Difference between revisions of "Router Info Sonicwall"

From IPitomy Wiki
Jump to navigation Jump to search
(Created page with "We have a document on setting up a Sonicwall here: http://www.ipitomy.com/webrelease/Sonicwall/Sonicwall%20Quick%20Guide.pdf Additional info on Sonicwall has been received...")
 
 
(10 intermediate revisions by 2 users not shown)
Line 1: Line 1:
We have a document on setting up a Sonicwall here:
+
===Disable SIP Header Transformations and Enable Consistent NAT===
  
http://www.ipitomy.com/webrelease/Sonicwall/Sonicwall%20Quick%20Guide.pdf
+
SonicWALL SIP ALG is called SIP Header Transformations, this should be Disabled and Consistent NAT should be Enabled:<br/>
 +
[[File:Sonicwallcnsht.png]]
  
 +
===Create Outbound NAT Policy and Disable Source Port Remap===
  
Additional info on Sonicwall has been received from a customer recently:
+
In some cases the SonicWALL will remap the 5060 and 10000-20000 UDP source ports causing one way audio and calls dropping after 30 seconds.
  
It's seems the process of consistent NAT does not do what it's supposed to across the board therefore I've recommend that it is turned off across our knowledge base. We have verified that enabling an inside--outside rule resolves the problems with dropped calls as it forces the Sonicwall to stick to port 5060.
+
To resolve this, create an inside to outside rule like the following:
 +
<table>
 +
<tr>
 +
<td>
 +
'''Original Source:''' <br/>
 +
'''Translated Source:''' <br/>
 +
'''Original Destination:'''    <br/>
 +
'''Translated Destination:'''  <br/>
 +
'''Original Service:'''  <br/>
 +
'''Translated Service:'''  <br/>
 +
'''Inbound Interface:''' <br/>
 +
'''Outbound Interface:'''
 +
</td>
 +
<td><div style="margin-left: 30px;">
 +
PBX Private IP<br/>
 +
IP of the WAN interface (X1 IP for example)<br/>
 +
Address Group for our SIP servers (52.5.220.123 or 54.200.236.200)<br/>
 +
Original<br/>
 +
Service Group including 5060 UDP and 10000-20000 UDP<br/>
 +
Original<br/>
 +
Any<br/>
 +
WAN interface (X1 for example)
 +
</div></td>
 +
</tr>
 +
</table>
 +
 
 +
After that go to the Advanced tab and check the box for "Disable Source Port Remap" and click OK.<br/>
 +
[[File:Sonicwallspr.PNG|link=Special:FilePath/Sonicwallspr.PNG]]<br/>
 +
Once completed the PBX will always use the proper source ports on the WAN side.
 +
 
 +
===Create Access Policy with Increased UDP Timeout===
 +
 
 +
Most often seen in cloud deployments you will see phones going REACHABLE/UNREACHABLE with complaints of calls going directly to voicemail and BLFs not lighting properly.
 +
 
 +
To fix this add a LAN to WAN Access Policy as follows:
 +
<table>
 +
<tr>
 +
<td>
 +
'''From Zone:''' <br/>
 +
'''To Zone:''' <br/>
 +
'''Service:'''    <br/>
 +
'''Source:'''  <br/>
 +
'''Destination:'''  <br/>
 +
'''Users Allowed:'''  <br/>
 +
'''Schedule:'''
 +
</td>
 +
<td><div style="margin-left: 30px;">
 +
LAN<br/>
 +
WAN<br/>
 +
SIP (UDP 5060)<br/>
 +
Any<br/>
 +
Any<br/>
 +
All<br/>
 +
Always On
 +
</div></td>
 +
</tr>
 +
</table>
 +
 
 +
Navigate to the Advance tab and increase the UDP timeout to 300 seconds, once saved phones should remain REACHABLE.

Latest revision as of 19:27, 12 January 2022

Disable SIP Header Transformations and Enable Consistent NAT

SonicWALL SIP ALG is called SIP Header Transformations, this should be Disabled and Consistent NAT should be Enabled:
Sonicwallcnsht.png

Create Outbound NAT Policy and Disable Source Port Remap

In some cases the SonicWALL will remap the 5060 and 10000-20000 UDP source ports causing one way audio and calls dropping after 30 seconds.

To resolve this, create an inside to outside rule like the following:

Original Source:
Translated Source:
Original Destination:
Translated Destination:
Original Service:
Translated Service:
Inbound Interface:
Outbound Interface:

PBX Private IP
IP of the WAN interface (X1 IP for example)
Address Group for our SIP servers (52.5.220.123 or 54.200.236.200)
Original
Service Group including 5060 UDP and 10000-20000 UDP
Original
Any
WAN interface (X1 for example)

After that go to the Advanced tab and check the box for "Disable Source Port Remap" and click OK.
File:Sonicwallspr.PNG
Once completed the PBX will always use the proper source ports on the WAN side.

Create Access Policy with Increased UDP Timeout

Most often seen in cloud deployments you will see phones going REACHABLE/UNREACHABLE with complaints of calls going directly to voicemail and BLFs not lighting properly.

To fix this add a LAN to WAN Access Policy as follows:

From Zone:
To Zone:
Service:
Source:
Destination:
Users Allowed:
Schedule:

LAN
WAN
SIP (UDP 5060)
Any
Any
All
Always On

Navigate to the Advance tab and increase the UDP timeout to 300 seconds, once saved phones should remain REACHABLE.