sundance-communications.com/forum Forums TDM Business Telephone Systems NEC Telephones & Systems Sonicwall and NAT IP Phones

Question, has anyone else had issues with Sonicwall blocking stuff even though you have opened up the ports? Anyone gotten NAT to work through a Sonicwall for remote IP phones? They seem to really be struggling to get this working correctly.

Thanks

Make sure SIP ALG is turned off. Check the UDP port forwarding in the router.

Three installs that had Sonicwalls of various models and ages. Never got one to work despite tech support involvement with NEC, customer IT departments and all the suggestions (ALG, Ports, etc.). The problem seems to be with Sonicwall's packet inspection process. The process takes too long and the VOIP packets time out to the SL1100 (wireshark revealed this). My solution in all cases was to take the internet connection from the carrier to a 5 port switch. One port goes to the Sonicwall and is essentially transparent. A second IP from the carrier is either available (most ISPs give a business 5 useable IPs), or purchased, and the second port from the switch goes to a "dumber" less intrusive router like a Best Buy Netgear. The netgear is set up to pass the traffic from the new IP to the NEC and NAT. The VOIP phones are configured to hit the new IP. The only caveat to this is that the users can no longer make changes to their extensions with a browser session on the LAN because the SL1100 is now on a different one, unless IT wants to assist with some additional routing for that purpose.

You could change the webpro port to say 8001 and have them use the ext IP. I have suggested this approach. Thank you.

YES .... I would say it is the rule rather than the exception. I know one of my customers had Sonic Wall Tech Support involved and I believe they finally got it working.

I don't know if it applies to a Sonicwall or not, but I had a heck of a time getting a remote IP phone to work with customer's Fortinet firewall.

After much time going over ports and the SIP, ALG, etc. settings mentioned above, and with NEC support and Fortinet support, wireshark logs, etc, etc, the local IT guy found that the firewall must not use one to one NAT for the remote phone to work. One to one was the default for Fortinet.

Jim

Yes. I believe they way we got it working was something within the sonicwall rules for DPI (Deep Packet Inspection) was changed for the system IP and all has been working. When I get a chance I will ask one of our FW guys if they remember what it was that got changes for it to work.

The other way we worked around it was building a site to site VPN tunnel and all worked.