SonicWall Config

Connecting the SonicWall

In order to connect the SonicWall to the network:

  • Ensure the modem or other ISP provided equipment is in bridge mode. Anyone familiar with the local network setup will be able to assist with this.
  • Note: If the IP address is static, it will be necessary to load this information into the SonicWall.  
  • Connect the router to the modem provided by the ISP, ensuring that it is the only device connected. All other devices will connect to the router or a switch connected to the router.
  • In most cases the router can be accessed locally at 192.168.0.1 or 192.168.1.1.

Bandwidth Management

In general practice it is a good idea to set up bandwidth management for the phones, especially if they share the network with other devices. VoIP is an on-demand service and despite

  • Navigate to Firewall Settings.
  • Navigate to Bandwidth Management.
  • Ensure Bandwidth Management Type is set to Advanced.
  • Apply or save.

BWM.PNG

Increasing System UDP Timeout

  • Navigate to Firewall Settings.
  • Navigate to Flood Protection in the drop down menu.
  • Click on the UDP tab within this menu.
  • Set Default UDP Connection Timeout (seconds) to 180.

UDP_timeout_-_Flood_Protection.PNG

Configuring Address and Bandwidth Objects:

Address Objects allow IP addresses to be defined one time, and to be re-used in multiple instances throughout the SonicOS interface. The address object must be defined before the QoS option in the Access rules can be configured.

  • Navigate to the Policies Tab.
  • Under the Objects Tab
  • Click Address Objects.
  • Click Add.
  • Set the Name to Cytracom.
  • Set the Zone to WAN.
  • Set the Type to Range.
  • Press Add or ok when done.

Set the Starting IP Address and Ending IP Address to the Cyracom IP range. (209.105.249.194 - 209.105.249.252)

address_object.PNG

Bandwidth Objects allow inbound/outbound bandwidth expectations to be defined one time globally, and to be re-used in multiple instances throughout the SonicOS interface. The address object must be defined before the BWM option in the Access rules can be configured.

  • Navigate to the Policies Tab.
  • Under the Objects Tab
  • Click Bandwidth Objects.
  • Click Add.
  • Set the Name to Cytracom.
  • Set the Guaranteed Bandwidth to 90kbps multiplied by the number of phones at that location.
  • Set the Maximum Bandwidth to the maximum bandwidth provided by the ISP unless desired otherwise.
  • Set Traffic Priority to 0 Realtime.
  • Set the Violation Action to Delay.
  • Press Add or ok when done.

BWM_-_Object.PNG

Outgoing Traffic Rule  [General, Advanced, QoS, & BWM]

  • Set From Zone to LAN.
  • Set To Zone to WAN.
  • Set Service to Any.
  • Set Source to Any.
  • Set Destination to Cytracom.
  • Set Users Allowed to All.
  • Set Schedule to Always On.
  • Enable Logging should be checked.
  • Enable Seo-IP Filter should not be checked.
  • Enable Botnet Filter should not be checked.
  • Allow Fragmented Packets should be checked.

firewall_rule_LAN_to_WAN_-_general.PNG

Click the Advanced tab

  • Set UDP Connection Inactivity Timeout (seconds) to [180]
  • Disable DPI (If applicable)
  • Disable DPI-SSL Client (If applicable)
  • Disable DPI-SSL Server (If applicable)

firewall_rule_LAN_to_WAN_-_advanced.PNG

Click the QOS tab

  • Set DSCP Marking Action to Explicit.
  • Set Explicit DSCP Value to 46 - Expedited Forwarding (EF).

firewall_rule_LAN_to_WAN_-_QoS.PNG

Click the BWM tab

  • Check Enable Egress Bandwidth Management.
  • Choose the Cytracom Bandwidth Object from the drop down menu.
  • Check Enabled Ingress Bandwidth Management.
  • Choose the Cytracom Bandwidth Object from the drop down menu.
  • Save or Add the Rule when done.

firewall_LAN_to_WAN_-_BWM.PNG

Incoming Traffic Rule & QoS

*This rule is for especially complex networks where inbound traffic is treated with extreme prejudice

The only difference between this rule and the outbound rule is the To and From Zones as well as the Sources. Follow the same set up as the outgoing rule.

  • Set From Zone to WAN.
  • Set To Zone to LAN.
  • Set Service to Any.
  • Set Source to Cytracom.
  • Set Destination to Any.
  • Set Users Allowed to All.
  • Set Schedule to Always On.
  • Enable Logging should be checked.
  • Enable Geo-IP Filter should not be checked.
  • Enable Botnet Filter should not be checked.
  • Allow Fragmented Packets should be checked

Disabling SIP ALG

Commercial routers implement SIP ALG (application-level gateway), with this feature enabled by default. SIP ALG could help in solving NAT related problems, but many times SIP ALG implementations are wrong and break SIP. If SIP ALG is enabled on the SonicWall router, then the following will likely occur:

  • Registration failure
  • Call transfer issues
  • DTMF issues

Note: The above list is not comprehensive and SIP ALG can cause many other issues depending on the setup of the network.

To disable SIP ALG:

  • Log into the router.
  • Navigate to the VoIP on the top.
  • Check Enable Consistent NAT.
  • Uncheck Enable SIP Transformations.
  • Uncheck Enable H.323 Transformations.
  • Click Accept.

VoIP.PNG

Disabling SIP URI to use an explicit port

  • In the URL of the firewall (e.g. 192.168.1.1/main.html) change the main.html to diag.html
  • Scroll down to VoIP Settings
  • Uncheck Transform SIP URIs to have an explicit port

VoIP_Settings.PNG

Was this article helpful?
6 out of 7 found this helpful
Have more questions? Submit a request