Sonicwall

Updated at August 9th, 2024

Current Status

Possibly compatible after changes.

Suggestions

Firmware v5.8.1.12 or lower, Disable SIP ALG.

Comments

Firmware v5.8.1.13 and higher contains a bug that causes issues with incoming calls on Sonicwall routers and firewalls. We recommend customers set enable ‘Consistent NAT’ (check the box) and disable ‘SIP Transformations’ (uncheck the box). Ensure that the MTU is set correctly for your ISP.


Go to Firewall Settings → BWM
BWM type change this to Global
Realtime checked set to 30% or whatever is needed 100k per call x number of calls
 
Go to Firewall Settings → Flood Protection → UDP Settings
Change the default Timeout Value from 30 to 300 seconds and make sure that UDP Flood Protection is not Enabled (Default Value)
 
Set the bandwidth up for the WAN Interface
Edit the WAN interface Advanced Tab—Upload is on top
Enable Egress and Ingress to your ISP settings, and verify with a speed test.
 
VoIP → Settings:
Enable consistent NAT: check.
Enable SIP Transformations: Uncheck
 
Click Apply

Select the Firewall Settings → Edit LAN → WAN Rule → AdvancedTCP Connection Inactivity Timeout (minutes) to 60

UDP Connection Inactivity Timeout (seconds) to 1800

Whitelisting

Select the Firewall → Access Rules and add a new rule with the following:

Service: Any
Source: WAN, Address Range 167.94.41.0 to 167.94.41.255
Destination: LAN, Address Range * to *
Comment: VOIPservice1
If there is an option for ‘Allow Fragmented Packets’ then please enable this option.
TCP Connection Inactivity Timeout (minutes) to 60
UDP Connection Inactivity Timeout (seconds) to 1800

Select the Firewall → Access Rules and add another new rule with the following:

Service: Any
Source: WAN, Address Range 15.222.191.147
Destination: LAN, Address Range * to *
Comment: VOIPservice2
If there is an option for ‘Allow Fragmented Packets’, then please enable this option.
TCP Connection Inactivity Timeout (minutes) to 60
UDP Connection Inactivity Timeout (seconds) to 1800

Select the Firewall → Access Rules and add another new rule with the following:

Service: Any
Source: WAN, Address Range 3.96.120.201
Destination: LAN, Address Range * to *
Comment: VOIPservice3
If there is an option for ‘Allow Fragmented Packets’, then please enable this option.
TCP Connection Inactivity Timeout (minutes) to 60
UDP Connection Inactivity Timeout (seconds) to 1800

 

NOTE: If you are uncomfortable with opening your firewall to our subnets, please, at minimum, forward to our Core IPs: 

  • 167.94.41.4
  • 167.94.41.34


 

**All routers and firewalls must forward the correct ports and configure Whitelisting for Hosted Voice Services; please click here for more information.

Was this article helpful?

Print to PDF