|
Joined: Sep 2004
Posts: 4,220 Likes: 2
Member
|
Member
Joined: Sep 2004
Posts: 4,220 Likes: 2 |
Question, has anyone else had issues with Sonicwall blocking stuff even though you have opened up the ports? Anyone gotten NAT to work through a Sonicwall for remote IP phones? They seem to really be struggling to get this working correctly.
Thanks
|
|
|
Visit Atcom to get started with your new business VoIP phone system ASAP
Turn up is quick, painless, and can often be done same day.
Let us show you how to do VoIP right, resulting in crystal clear call quality and easy-to-use features that make everyone happy!
Proudly serving Canada from coast to coast.
|
|
|
Joined: Mar 2014
Posts: 365
Member
|
Member
Joined: Mar 2014
Posts: 365 |
Make sure SIP ALG is turned off. Check the UDP port forwarding in the router.
|
|
|
|
Joined: Aug 2003
Posts: 268
Member
|
Member
Joined: Aug 2003
Posts: 268 |
Three installs that had Sonicwalls of various models and ages. Never got one to work despite tech support involvement with NEC, customer IT departments and all the suggestions (ALG, Ports, etc.). The problem seems to be with Sonicwall's packet inspection process. The process takes too long and the VOIP packets time out to the SL1100 (wireshark revealed this). My solution in all cases was to take the internet connection from the carrier to a 5 port switch. One port goes to the Sonicwall and is essentially transparent. A second IP from the carrier is either available (most ISPs give a business 5 useable IPs), or purchased, and the second port from the switch goes to a "dumber" less intrusive router like a Best Buy Netgear. The netgear is set up to pass the traffic from the new IP to the NEC and NAT. The VOIP phones are configured to hit the new IP. The only caveat to this is that the users can no longer make changes to their extensions with a browser session on the LAN because the SL1100 is now on a different one, unless IT wants to assist with some additional routing for that purpose.
|
|
|
|
Joined: Sep 2004
Posts: 4,220 Likes: 2
Member
|
Member
Joined: Sep 2004
Posts: 4,220 Likes: 2 |
You could change the webpro port to say 8001 and have them use the ext IP. I have suggested this approach. Thank you.
|
|
|
|
Joined: Aug 2002
Posts: 2,608
Moderator-ESI, Shoretel
|
Moderator-ESI, Shoretel
Joined: Aug 2002
Posts: 2,608 |
Question, has anyone else had issues with Sonicwall blocking stuff even though you have opened up the ports? Anyone gotten NAT to work through a Sonicwall for remote IP phones? They seem to really be struggling to get this working correctly.
Thanks YES .... I would say it is the rule rather than the exception. I know one of my customers had Sonic Wall Tech Support involved and I believe they finally got it working.
|
|
|
|
Joined: Oct 2006
Posts: 1,416 Likes: 6
Member
|
Member
Joined: Oct 2006
Posts: 1,416 Likes: 6 |
I don't know if it applies to a Sonicwall or not, but I had a heck of a time getting a remote IP phone to work with customer's Fortinet firewall.
After much time going over ports and the SIP, ALG, etc. settings mentioned above, and with NEC support and Fortinet support, wireshark logs, etc, etc, the local IT guy found that the firewall must not use one to one NAT for the remote phone to work. One to one was the default for Fortinet.
Jim
|
|
|
|
Joined: Oct 2004
Posts: 1,492
Member
|
Member
Joined: Oct 2004
Posts: 1,492 |
Yes. I believe they way we got it working was something within the sonicwall rules for DPI (Deep Packet Inspection) was changed for the system IP and all has been working. When I get a chance I will ask one of our FW guys if they remember what it was that got changes for it to work.
The other way we worked around it was building a site to site VPN tunnel and all worked.
|
|
|
Forums84
Topics94,493
Posts639,867
Members49,836
|
Most Online5,661 May 23rd, 2018
|
|
2 members (RM SYSTEMS, Toner),
305
guests, and
38
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|