Wi-Fi Calling

Question

Hi Everyone 
 
 I have done a search on this but it does not seem to quite answer my question 
 
 I have Whatapp Calling and EE Wifi Calling, when I use my Virgin Media SuperHub 3 as Router/FW/AP, its perfect. At my parents I have a Meraki FW, Meraki Switch & Meraki AP. Also Perfect. 
 
 At my house I have a Meraki AP, Meraki Switch and a Sophos UTM 9. This has alot of issues with Wifi calling, I can hear everyone but sometimes to them I just cut out. If I call my Girlfriend on Whatsapp calling when in same building. No issues. I have created what I believe to be the relevant firewalls and even opened it up more than I would like. I can see the rules being used, but constantly get a STUN request drop. 
 
 Can anyone shed any light? 
 
 Thanks 
 Tom

DJ Lucas · Answer

I realize this is a really old thread, but it is first hit when searching "WiFi Calling" so here are some notes around WiFi Calling that I've been collecting... 
 1. T-Mobile (Old and New) HTTPS: TCP 443 (SSL Inpection is fine in my experience) IMAP over SSL/TLS: TCP 993 IPsec - IKE: UDP 500 IPSec - NAT-T: UDP 4500 SIP: TCP/UDP 5060 SIP over SSL/TLS: TCP 5061 T-Mobile VoIP Data: UDP 52000:59999 2. Sprint IPSec - NAT-T: UDP 4500 Sprint E911: UDP 444 3. Verizon IPsec - IKE: UDP 500 IPSec - NAT-T: UDP 4500 (aparently only needed for Apple devices, not confirmed) 4. AT&T IMAP: TCP 143 IPsec - IKE: UDP 500 IPSec - NAT-T: UDP 4500 5. Project Fi Google Chrome WebRTC: UDP 19302:19309 Google Hangouts: UDP 443 Google Talk IM: TCP 5222 SIP: TCP/UDP 5060 SIP/SSL: TCP 5061 Additional note for Project Fi: No matter what the dominant provider is in your area, you need to connect to T-Mobile's network for auth. I'm sorry, but this is a must (sucks for me because I have to walk about 100 feet from my home to get a T-Mobile signal). You can check your current connection on the Moto X4 with dialer code *#*#344636#*#* (sorry, I did not confirm this is the same on other approved Fi handsets...not sure if this is via SIM). You can temporarily force a connection to T-Mobile via dialer code *#*#34866#*#* on the Moto X4 (and I did ask if this is the same on all current Fi phones, yes was the answer, but not confirmed). Yes, if you reboot, no more wifi calling until after a TMO connection is established at least once. Please update below if you find otherwise on the dialer codes. 
 The networks below are not yet confirmed... 
 6. Republic Wireless HTTPS: TCP 443 SMQTT: TCP/UDP 8883 Republic Wireless Control: UDP 5090 Republic Wireless VoIP Data: UDP 6000:29999 7. Rogers IPsec - AH: IP 50 IPsec - ESP: IP 51 IPsec - IKE: UDP 500 IPsec - NAT-T: UDP 4500 8. Virgin IPsec - IKE: UDP 500 IPsec - NAT-T: UDP 4500 There may be some overlaps or omissions that I'm not aware of, please respond below and I'll update this post as needed (if possible). Also, additional providers are welcome.