Difference between revisions of "Sonicwall Configuration for XMission Voice"

From XMission Wiki
Jump to: navigation, search
(Consistent NAT)
(Create Address Group for Voice Services)
 
(4 intermediate revisions by the same user not shown)
Line 23: Line 23:
 
# Click on Firewall Settings
 
# Click on Firewall Settings
 
# Click on Advanced
 
# Click on Advanced
# Select the check boxes for Enable Stealth Modeand Randomize IP ID
+
# Select the check boxes for Enable Stealth Mode and Randomize IP ID
:# [[File:Advanced_Firewall.png]]
+
#: [[File:Advanced_Firewall.png]]
 
# Click Accept
 
# Click Accept
  
Line 30: Line 30:
 
# Under Network > Services click Add...
 
# Under Network > Services click Add...
 
# Fill the popup as follows:
 
# Fill the popup as follows:
:* Name: VoIP RTP
+
#:* Name: VoIP RTP
:* Protocol: UDP
+
#:* Protocol: UDP
:* Port Range: 3000 - 65000
+
#:* Port Range: 3000 - 65000
:* Sub Type: None
+
#:* Sub Type: None
 
# Click Add
 
# Click Add
:# [[File:Custom_Voip.png]]
+
#: [[File:Custom_Voip.png|400px]]
 
# Click on Service Groups > Add Group...
 
# Click on Service Groups > Add Group...
 
# Name: VOIP Services
 
# Name: VOIP Services
 
# Add the following services to the right box
 
# Add the following services to the right box
:* SIP
+
#:* SIP
:* VoIP RTP
+
#:* VoIP RTP
:* Click Add
+
#:* Click Add
[[File:Custom_Voip(2).png]]
+
#: [[File:Custom_Voip(2).png|400px]]
 
 
  
 
== Create LAN > WAN Rule for Services ==
 
== Create LAN > WAN Rule for Services ==
Line 50: Line 49:
 
# Click on the arrow under LAN > WAN
 
# Click on the arrow under LAN > WAN
 
# Click on Add...
 
# Click on Add...
:* Source Port: Any
+
#:* Source Port: Any
:* Service: VOIP Services
+
#:* Service: VOIP Services
:* Source: Any
+
#:* Source: Any
:* Destination: Any  
+
#:* Destination: Any  
:* Users Included: All
+
#:* Users Included: All
:* Users Excluded: None
+
#:* Users Excluded: None
:* Schedule: Always On
+
#:* Schedule: Always On
:* Comment: QoS for VoIP Phones
+
#:* Comment: QoS for VoIP Phones
:* Enable Logging: True
+
#:* Enable Logging: True
:* Allow Fragmented Packets: True
+
#:* Allow Fragmented Packets: True
:# [[File:Lan_Wan_Rule.png]]
+
#: [[File:Lan_Wan_Rule.png|600px]]
 
# Click on the Advanced tab
 
# Click on the Advanced tab
:* UDP Connection Inactivity Timeout (seconds): 90
+
#:* UDP Connection Inactivity Timeout (seconds): 90
[[File:Lan_Wan_Rule(2).png]]
+
# [[File:Lan_Wan_Rule(2).png|600px]]
  
 
== Create Address Group for Voice Services ==
 
== Create Address Group for Voice Services ==
 
# Click Firewall > Address Objects > Add
 
# Click Firewall > Address Objects > Add
 
# Fill out the following:  
 
# Fill out the following:  
:* Name: Name of the Assignment  
+
#:* Name: Name of the Assignment  
:* Zone Assignment: WAN
+
#:* Zone Assignment: WAN
:* Type: Host
+
#:* Type: Host
:* IP Address:
+
#:* IP Address:
::(SLC) SUMOFIBER colocation: 198.91.51.90
+
#::: (SLC) SUMOFIBER colocation: 198.91.51.90
::(SLC) XMISSION colocation: 208.83.224.245
+
#::: (SLC) XMISSION colocation: 208.83.224.245
::(LAS) SWITCH colocation: 162.252.224.11                     
+
#::: (LAS) SWITCH colocation: 162.252.224.11                     
 
# Add each IP Address for Voice Services as an Address Object
 
# Add each IP Address for Voice Services as an Address Object
:# [[File:Address_Group.png]]
+
#: [[File:Address_Group.png|400px]]
 
# Create an Address Group and add the address objects that were created
 
# Create an Address Group and add the address objects that were created
:* Name: Voice Services
+
#:* Name: Voice Services
 
 
  
 
== Excluding Voice Services IPs under Security Services (if applicable) ==
 
== Excluding Voice Services IPs under Security Services (if applicable) ==

Latest revision as of 08:36, 17 August 2022

If you have a Sonicwall and are using XMission Business or HostedPBX Voice Service you may come into issues such as:

  • Registration failure
  • Slow to dial out
  • Non-clear HD Voice quality
  • and more.

We suggest that the following settings are set up in the Sonicwall Device.

NOTE: depending on the model and firmware, the images may not match.

Consistent NAT

  1. Click on VoIP
  2. Click on Settings
  3. Select the checkbox for Enable consistent NAT
  4. Every other checkbox on this page should be unchecked
    Consistent Nat.png
  5. Click Accept

Advanced Firewall Settings

  1. Click on Firewall Settings
  2. Click on Advanced
  3. Select the check boxes for Enable Stealth Mode and Randomize IP ID
    Advanced Firewall.png
  4. Click Accept

Create Custom VoIP Services

  1. Under Network > Services click Add...
  2. Fill the popup as follows:
    • Name: VoIP RTP
    • Protocol: UDP
    • Port Range: 3000 - 65000
    • Sub Type: None
  3. Click Add
    Custom Voip.png
  4. Click on Service Groups > Add Group...
  5. Name: VOIP Services
  6. Add the following services to the right box
    • SIP
    • VoIP RTP
    • Click Add
    Custom Voip(2).png

Create LAN > WAN Rule for Services

  1. Navigate to Firewall > Access Rules
  2. Click on Matrix
  3. Click on the arrow under LAN > WAN
  4. Click on Add...
    • Source Port: Any
    • Service: VOIP Services
    • Source: Any
    • Destination: Any
    • Users Included: All
    • Users Excluded: None
    • Schedule: Always On
    • Comment: QoS for VoIP Phones
    • Enable Logging: True
    • Allow Fragmented Packets: True
    Lan Wan Rule.png
  5. Click on the Advanced tab
    • UDP Connection Inactivity Timeout (seconds): 90
  6. Lan Wan Rule(2).png

Create Address Group for Voice Services

  1. Click Firewall > Address Objects > Add
  2. Fill out the following:
    • Name: Name of the Assignment
    • Zone Assignment: WAN
    • Type: Host
    • IP Address:
    (SLC) SUMOFIBER colocation: 198.91.51.90
    (SLC) XMISSION colocation: 208.83.224.245
    (LAS) SWITCH colocation: 162.252.224.11
  3. Add each IP Address for Voice Services as an Address Object
    Address Group.png
  4. Create an Address Group and add the address objects that were created
    • Name: Voice Services

Excluding Voice Services IPs under Security Services (if applicable)

  1. Click Security Services
  2. Check each Service and see if it is enabled
  3. If so, you need to enable the Exclusion List on each service and set it to Voice Services
  4. Example: Content Filter
  1. Exclude Services.png
  1. Once you exclude it, click Accept