SonicWall Settings

There are optional settings as well as necessary settings to setup a SonicWall appliance to allow VoIP traffic to and from RingFree’s servers. Each section that is not necessary will go be noted with “optional” in case you are having more issues with jitter or dropped packets on your network or if you want to truly separate the voice traffic from the LAN. In a simple environment or, if your network does not have managed switches, you can skip to the Enable Consistent NAT section and set the minimal settings there.

Prerequisites

  • SonicWall admin credentials
  • VLAN setup for the voice network
  • Accurate bandwidth numbers for the WAN (such as from speedtest.net)
  • The number of phones behind the appliance

Create Voice Zone (optional)

  1. Login to SonicWall and navigate to Network
  2. Click on Zones and create a new zone for the voice traffic
  3. Click Add Zone and name the zone VOIP
  4. Set the security type to Trusted and select Allow Interface Trust
  5. Click OK to save

Create Interface (optional)

We need to create a VLAN tagged sub-interface (virtual interface).

Virtual Port

  1. Navigate to Network and click on Interface
  2. Under Add Interface, select Virtual Interface
  3. Set the Zone to VOIP that we created earlier. Set the VLAN Tag to your voice VLAN on your switch.
  4. Set the Parent Interface to your XO or LAN interface or whichever one that connects to your switch.
  5. Change the Mode/IP Assignment to Static IP Mode
  6. Set an IP for the router that is not on the same subnet as the LAN. If the LAN is 192.168.1.1, set the IP to something like 192.168.2.1
  7. Enable management by selected HTTP or HTTPS. If you don’t want management on this interface, at the very least enable Ping for troubleshooting purposes.
  8. If you want QoS, go to the Advanced tag and select Enable Default 802.1p CoS. Set it to 6 – Voice
  9. Click OK to save

Edit/Create DHCP for the New Interface

If DHCP was already enabled on the device a DHCP scope will be created automatically to be edited for the network environment. If DHCP was disabled, create a DHCP scope.

  1. Navigate to Network and then to DHCP.
  2. Click Add Dynamic and select Interface Pre-Populate
  3. Select the VLAN Tagged interface and let it fill out the scope automatically
  4. Edit the scope as needed

Bandwidth Management (optional)

  1. Click on Firewall Settings and then BMW
  2. Set the Bandwidth Management Type to Global and click Apply
  3. Navigate back to Network and click on Interfaces
  4. Click the pencil icon next to your WAN interface and go to the Advanced tag
  5. Select Ingress and Egress Bandwidth Management
  6. Enter your Egress (upload) and Ingress (downlaod) speeds in Kbps. You can achieve that by multiplying your Mbps by 1024.
  7. Navigate back to Firewall Settings and then BWM
  8. Enable only Medium and High

We now need to calculate the amount of bandwidth the phones will require. Each call takes about 80 Kbps each direction. There is also about 15 Kbps of overhead if you are not using QoS. Simply multiply 95 Kbps by how many phones you have behind the router. Then calculate what percentage of the bandwidth that will take.

In this example, we will use a 10Mbps X 10Mbps connection with 11 phones/devices. When calculated the devices will take about 1Mbps. That is about 10% of the 10Mbps connection.

  • On the High Category set the Guaranteed to 10% and the Maximum/Burst to 100%
  • On the Medium Category set the Guaranteed to 0% and the Maximum to 90%
  • Click Accept to apply the changes

Consistent NAT / SIP Settings

  1. Navigate to VoIP and click on Settings
  2. Enable Consistent NAT
  3. Disable anything else in the VoIP section, particularly SIP transformations.
  4. Click Apply to save

Configure Firewall Rules

Address Objects

  • Navigate to Firewall and click on Address Objects
  • Click on Add under Address Objects. Set the Zone Assignment to WAN and Type to Host
  • Create an Address Object for each Ringfree IP address
Name:                IP Address:
-----------------------------------
Ringfree Server 1    209.51.167.251
Ringfree Server 2    209.51.167.254
Ringfree Server 3    70.36.23.125
Ringfree Server 4    70.36.23.123
  • Once finished click Close
  • Click Add Group and name it Ringfree Servers
  • Add the four servers just created into the group and click OK to save

RTP Ports Object

  1. Navigate to Firewall and click on Service Objects
  2. Click Add under Services
  3. name the service RTP and set the protocol to UDP(17)
  4. Set the port range to 10000 – 20000 and click Add and Close

Build Firewall Rules

SIP Ports

  1. Click on Firewall and then Access Rules. Click on Matrix view and then select “From VOIP to WAN” (or “LAN to WAN” if you didn’t set up the VOIP Zone)
  2. Click Add to add a new rule
  3. Make sure Allow is selected. Under Service select SIP from the drop-down
  4. The Source will be the interface created earlier (i.e. X0:2 Subnet)
  5. If an interface wasn’t set earlier, set this to LAN Primary Subnet
  6. Set the destination to Ringfree Servers
  7. Click Advanced and set the UDP timeout to 3600 seconds
  8. Click the Ethernet BWM tab and check inbound and outbound management
  9. Set the priority to High for inbound and outbound
  10. Click Add to save

RTP Ports

  1. Just change the service to RTP and leave everything else the same
  2. Click Advanced and set the UDP timeout to 300 seconds
  3. Click Add and Close to save

Notes

If App Rules are enabled, you may run into some issues with calls as well. Simply add the RingFree Servers address group to the app rule exceptions.