How to prevent my sip port from going random

My phones are all over the place, anywhere from port 5060 to 60000. Anyway I can narrow that port range to like 5060-5100?

Could you elaborate on the problem? Is this the case for only certain request message types, or does it happen all the time? Where are you seeing this, in interface, CLI, or logs? Are you sure it is SIP and not RTP?

Asterisk only binds one port on the host for SIP, so if the endpoints are really going wonky with the SIP ports then the endpoints will be where you need to fix the issue also.

So 5060 is the port they use for call but when you’re in asterisk info/peers i’ll have phones become unreachable because the port they are on are being blocked by my firewall.
105/105 D N A 47407 UNREACHABLE

107/107 D N A 47382 OK (53 ms)

That is an example of being blocked and the port it is 47407

Disable the ‘qualify’ setting for your internal phones.

qualify enables asterisk to use SIP OPTIONS messages to ‘ping’ the endpoint at a desired frequency (default 200ms) to test round trip latency, and mark the endpoint as UNREACHABLE if the latency goes over this threshold. Then it will respect a modifiable expiry, and begin to try to ‘ping’ the endpoint again. If the latency is below the defined threshold, it is once again marked reachable. This setting is only practical for remote phones and trunks

Will this change what i’m looking to do? I understand it’s frequency but the issue is our firewall not fully allowing calls in. So when it goes unreachable like this, it usually means it’s unable to reach back. If what you said fixes this than let me know, but I have a feeling it’s not. And the ports it shows when it goes unreachable are showing up as dropped in my firewall.

From my experience this is almost always caused by firewalls that are rewriting the SIP packets. Make sure you have any type of SIP ALG turned off in the Firewall.

Extensions that are natted will always show the natted port. Remember that port is how Asterisk reaches the device. Asterisk has no control over that. It can only control what port the devices reach asterisk on.

I made sure it was. It’s translating them in the 47000’s This is better but i’d rather it be something a little easier

So is this changing how my phones work? Is it actually on these ports through that nat?

I don’t know what “changing how my phones work” means.

This is how IP and NAT work. You only have one IP so your router has to sort things out.

Do you have a specific problem that we can help you with?

The main reason I ask is because we have our server on the cloud. When we upgrade the asterisk, it causes the phones to instantly become unreachable and we don’t receive inbound calls. Since I’ve seen this issue before with our firewall I wanted to see if I could get a small range opened for the phones. I have a feeling the firewall is blocking all the traffic and is causing issues. I don’t know why the latest firmware isn’t working with the firewall, but the older one is.