SonicWall

From VoIP.ms Wiki

Author: James A. Russo [email protected] / Halo3 Consulting, LLC

Synopsis:

When using a SonicWALL and a PBX behind that SonicWALL, some of the inbound SIP connections may get refused because the SonicWALL is quick to timeout the UDP sessions on the firewall. This will result in a situation where some incoming calls connect just fine, but then others just a minute or so later would timeout and never connect.

In our configuration we are using a TZ-210 running SonicOS Enhanced 5.8.1.13-1o. However, the same configuration can likely be done on various SonicWALL devices.

We were able to determine what was happening by watching the logs on the Sonicwall where would find dropped UDP packets originating from the VOIP.MS server on port 5060 to our WAN ip address on some various UDP port .

Solution:

The solution will be to add a firewall rule from LAN->WAN which will apply to the Internal LAN PBX IP to the Address group of the VOIP.MS servers. This will be an Allow Firewall rule, but more importantly will define the UDP session timeout to be 500 seconds (vs the normal 30 seconds).

Step 1: Creating the Address Objects

Create the address object for all the various VOIP.MS servers you may connect to. You should list your primary servers and any secondary servers you may connect to. You don’t want to fail over to a secondary server and then have to remember to modify your firewall rules.

These will be on the WAN zone, and should be FQDN objects. We do this so that if the IP address of the voip.ms server ever should change the rule will still work.

Repeat this for any other VOIP.MS servers you may connect to.