Free delivery

McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

Dynamic search > >
UK Sales: 0330 1340 230

How to configure VoIP to use any VoIP phone system (best practices)

Description

Voice over IP or VoIP is an umbrella term for a set of technologies that allow voice traffic to be carried over Internet Protocol (IP) networks. VoIP transfers the voice streams of audio calls into data packets as opposed to traditional, analog circuit-switched voice communications used by the public switched telephone network (PSTN).

VoIP is the major driving force behind the convergence of networking and telecommunications by combining voice telephony and data into a single integrated IP network system. VoIP is all about saving cost for companies through eliminating costly redundant infrastructures and telecommunication usage charges while also delivering enhanced management features and calling services features.

This article describes the recommendations to setup a VoIP on SonicWALL when the VoIP phone system is behind SonicWALL firewall.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

TIP: We recommend setting up a VoIP phone system on a separate zone than the Data Zone or LAN Zone, this separates VoIP traffic from Data Traffic and we can apply different bandwidth policies, disable Security Services, and useless inspections on VoIP traffic for a better call flow and audio quality.

  1. Navigate to Object | Match Objects | Zones
  2. Click the Add icon. The Add Zone dialog displays.
  3. Type a name for the new zone in the Name field as VoIP and from Security Type, select Trusted. Keep all the Security services unchecked as per the screenshot below
    Image
  4. Navigate to Network | System | Interfaces. Either configure a physical interface with zone - VoIP or a VLAN interface with zone - VoIPImage
  5. To Configure a Physical interface with static IP, click on How To Configure A Physical Interface On SonicWALL With Static IP and select the zone - VoIP
    Image
  6. To Configure a Virtual interface with static IP, click on How Can I Configure Sub-Interfaces? and select zone - VoIP
    Image
  7. Configure DHCP for the VoIP interface. Navigate to Network | System | DHCP Server.
  8. Click on Add Dynamic. And check the box Interface Pre-Populate. Select the respective interface.Image
  9. Navigate to OBJECT | Match Object|Services. Create Service objects for all the ports required by the VoIP phone system for its functioning and club those together in a Service Group called VoIP Services. To configure the Service object, click on How Can I Configure Service Objects?

    Image

    Image

  10. Navigate to POLICY | Rules and policies| Access Rules. Create an Access rule from zone - WAN to zone - VoIP with Source - Any, Destination - WAN Interface IP , Service - VoIP Services.Image
  11. Under Security profile, check for DPI and Disable DPI
    Image
  12. Create another Access rule from zone - VoIP to zone - WAN with Source - VoIP subnet, Destination - Any, Service - Any. Under Security profile, check for DPI and Disable DPI. Under User & TCP/UDP optionally increase the UDP timeout between 120-300 seconds to avoid disruption on the calls Image

    Image
  13. Create two NAT policies as below. Check the box, create a reflexive policy on VoIP NAT Policy and keep it Uncheck on VoIP Loopback NAT.Image


    Image
  14. Create VOIP Loopback NAT policy
    Image
  15. Navigate to Network | VOIP| Settings
    Image
  16. To Enable Consistent NAT, click on Enable Consistent NAT check box.

    NOTE: Consistent NAT enhances standard NAT policy to provide greater compatibility with peer-to-peer applications that require a consistent IP address to connect to, such as VoIP. Consistent NAT uses an MD5 hashing method to consistently assign the same mapped public IP address and UDP Port pair to each internal private IP address and port pair.

    CAUTION: Enabling Consistent NAT causes a slight decrease in overall security, because of the increased predictability of the address and port pairs.
  17. 1. To Enable SIP Transformations, click on Enable SIP Transformations check box.
    TIP: If the Public Branch Exchange (PBX) that the SIP Server communicates with is located behind the SonicWall then SIP transformations should be disabled in most deployments. Consult with your VoIP vendor. TIP: If the PBX is located outside the SonicWall, usually on the public Internet, then SIP transformation should be enabled in most deployments. Consult with your VoIP vendor.
  18. To Disable SIP ALG, click on How To Disable SIP ALG

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

TIP: We recommend setting up VoIP phone system on a separate zone than the Data Zone or LAN Zone, this separates VoIP traffic from Data Traffic and we can apply different bandwidth policies, disable Security Services and useless inspections on VoIP traffic for a better call flow and audio quality.

  1. Navigate to MANAGE | Network | Zones.
  2. Click the Add icon. The Add Zone dialog displays.
  3. Type a name for the new zone in the Name field as VoIP and from Security Type, select Trusted. Keep all the Security services unchecked as per screenshot below:

    Image

  4. Navigate to MANAGE | Network | Interfaces. Either configure a physical interface with zone - VoIP or a VLAN interface with zone - VoIP.

    Image

  5. To Configure a Physical interface with static IP, click on How To Configure A Physical Interface On SonicWALL With Static IP and select the zone - VoIP.


    Image

  6. To Configure a Virtual interface with static IP, click on How Can I Configure Sub-Interfaces? and select zone - VoIP.

    Image

  7. Configure DHCP for the VoIP interface. Navigate to MANAGE | Network | DHCP Server.
  8. Click on Add Dynamic. And check the box Interface Pre-Populate. Select the respective interface.

    ImageImage

  9. Navigate to MANAGE | Objects. Create Service objects for all the ports required by the VoIP phone system for it's functioning and club those together in a Service Group called VoIP Services. To configure Service object, click on How Can I Configure Service Objects?

    Image

  10. Navigate to MANAGE | Rules | Access Rules. Create an Access rules from zone - WAN to zone - VoIP with Source - Any, Destination - WAN Interface IP , Service - VoIP Services.

    Image

  11. Under Advanced, check the box, Disable DPI.

    Image

  12. Create another Access rule from zone - VoIP to zone - WAN with Source - VoIP subnet, Destination - Any, Service - Any.

    Image

  13. Under Advanced, check the box Disable DPI and optionally increase the UDP timeout to 120 seconds

    Image

  14. Create two NAT policies as below. Check the box, create a reflexive policy on VoIP NAT Policy and keep it Uncheck on VoIP Loopback NAT.

    Image


    Image

  15. Navigate to MANAGE | VoIP.

    Image


  16. To Enable Consistent NAT, click on Enable Consistent NAT check box.

    NOTE: Consistent NAT enhances standard NAT policy to provide greater compatibility with peer-to-peer applications that require a consistent IP address to connect to, such as VoIP. Consistent NAT uses an MD5 hashing method to consistently assign the same mapped public IP address and UDP Port pair to each internal private IP address and port pair.

    CAUTION: Enabling Consistent NAT causes a slight decrease in overall security, because of the increased predictability of the address and port pairs.
  17. To Enable SIP Transformations, click on Enable SIP Transformations check box.


    TIP: If the Public Branch Exchange (PBX) that the SIP Server communicates with is located behind the SonicWall then SIP transformations should be disabled in most deployments. Consult with your VoIP vendor. TIP: If the PBX is located outside the SonicWall, usually on the public Internet, then SIP transformation should be enabled in most deployments. Consult with your VoIP vendor.

  18. To Disable SIP ALG, click on How To Disable SIP ALG