How to configure VoIP on SonicWALL to use any VoIP phone system behind SonicWALL
07/02/2021 18 665
Voice over IP or VoIP is an umbrella term for a set of technologies that allow voice traffic to be carried over Internet Protocol (IP) networks. VoIP transfers the voice streams of audio calls into data packets as opposed to traditional, analog circuit-switched voice communications used by the public switched telephone network (PSTN).
VoIP is the major driving force behind the convergence of networking and telecommunications by combining voice telephony and data into a single integrated IP network system. VoIP is all about saving cost for companies through eliminating costly redundant infrastructures and telecommunication usage charges while also delivering enhanced management features and calling services features.
This article describes the recommendations to setup a VoIP on SonicWALL when the VoIP phone system is behind SonicWALL firewall.
TIP: We recommend setting up VoIP phone system on a separate zone than the Data Zone or LAN Zone, this separates VoIP traffic from Data Traffic and we can apply different bandwidth policies, disable Security Services and useless inspections on VoIP traffic for a better call flow and audio quality.
Navigate to MANAGE | Network | Zones.
Click the Add icon. The Add Zone dialog displays.
Type a name for the new zone in the Name field as VoIP and from Security Type, select Trusted. Keep all the Security services unchecked as per screenshot below:
Navigate to MANAGE | Network | Interfaces. Either configure a physical interface with zone - VoIP or a VLAN interface with zone - VoIP.
Configure DHCP for the VoIP interface. Navigate to MANAGE | Network | DHCP Server.
Click on Add Dynamic. And check the box Interface Pre-Populate. Select the respective interface.
Navigate to MANAGE | Objects. Create Service objects for all the ports required by the VoIP phone system for it's functioning and club those together in a Service Group called VoIP Services. To configure Service object, click on How Can I Configure Service Objects?
Navigate to MANAGE | Rules | Access Rules. Create an Access rules from zone - WAN to zone - VoIP with Source - Any, Destination - WAN Interface IP , Service - VoIP Services.
Under Advanced, check the box, Disable DPI.
Create another Access rule from zone - VoIP to zone - WAN with Source - VoIP subnet, Destination - Any, Service - Any.
Under Advanced, check the box Disable DPI and optionally increase the UDP timeout to 120 seconds
Create two NAT policies as below. Check the box, create a reflexive policy on VoIP NAT Policy and keep it Uncheck on VoIP Loopback NAT.
Navigate to MANAGE | VoIP.
To Enable Consistent NAT, click on Enable Consistent NAT check box.
NOTE: Consistent NAT enhances standard NAT policy to provide greater compatibility with peer-to-peer applications that require a consistent IP address to connect to, such as VoIP. Consistent NAT uses an MD5 hashing method to consistently assign the same mapped public IP address and UDP Port pair to each internal private IP address and port pair.
CAUTION: Enabling Consistent NAT causes a slight decrease in overall security, because of the increased predictability of the address and port pairs.
To Enable SIP Transformations, click on Enable SIP Transformations check box.
TIP: If the Public Branch Exchange (PBX) that the SIP Server communicates with is located behind the SonicWall then SIP transformations should be disabled in most deployments. Consult with your VoIP vendor.
TIP: If the PBX is located outside the SonicWall, usually on the public Internet, then SIP transformation should be enabled in most deployments. Consult with your VoIP vendor.