Configure SonicWALL Firewall
IMPORTANT: The instructions below will vary depending on your phone system and SonicWALL Model and firmware version you are running. The following article describes setting up the SonicWALL firewall on SonicWALL Model: TZ300 running 126.96.36.199 firmware, using the Avaya IP Office 500v2 phone system running version 9.1.5 firmware.
To configure the SonicWALL Firewall:
- In the left-hand navigation pane, click VoIP , and then click Settings . The Settings page appears.
- On the Settings page, verify that Enable consistent NAT and Enable SIP Transformations checkboxes are cleared:
Important: If you experience issues with one-way audio, and your PBX does not have the ability to know its public IP address, the Enable SIP Transformations checkbox must be selected.
- Create an RTP Service and Service Group for your PBX RTP Range, as shown in the example below.
- In the Create RTP Service section, create a service for your PBX Real-time Transport (RTP) range.
IMPORTANT: The RTP Port Range will vary depending on your PBX. Please do NOT use Port Range 49152-65535 unless you have an Avaya system.
- In the Create Service Group section, create a group and add the new SIP and RTP Range to that group.
- Create an Address Object and Address Group, as shown in the example below.
- Create Address Objects for the Private IP of the PBX and the two Flowroute IPs.
- Create an Address Group that includes the two Flowroute IPs.
- Create three NAT policies, as shown in the following example:
- Incoming for SIP (5060 or alternate SIP port 5160)
- Incoming for RTP Range
- Click the Advanced tab, and select the Disable Source Port Remap check box.
IMPORTANT: It is critical that the Disable Source Port Remap checkbox be selected.
If you do not have this option, you will need to update your SonicWALL firmware to a newer version. Some firmware versions are known to be very buggy and cause this setting to not work, even when it is enabled. If the Remap setting does not take effect, then please contact SonicWALL support to resolve the issue.
6. Create Firewall Access Rules, as shown in the following example.
- For Access Rule 1, set the incoming SIP from Flowroute to the PBX.
- For Access Rule 2, set the incoming RTP from Any to the PBX.
Updated: Feb 17, 2020 (2 months ago)