Recommended Settings on a Sonicwall for Digital Voice

There are many different models of SonicWall as well as firmware versions. Not all routers will have all of these settings. Also these settings are not guaranteed to resolve voice issues, but they can help alleviate. We recommend using a separate router for your phones if possible.

I. Create Service Objects

You will need 2 Service Objects which you can group together for ease of management.

i. VOIP Registration for port 5060 to 5069 (default SIP registration ports)

ii. VOIP Media for port 10000 to 20000 (UDP) (main range for voice traffic)


II. Set Firewall Rules

Part 1: Inbound

Create a Firewall Rule for WAN to LAN to allow all traffic from VOIP Service.

Within the same rule, under the Advanced tab, change the UDP timeout to 350.

Part 2: Outbound

The default outbound rule (LAN to WAN) allows all traffic. Repeat Part 1 on this outbound rule and set the UDP Timeout to 350 seconds.

The Firewall Rules should then look like this:



III. Other

In the VOIP Section, make certain that "Enable Consistent Nat" is checked.

Under firewall settings, disable SPI (Stateful Packet Inspection)

Under Firewall Settings, Advanced, set UDP Timeout to 350 seconds

Have more questions? Submit a request

Comments

  • Avatar
    blake weaver

    Great article, however, I'm curious why the need to disable SPI, SPI is a very good security feature to have and is required for PCI compliance. Is there a way to just ignore SPI on the VOIP traffic? We are using the 5.9.0.4 firmware which is a little outdated i know,

  • Avatar
    Rob

    Excellent question! SPI inspects every packet that comes through your network, thus creating extra overhead. This can (but does not always) create issues for live voice traffic. SPI is good to use for data networks for security reasons, so our best recommendation is to segregate your voice and data networks onto 2 different routers.