- Login to the Sonic Wall web portal
-
Go to VoIP > Settings:
-
Enable consistent NAT: Uncheck.
-
Enable SIP Transformations: Uncheck.
-
Click Apply
-
-
Critical: Do the following steps to remove old firewall rules that can conflict with the new rules.
-
Go to Firewall > Access Rules > Matrix (top-left):
-
Select the Arrow that intersects with LAN to LAN.
-
Disable or delete any rules that say VoIP, or Voice under Destination or Service.
-
-
Click on Matrix (top-left):
-
Select the Arrow that intersects with LAN to WAN.
-
-
Disable or delete any rules that say VoIP, or Voice under Destination or Service.
-
-
Click on Matrix (top-left):
-
Select the Arrow that intersects with WAN to LAN.
-
-
Disable or delete any rules that say VoIP, or Voice under Destination or Service.
-
Click on Matrix (top-left):
-
Select the Arrow that intersects with WAN to WAN.
-
-
Disable or delete any rules that say VoIP, or Voice under Destination or Service.
-
Go to Firewall > Service Objects:
-
Scroll down to the Service Objects section > Add > Do the following:
- You will need to create service objects for IP ports that pertain to the VoIP product being used. Ports range from
- TCP: 10001, 5060-5069
- UDP: 4000-4999, 5060-5069, 10000-20000
- You will need to create service objects for IP ports that pertain to the VoIP product being used. Ports range from
-
-
Scroll up to Service Groups > Add > Do the following:
-
Name: “Cloud Voice Service Ports”.
-
In the left-hand box, highlight the Service Objects you created.
-
Click the "->" button to move those Objects to the right.
-
Click OK.
-
-
Go to Network > Address Objects:
-
Scroll down to Address Objects > Add > Do the following:
-
You will need to create address objects that pertain to the VoIP product being used. Aline's IP is 192.151.131.40
-
-
Scroll up to Address Groups > Add > Do the following:
-
Name: "Cloud Voice Servers".
-
In the left-hand box, highlight the Address Object(s) you created above.
-
Click the "->" button to move those Object(s) to the right.
-
Click OK.
-
You may get an error saying that that an Address Object doesn't exist.
-
This is either due to the SonicWall login timing out as you were adding the Service objects.
-
Or it may be due to a bug affecting SonicWall firmware 5.8.1.2-6o.
-
Just delete the affected Service Objects, re-create them, and then add them to the Service Group.
-
-
-
-
Go to Firewall > Access Rules > Add:
-
General Tab:
-
Action: Allow.
-
From Zone: LAN.
-
To Zone: WAN.
-
Source Port: Any.
-
It is OK if you don't see this option. It only exists in the latest SonicWall firmware versions.
-
-
Service: Cloud Voice Service Ports.
-
Source: LAN Subnets.
-
Destination: Cloud Voice Servers.
-
Users Allowed: All.
-
Users Excluded: None.
-
-
It is OK if you don't see this option. It only exists in the latest SonicWall firmware versions.
-
Schedule: Always On.
-
Comment: Allow Cloud Voice VoIP Devices.
-
Allow Fragmented Packets: Uncheck.
-
The following boxes are optional but useful. Depending on the model of your SonicWall, you may not have one or more of the options below:
-
Enable Logging: Check.
-
Enable flow reporting: Check.
-
Enable packet monitor: Check.
-
Enable Geo-IP Filter: Check.
-
Enable Botnet Filter: Check.
-
Enable Management: Uncheck.
-
-
Click on the QoS tab:
-
DSCP Marking Action: Preserve.
-
802.1p Marking Action: None.
-
-
Click on the Advanced tab:
-
TCP Connection Inactivity Timeout (minutes): 15.
-
UDP Connection Inactivity Timeout (seconds): 350.
-
Number of connections allowed (% of maximum connections): 100.
-
Enable connection limit for each Source IP Address: Uncheck.
-
Enable connection limit for each Destination IP Address: Uncheck.
-
Create a reflexive rule: Check.
-
This will automatically create the WAN to LAN rule for you.
-
If you do not have the 'Create a reflexive rule' option, you will need to create the Reflective rule manually by doing the following:
- Go to Firewall > Access Rules > click Add to create the WAN to LAN rule:
- Action: Allow.
- From Zone: WAN.
- To Zone: LAN.
- Source Port: Any.
- It is OK if you don't see this option. It only exists in the latest SonicWall firmware versions.
- Service: Cloud Voice Service Ports
- Source: Cloud Voice Servers
- Destination: LAN Subnets
- Schedule: Always On.
- Comment: Allow Cloud Voice VoIP Devices.
- The following boxes are optional but useful. Depending on the model of your SonicWall, you may not have one or more of the options below:
- Enable Logging: Check.
- Allow Fragmented Packets: Uncheck
- Enable flow reporting: Check.
- Enable packet monitor: Check.
- Enable Geo-IP Filter: Check.
- Enable Botnet Filter: Check.
- Enable Management: Uncheck.
- Click on the Advanced tab:
- TCP Connection Inactivity Timeout (minutes): 15.
- UDP Connection Inactivity Timeout (seconds): 60.
- Number of connections allowed (% of maximum connections): 100.
- Enable connection limit for each Source IP Address: Uncheck.
