation, we recommend opening all outbound/inbound traffic for your instance (cluster). See the TFTP/Config Server article to identify the "Primary TFTP/Config Server 1" IP address and "Server/API Port Number" associated with the instance assigned to your organization's account. Note that the instance is the server where all of your organization's phones are connected.
A firewall is an information technology (IT) security device, which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based. ShoreTel Network Services does configure firewalls per a Network Delivery billable engagement. ShoreTel does not make recommendations on what firewalls to use other than what capabilities are required.
Network Address Translation
A public IP address is generally not assigned directly to a user’s computer. Computers are generally located on a private network behind a router or firewall providing network address translation (i.e., NAT) or a dedicated NAT device. In these cases, the firewall configuration needs to be considered for ShoreTel services and features. The following ports for the ShoreTel Sky platform need to be opened with a policy on the firewall when configuring the NAT for the appropriate traffic to pass through.
- Note: The firewall policy configuration to open the appropriate ports for the ShoreTel services should be limited to the destination IP address of the given ShoreTel server(s). Consult your ShoreTel representative for the needed IP address information.
ShoreTel Sky Port Usage and DNS
For ShoreTel Sky IP Phones and Phone Assistant to work over a broadband Internet connection, firewalls must be configured to allow outbound and inbound traffic from/to the ports listed in the Firewall Settings section of this article to the appropriate ShoreTel URL or IP Address:
For more detailed technical information about stateful firewall/NAT configuration, connectivity troubleshooting, SCCP phones, Cisco Pix firewalls, and router configuration for 3rd party MPLS DHCP scope, download the Data Network Best Practices Guide for ShoreTel Sky and see the "Off-Net Firewall Best Practices" section. Note that the downloaded PDF is more user-friendly than the version you can view online.
Q: Why does my remote phone experience call quality issues such as one-way talk paths.
A: Remote phones transmit through a broadband connection to the internet. Because of this, call quality issues can occur. If you are having one-way talk paths, the firewall component of your router could be blocking voice traffic. You may need to add your phone's IP address to your firewall's DMZ (demilitarized zone). The DMZ is a section of a firewall that allows traffic from a particular IP address to pass through a network while maintaining security. For more information on how to edit the DMZ on your router's firewall, contact your router's distributor or your IT partner. After adding your phone's IP address to the DMZ zone in your router's firewall, you will need to statically assign the IP address on your phone. If you have questions about this, contact ShoreTel Sky Support.
Q: Can I utilize load balancing for ShoreTel voice traffic?
A: No. Load balancing should never be used for voice traffic.
Local Area Network (LAN)
Supported Phones and Devices
Phone Setup and Log In
Phone Log In and Log Out
ShoreTel Sky Portal
ShoreTel Sky Support
Resolve Issues via Support Cases
Created Date 2013-04-12 - Modified Date 2017-07-27