Telos Z/IP ONE - Managing Connections

Updated 2 months ago by John (JP) Powell


This document applies to the Telos Z/IP ONE and the use of "port forwarding" to aid in making connections.


The Z/IP ONE, with its Agile Connection Technology™, offers the best experience with point-to-point codec calls over the Internet. As the world of Internet Protocol (IP) replaces the traditional Public Switched Telephone Network (PSTN), we've developed the Z/IP ONE as a solution. One of the benefits of using the public Internet versus the PSTN is the amount of control you, the user, have over the connection to the rest of the world. With IP technology, every device connects to all other devices all the time and the data is filtered based on IP address (and a few other things). The main player in this role your router.

The Router

A router (or firewall) is a separate device that may have a modem and an Ethernet switch built-in. Its job is to interface a private network with the public Internet and route data from the public Internet to the appropriate locations on the private network. With a router, you can house one or more Z/IP ONEs on a private network and manage their connections to the Public Internet on a single public-facing IP address using port forwarding. 

The ZIP Directory Server

In most installations, absolutely no adjustments to the router are necessary. The Z/IP ONE, along with the ZIP directory server, works with the router to make connections without your help. Here's how it works:

Every 10 seconds or so, the Z/IP will send a message to the directory server. This message will go out carrying your router's public-facing IP address and a random, high port number to respond on. When the ZIP Server sees the message, it will respond and the ZIP indicator on the Z/IP ONE's front panel status window will light up.

In the most simple of terms, a server assisted call works just like a ‘411’ directory assistance call:

"Information, how can I direct your call?"
"Hi Operator, I want to call WXYZ_ZIP@public."
"Thank you, that's at this address  Would you like me to connect you?"
"Thank you."

The operator (directory server) hands the connection off and the Z/IPs will be directly connected. The server steps entirely out of the picture and moves on to its next task.

Server Relay Calls

In situations when the connection hand-off is unsuccessful, the server will allow a route for the audio through it's already established connection with the Z/IP ONE. When this happens, a message to this effect will display on the front panel of the Z/IP ONE. Connection status in the web UI will also reflect this condition by indicating that it's connected to the other side "thru server" 

This is a failsafe, and it has its problems like bandwidth limiting which reduces audio quality and increased latency. This problem is usually the result of a firewall or router getting in the way and rejecting the connection hand-off. This is when an adjustment or some configuration at the router is needed. 

Deep Thoughts: When the directory server establishes a connection, the request to connect comes from the directory server and does not originate from either of the private networks involved. Some firewalls pose scrutiny upon such connections, and may block them. Allowing your firewall to proceed with connection requests from the directory server may help with connection issues. Click here for more information.

First, you will want to find out which firewall (local or remote) is the one rejecting the connection hand-off. You can try to call other Z/IPs, including ZephyrIP10@public (the Telos Z/IP Test line), and if you only get the message when you call certain Z/IPs, the firewalling is at the far end. If you get it every time, the firewalling could be local. The Z/IP ONE has a configurable UDP port that can be used to manage this with the help of a port forward.

Listen Port

Each Z/IP ONE behind the router should have a different listen port assigned to it. We recommend a port in the 21000 or so range to keep the Z/IP away from other network traffic. This port is specified in the STREAMING page of the Z/IP's GUI or in the front panel SETUP / ZIP SERVER menu.

In this example, we are using port 21011 for this Z/IP ONE.  If we had another Z/IP ONE on this network, we would give it a different port, like 21012, etc.

Once you configure the Listen port and save the changes, you will need to set up a UDP port forward for port 21011 in the router. In this example, we are using a Linksys router made by Cisco and the Z/IP ONE we just configured has it's streaming interface set to a private static IP address of

When the listen port is specified and forwarded in this manner, the Z/IP Server will be able to hand the connection off without negotiation, and it can be much more reliable.

A bonus to this is the ability to connect to this Z/IP ONE without the help of the directory server. The server's main task is to keep track of which Z/IP is using which IP address on which port. If the public IP is dynamic and changes, the server will be aware and will make adjustments to its records. If we already know this information and if the public IP address is static, the server doesn't need to be involved at all! You can enter this information directly into the call setup and dial the unit directly.

Dialing a Z/IP ONE directly

Once the public IP address for the router is made static by the ISP and once the Z/IP ONE's listen port is specified and forwarded at the router, you can dial this Z/IP ONE dialed directly using the router's public-facing IP address and this port.

To dial this Z/IP ONE, use the MANUAL tab on the web GUI connection page and select “TSCP Direct” for PROTOCOL and enter the information.

You can also use the front panel and strip the GROUP NAME and enter the IP and port in this manner:

Obviously, this will be a challenge if the unit you are calling is on an Internet connection with a dynamic IP.  The IP address will be a moving target, which is why the name-based directory server is handy.

With no port forward and a listen port of 0 (default) the Z/IP relies on the open communication that it has with the server instead of the router for completing the call. So the server is critical in these cases.

Other management is possible with firewalls and routers like VPN (Virtual Private Network), which creates a "tunnel" over the public IP address to another router. This has benefits like the restriction of general traffic from the interface but is slightly beyond the scope of this discussion. More information about setting up a VPN will be provided with the setup information that comes with your particular router or firewall.

The Z/IP you are trying to reach is not answering

This is a message you may see from time to time, and it has a double meaning. The first one is the most obvious: the Z/IP ONE at the far end is not set up to auto-answer, and it is not answering the call.

The second, not-so-obvious situation is if the request got rejected by the router at the other side, and the messaging never made it to the Z/IP ONE. See the "Deep Thoughts" comment above. One of the networks may have a restriction for 3rd party connections.

The Z/IP ONE trying to make the call doesn't know the difference between these two states. With confidence, however, we can say that it's either number one or number two. Number two indicates the need to create a port forward for the TSCP listen port. In this case, re-read this document.

Let us know how we can help

If you have further questions on this topic or have ideas about how we can improve this document, please contact us.

How did we do?

TelosHelp (opens in a new tab)

Powered by HelpDocs (opens in a new tab)