- Enable connection limit for each Destination IP Address: Uncheck.
- Create a reflexive rule: Check.
- Click on the QoS tab:
- DSCP Marking Action: Preserve.
- 802.1p Marking Action: None.
- Click OK.
- Go to Firewall > Access Rules > click Add to create the WAN to LAN rule:
-
-
-
-
This step is needed for reserve the bandwidth the phones & fax devices need to ensure excellent call & fax quality.
-
Warning: This process can cause your computers and phones to lose internet connection for a few minutes or much longer if an unexpected issues arises.
-
Make sure only to make these changes when when you can risk losing internet connectivity.
-
-
Go to Firewall Settings > BWM (Bandwidth Management):
-
If you do not have a BWM option:
-
Then you or your IT will need to upgrade the SonicWall to the latest stable General Release firmware version.
-
Call SonicWall if you need help upgrading the firmware.
-
If you still do not have this option, your SonicWall is too old and does not support full-BWM. Results may vary. Skip to step "A" below.
-
-
-
There are many ways to setup BWM.
-
Below is our general method that is used to encompass most customers' sites.
-
If BWM was already setup by your IT, then consult with your IT before making any of the changes below.
-
Use only the Easy Method or Advanced Method below:
-
Easy Method:
-
Bandwidth Management Type: Global.
-
Set the Priority Levels to match the table below:
-
0 Realtime.
Enable: Checked.
Guaranteed: 30%.
Maximum/Burst: 100%.
1 Highest.
Unchecked.
Guaranteed: 0%.
Maximum/Burst: 0%.
2 High.
Unchecked.
Guaranteed: 0%.
Maximum/Burst: 0%.
3 Medium High.
Unchecked.
Guaranteed: 0%.
Maximum/Burst: 0%.
4 Medium.
Enable: Checked.
Guaranteed: 70%.
Maximum/Burst: 70%.
5 Medium Low.
Unchecked.
Guaranteed: 0%.
Maximum/Burst: 0%.
6 Low.
Unchecked.
Guaranteed: 0%.
Maximum/Burst: 0%.
7 Lowest.
Unchecked.
Guaranteed: 0%.
Maximum/Burst: 0%.
-
Total: Should auto set to 100.
-
If the total is higher than 100, something is wrong.
-
Double-check your changes to confirm they were entered correctly.
-
Click Accept.
-
-
This step is required to allow the SonicWall to guarantee that the phones and faxes get the bandwidth they need to/from the WAN interface to the ISP & LAN.
-
Go to Network > Interfaces:
-
Find the WAN interface the phone equipment is behind.
-
Click the pencil icon all the way to the right to edit it's configuration.
-
Click on the Advanced Tab > Bandwidth Management:
-
Enable Egress Bandwidth Management: Check.
-
Available Interface Egress Bandwidth (Kbps):
-
Enter in only 80-95% of your the Upload bandwidth you pay for.
-
If you do not know what it is, take the average of 3 Upload results here.
-
-
-
Enable Ingress Bandwidth Management: Check.
-
Available Interface Ingress Bandwidth (Kbps):
-
Enter in only 80-95% of your the Download bandwidth you pay for.
-
If you do not know what it is, take the average of 3 Download results at here.
-
-
Click OK.
-
-
-
-
-
This step is required to allow the SonicWall to guarantee that the phones and faxes get the bandwidth they need in the LAN-to-WAN bridge:
-
Go to Network > Interfaces:
-
Find the LAN interface the phone equipment is behind.
-
Click the pencil icon all the way to the right to edit it's configuration.
-
Click on the Advanced Tab > Bandwidth Management:
-
Enable Egress Bandwidth Management: Check.
-
Available Interface Egress Bandwidth (Kbps):
-
Enter in only 80-95% of your the Download bandwidth you pay for.
-
If you do not know what it is, take the average of 3 Download results at here.
-
-
-
Enable Ingress Bandwidth Management: Check.
-
Available Interface Ingress Bandwidth (Kbps):
-
Enter in only 80-95% of your the Upload bandwidth you pay for.
-
If you do not know what it is, take the average of 3 Upload results at here.
-
-
Click OK.
-
-
-
-
-
Go to Firewall > Access Rules > Matrix (top-left):
-
Select the Arrow that intersects with LAN to WAN.
-
Find the rule that shows Cloud Voice Servers and Cloud Voice Service Ports.
-
Click the Edit Pencil icon to the right of the rule.
-
-
Ethernet BWM tab:
-
Enable Egress Bandwidth Management ('allow' rules only):
-
Bandwidth Priority: 0 Realtime.
-
-
Enable Ingress Bandwidth Management ('allow' rules only):
-
Bandwidth Priority: 0 Realtime.
-
-
Click OK.
-
-
Click on Matrix (top-left):
-
Select the Arrow that intersects with WAN to LAN.
-
Find the rule that shows Cloud Voice Servers and Cloud Voice Service Ports.
-
Click the Edit Pencil icon to the right of the rule.
-
Ethernet BWM tab:
-
Enable Egress Bandwidth Management ('allow' rules only):
-
Bandwidth Priority: 0 Realtime.
-
-
Enable Ingress Bandwidth Management ('allow' rules only):
-
Bandwidth Priority: 0 Realtime.
-
-
Click OK.
-
-
-
-
-
-
-