Sorry, but here is where I take issue - “the ucm will sned a registration request to your provider and the ports will open by way of being a new connection and for as long has the regsitration s alive the connection will be established all required ports will remain open.”
The registration period being alive is dependent upon the expiry. As long as it is “alive” then there is no need for any traffic as neither side expects to hear from the other as both sides consider the other to be alive and able to accommodate calls. The router has no understanding of “for as long as the…”, it only knows that packets are egressing thru the port at which point it will maintain it open using NAT/PAT tables in conjunction with the UDP idle timeout or if the idle timeout is reached, it will close.
We do not know that a registration port is in play. It could be peer. The post made no mention of which is used. It does sound like a register trunk given the reboot, but it is not explicitly stated.
If register, the expiry could be 3600 seconds. Both sides think the other is aware and ready. After some period of time the ports on the client firewall close, but do so before the registration expires. A call comes into the provider who then attempts to send to the client, but the client firewall not having passed any traffic outbound to open the port, will not allow the incoming packets to pass to the UCM on the other side. The registration has not expired and is therefore considered alive.
There is no difference from a firewall perspective between open ports for remote phones or a provider. The only difference is that the role of UA is reversed, thereby making the UCM the server rather than the client for the phone. Granted the phone will generate the register request, but the point is that in order for a provider or a phone to reach the UCM, the ports must be open and available for the UCM to see the messaging. The register attempts from the UCM may force the ports open for a bit, but it has nothing to do with the registration per se, but the sending of a packet be it a registration, keep alive packet of heartbeat/qualify prior to the expiry of the UDP port idle time so that it stays open in the event unsolicited but valid messaging is sent from whatever the remote is using.
So, I think we are saying mostly the same thing, but what I am trying to get across is that a register has a lifetime based upon an expiry of which the router is not aware. As long as the registration period has not expired, it is considered live. Its a wording thing mostly, but a number of folks without knowing all the nuances will take a statement and then assume that a best practice is to not open the ports and then wonder why calls stopped flowing later on.
In any event, the original post is somewhat different I think. There is never the issue that the call does not get thru on the SIP side, regardless of timing. It is that the audio fails to flow, but only after some time.
So, how is the remote side set with its firewall? Forwarded ports, SIP ALGS off, static private IP on the phone, using random ports, NAT IP Address used? It takes 2 to tango.