This configuration is on a Sonicwall TZ205 with 188.8.131.52-2o firmware, but should be relatively similar for all models.
Note: Sonicwall's IPS service has been known to block VoIP even if you have these rules set as it confuses it for a DDoS attack. If you lower the protection level from high, it generally fixes it.
We recommend the TZ series for no more then 25 phones. If you plan to expand beyond that we recommend the NSA series.
1. Consistent NAT
Ensure "Enable Consistent Nat" is checked
2. Enable WAN BWM (Bandwidth Management)
Ensure advanced is checked as seen below
3. Enable BWM on WAN
Click the configure pencil located next to your primary WAN connection
Under the bandwidth management section, check both enable Egress and Ingress. Egress is the upload speed of your internet connection. Ingress is the download speed. Best practice is to run a speed test before setting these options. The example below shows a 100MBPS download and 35MBPS upload speed connection.
4. Create LAN>Wan firewall rule to allow and prioritize all traffic to both of Syntel Solutions Servers
You are going to create a rule that allows all traffic to our server as seen in the screen shots below. Under the destination submenu click "create new network" to add our servers. You will build this rule three times, two using our NJ servers FQDN of core2-nj.syntelsolutions.com & core-nj.syntelsolutions.com, and the third rule will use our FL server of core-fl.syntelsolutions.com
Then under the QOS tab, change DSCP to "Explicit"
Under the BWM tab, check enable Egress and ingress, under the drop down you will create a new bandwidth object. You will use this for both inbound and outbound firewall rules as you will see later. The best rule of thumb is to guarantee about 25% of the bandwidth to the phones, and to allow 100% if needed. This way phone calls always will have priority, but not use the entire connection when not in use.
5. Now we go back to access rules, to create a similar rule from WAN>LAN
Here you will build similar rules to LAN>WAN, the only difference being we will be changing the "Source" to the Syntel Solutions Servers, and the other options to "any". Therefore creating a rule saying all traffic ONLY from our servers, is allowed and prioritized.
Be sure to set the QOS and BWM tabs the same as the previous rules
Congrats! You've successfully configured your firewall for the NexLine/Viirtue UCaas Platform.
Please sign in to leave a comment.