Microsoft Teams Direct Routing Integration

In this scenario, the Sentinel is connected with its uplink port to the local network, along with other SIP clients. In this scenario, SIP Clients are registered to the Sentinel. This local network is behind a NAT firewall router. The ATA, the door panels, and the SIP phones are registered directly to the Sentinel . In order to reach them from MS Teams, it is necessary to dial a prefix. The SIP phone may have other lines registered with a different SIP provider, but it is outside the scope of this setup.

Logically the Sentinel is configured this way:


Requirements for MS Teams

  • Refer to the following link for MS Teams direct routing requirements:
  • A publicly resolvable FQDN for the Sentinel. The FQDN must be in one of the domains defined under your Microsoft Teams account. For example the SBC FQDN is set to, which is under the domain.

  • At least one Microsoft Teams user must be created under the same domain. In our example, we have created one such account:
  • DID Phone Numbers to dial in, you can get DID phone numbers under Microsoft Teams admin Center/Users/Phone Numbers and assign it to a specific user (or auto-attendant, which is a pseudo-user).


Connecting to MS Teams with PowerShell

Before you begin
Microsoft Visual C++ 2017 x 64 Minimum Runtime - 14.10.25008 package must be installed.
  1. Download and install Power Shell:
  2. Open PowerShell from your PC. Run it as Administrator.
  3. Install Microsoft Teams module if needed:
  4. Type Set-executionPolicy –ExecutionPolicy RemoteSigned
  5. Click Yes to all.
  6. Enter Import-Module MicrosoftTeams
  7. Enter Connect-MicrosoftTeams
  8. Enter your tenant admin user name and password.


Configuring MS Teams Voice Routing

  1. In the MS Teams PowerShell, enter the command to create the Direct Routing SIP trunk.
    Note: For example New-CsOnlinePSTNGateway –Fqdn -SipSignalingPort 5061 -MaxConcurrentSessions 5 -Enabled $true
  2. Enter the command to create the actual voice route that will be used to route calls to the SBC.
    For example
    Set-CsOnlinePstnUsage –Identity Global –Usage @{Add=”Montreal514Sherbrooke819”}
    New-CsOnlineVoiceRoute -Identity "Montreal Sherbrooke" -NumberPattern "^\+1(514|819)(\d{7})$" 
    -OnlinePstnGatewayList -Priority 1 -OnlinePstnUsages "Montreal514Sherbrooke819"
    New-CsOnlineVoiceRoutingPolicy "Montreal Sherbrooke" -OnlinePstnUsages "Montreal514Sherbrooke819"
  3. Enter the command to assign the routing policy to the users.
    Note: For example Grant-CsOnlineVoiceRoutingPolicy –Identity "" –PolicyName "Montreal Sherbrooke"
  4. In case you need to assign an OnPremise number to specific user, enter the command:
    Note: For example Set-CsUser -Identity "" -EnterpriseVoiceEnabled $true -HostedVoiceMail $true -OnPremLineURI tel:42565


Requirements for the Sentinel

  • DGW software version: MediatrixSentinel_Dgw_48.0.2430 or newer.
  • Rulesets created to use Teams with the Sentinel. Contact your sales representative.
  • A server certificate with the SBC FQDN in the Common Name or Subject Alternative Name signed by one of the approved public CA by Microsoft. In our test, the SBC host certificate was signed by Comodo (one-month Free Trial):
    • Key length 2048 bits
    • Signature Hash algorithm: SHA 256
    • Extended Usage: ClientAuthentication and ServerAuthentication
    • Common Name:
    • SAN may contain wild card FQDN, most root CA will charge extra for that; the Comodo free trial does not allow that so it was skipped

  • Generate the necessary CSR (Certificate Signing Request), and later combine the private key and the CA signed certificate to form a host certificate to upload to the Sentinel: Refer to
  • Install Baltimore Cybertrust Root CA certificate on the SBC (; this is to validate against MS Teams servers (,,
  • Associate the host certificate to the SBC service. Make sure only 1 certificate is associated to it. Refer to for more details.
  • To speed up incoming calls from Teams, as calls from Teams Direct Routing server may come from another IP (not the same as the ones resolved by DNS), set up the following static DNS entries
    Hoc.InsertStaticHost Name=""
    #the sequence of IP addresses may vary from region to region, ping MS Teams FQDN 
    to find out what it is resolved into for your region
Note: There are also different FQDNs for US government and Department of Defense, please follow the MS Teams Direct Routing planning document. You can find the IP addresses for these domains there.


Importing Rulesets

Before you begin
Rulesets must first be imported. Contact your sales representative to obtain the required rulesets to use Teams with the Sentinel.
This procedure is valid for Call Agent and Routing Rulesets.
  1. Go to Management/File.
    Note: Step 2 is only required when importing the first Ruleset and if you are not using a secure connection to access the Management Interface (http://).
  2. Click Activate unsecure file importation from the Web browser.
  3. From the Path field, select sbc/rulesets/.
  4. Click Browse, and navigate to the following Rulesets to import:
    1. MS_Teams_local_users_routes.rrs
    Note: Ruleset file extension must be *.crs for Call Agent Rulesets or *.rrs for Routing Rulesets.
  5. Click Import.
The imported Rulesets will appear in the Internal files table, with the selected path in front of the name. The Ruleset will be available in the tables of the SBC/Rulesets page.


