Topics Covered: SonicWALL QoS and Port Setup Step-by-Step Guide
1. To Begin:
- In the drop down menu, go to "Firewall Settings BWM"
- Type to Global
- Realtime checked set to 30% or whatever is needed 100k per call x number of calls
2. Go to Firewall Settings: "Flood Protection." Flood Protection UDP Settings change the default Timeout Value from 30 to 300 seconds and make sure that UDP Flood Protection is not Enabled (Default Value)
3. Set the bandwidth up for the WAN Interface
- Edit the WAN interface "Advance Tab." These are backwards upload is on top Enable Egress and Ingress to your ISP settings, verify with a speed test
4. VoIP > Settings:
- Enable consistent NAT: check.
- Enable SIP Transformations: Uncheck.
- Click "Apply"
5. Address Objects under Network
- Scroll to the Address Objects section and click Add and enter the following information in the window that pops up:
- Name: VoIP-NMS1---Primary server name goes here
- Zone Assignment: WAN
- Type: "Host"
- Network IP Address: your IP for your core\NMS server one
- Click "Add"
- Scroll to the Address Objects section and click "Add" and enter the following information
in the window that pops up: - Name: VoIP-NMS2-Secondary server name goes here
- Zone Assignment: WAN
- Type: "Host"
- Network IP Address: your IP for your NMS2\core2 server
- Click "Add"
6. Address Group
- Go to the section called Address Groups and click the "Add Group" button
- Name: Company Name Provided by System Admin VoIP Servers
- In the left panel scroll down till you see VoIP-NMS1 and VoIP-NMS2, select them all, and click "Next" button so that they are on the right hand side
- Click "OK"
7. Firewall Service Objects section
- Click the Firewall section and go to the Service Objects section, Select "Custom Services Radio" button.
- Scroll to the Services area and click "Add"
- Name: Provided by System Admin VoIP TCP-xxx port number
- Protocol: TCP
- Revised only open 5060,5061,9002 and 8001
- Click 'OK" and then repeat this for each range or individual
- In the Services area click "Add" again
- Name: Your Company Name, Provided by System Admin VoIP UDP
- Protocol: UDP
- Revised only open 69,694,5060-5066,5405 and 20000 to 27999
- Click "OK" and then repeat this for each range or individual
- Scroll to the Services Groups section and click "Add Group"
- Name: Company name, Provided by System Admin VoIP Ports
- In the left box click your company name, Provided by System Admin VoIP TCP XXXX and select
- In the left box click your company name, Provided by System Admin VoIP UDP XXXX and select
- Click the "Add" button
- Action: Allow
- From: LAN
- To: WAN
- Services: Provided by System Admin VoIP Ports
- Source Port: Any
- Source: LAN Subnets
- Destination: Provided by System Admin VoIP Servers
- Users Allowed: All
- Schedule: Always "On"
- Allow Fragmented Packets checked
- Click the Advanced TAB Change the UDP connection inactivity timeout to 300
- Click the QOS Tab
- DSCP Marking Action: Explicit
- Explicit DSCP Value: 46 – Expedited Forwarding (EF)
- 802.1p Marking Action
- Select Explicit and 6 for Voice
- Click the Ethernet Bandwidth Management Tab
- Check to Enable both Outbound and Inbound Bandwidth Management
- Set Priority to 1 Highest now Click "Add"
9. Click Firewall and in the access rules section (make sure that you are in Matrix View) and select the option From "WAN" to "LAN"- Add a Rule
- Action: Allow
- Source Port: Any
- Service: Provided by System Admin VoIP Ports
- Source: Provided by System Admin VoIP Servers
- Destination: WAN Primary IP or All WAN IP
- Users Allowed: All
- Schedule: Always On
- Enable Logging, Check
- Allow Fragmented Packets,
- Check Advanced Tab UDP Connection Inactivity change to 300 Seconds
- Click the QOS Tab
- DSCP Marking Action: Explicit
- Explicit DSCP Value: 46 – Expedited Forwarding (EF)
- 802.1p Marking Action
- Select: Explicit and 6 for Voice
- Click the Bandwidth Management Tab
- Check to Enable both Outbound and Inbound Bandwidth Management
- Set bandwidth priority to realtime
- Click "OK"
10. Click on network then click on "NAT policy."
- Click on custom policy and enter the following by Adding:
- Original Source: Provided by System Admin
- Translated Source: Original Original Destination: WAN Primary IP Translated Destination: LAN Subnets Original Service: Your Company Name, Provided by System Admin VoIP Ports Translated Service: Original
- Interface Inbound: Any Interface Outbound: Any Click "OK" to save
11. Firewall Settings -->Advanced
- Uncheck "Enable Stealth Mode"
- Dynamic Ports use dropdown and find RTSP, then uncheck "Enable RTSP"