Configuring the Signaling Interfaces

  1. Go to SBC/Configuration.
  2. In the Signaling Interface Configuration cable, configure the Uplink_s as follows:
    1. Name: uplink_s
    2. Network: Uplink
    3. Port: 5062
    4. Secure Port : 5063
    5. Allowed Transport: All
    6. TLS Mode: Client
    7. Public Address: leave empty
  3. Click and complete the fields as follows.
    1. Name: teams_s
    2. Network: Uplink
    3. Port: 5060
    4. Secure Port : 5061
    5. Allowed Transport: TlsOnly
    6. TLS Mode: Both
    7. Public Address: FQDN assigned to the SBC, for example


Configuring the Media Interfaces

  1. Go to SBC/Configuration.
  2. in the Media Interface Configuration table, configure the uplink_m Media interface as follows:
    1. Name: uplink_m
    2. Network: Uplink
    3. Port Range: 20000-20999
    4. Public Address: leave empty
    Note: This is the media interface used by the LAN IP PBX (no NAT)
  3. Click and configure the fields as follows:
    1. Name: teams_m
    2. Network: Uplink
    3. Port Range: 21001-21010
    4. Public Address: external public IP address
    Note: The public IP address of this interface is set to the public IP outside the NAT firewall. This is required for SIP NAT Traversal)


Configuring the MS_Teams_Direct_Routing_ca Call Agent

  1. Go to SBC/Configuration.
  2. In the Call Agent Configuration table, click .
  3. In the Configure Call Agent table, complete the fields as follows:
    1. Name: MS_Teams_Direct_Routing_ca
    2. Enable: checked
    3. Signaling Interface: teams_s
    4. Media Interface: teams_m
    5. Peer Host:
    6. Force Transport: Tls
    7. Keep-Alive Interval: 30
    8. Blacklisting Duration: 60
    9. Blacklisting Delay: 0
    10. Custom Header: X-MS-SBC: Mediatrix/%productseries%/%version%
  4. In the Call Agent Rulesets table, from the Name select MS_Teams_interop.
  5. In the Parameters field, enter the CC=Country Code and the DIGITS=Number of digits of CC + 1, eg.CC=1 DIGITS=2, or CC=34 DIGITS=3.
  6. Click Save.


Configuring the local_users_ca Call Agent

If you are not familiar with the meaning of the fields and buttons, click Show Help, located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will bedisplayed.
  1. Go to SBC/Configuration.
  2. Select the Enable check box, located next to local_users_ca.
  3. In the Call Agent Configuration table, click next to local_users_ca.
  4. In the Configure Call Agent table, complete the following fields:
    1. From the Signaling Interface selection list, uplink_s.
    2. From the Media Interface selection list, select uplink_m.
    3. Set the Peer Network field to the LAN subnet (subnet/netmask length).
  5. In the Call Agent Rulesets table, click .
  6. From the Name selection list, choose
  7. In the Parameters field, enter PREFIX=the prefix number appended to the called number REG_DOMAIN=IP_of_Uplink_s:SIP_signaling port_of_uplink_s , e.g. PREFIX=1514996, REG_DOMAIN=, assuming MS_Teams client is dialing 1514996+local_sip_user_extension_number to reach local registered SIP clients
  8. Click .
  9. From the Name selection list, choose
  10. Click Save.
  11. Click Apply to apply all changes to the configuration.
No will be displayed in the Config.Modified field, indicating that the configuration that was modified is now applied to the system. When the Mediatrix SBC will use the selected Call Agent for a communication, the selected parameters will be applied.


Associating Routing Rulesets to Your Configuration

Before you begin
Importing Rulesets must be completed for Routing Rulesets to be available.
  1. Go to SBC/Configuration
  2. In the Routing Rulesets table click to add a routing ruleset.
  3. From the Name selection list, select MS_Teams_local_users_routes.
  4. Click Save.
  5. Click Apply to apply all changes to the configuration.


Online Help

If you are not familiar with the meaning of the fields and buttons, click Show Help, located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will bedisplayed.


DGW Documentation

Mediatrix devices are supplied with an exhaustive set of documentation.

Mediatrix user documentation is available on the Media5 Documentation Portal.

Several types of documents were created to clearly present the information you are looking for. Our documentation includes:
  • Release notes: Generated at each GA release, this document includes the known and solved issues of the software. It also outlines the changes and the new features the release includes.
  • Configuration notes: These documents are created to facilitate the configuration of a specific use case. They address a configuration aspect we consider that most users will need to perform. However, in some cases, a configuration note is created after receiving a question from a customer. They provide standard step-by-step procedures detailing the values of the parameters to use. They provide a means of validation and present some conceptual information. The configuration notes are specifically created to guide the user through an aspect of the configuration.
  • Technical bulletins: These documents are created to facilitate the configuration of a specific technical action, such as performing a firmware upgrade.
  • Hardware installation guide: They provide the detailed procedure on how to safely and adequately install the unit. It provides information on card installation, cable connections, and how to access for the first time the Management interface.
  • User guide: The user guide explains how to customise to your needs the configuration of the unit. Although this document is task oriented, it provides conceptual information to help the user understand the purpose and impact of each task. The User Guide will provide information such as where and how TR-069 can be configured in the Management Interface, how to set firewalls, or how to use the CLI to configure parameters that are not available in the Management Interface.
  • Reference guide: This exhaustive document has been created for advanced users. It includes a description of all the parameters used by all the services of the Mediatrix units. You will find, for example, scripts to configure a specific parameter, notification messages sent by a service, or an action description used to create Rulesets. This document includes reference information such as a dictionary, and it does not include any step-by-step procedures.


Copyright Notice

Copyright © 2023 Media5 Corporation.

This document contains information that is proprietary to Media5 Corporation.

Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.

This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.

Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.