Introduction
This guide provides our recommended configuration for Sonicwall firewalls to ensure optimal VoIP performance.
âś… Quick Checklist: Signs Your Sonicwall Needs VoIP Optimization
If you notice any of the following, this guide is for you:
Symptom | Description |
|---|---|
Phone deregistration | Phones showing "Not Registered" when they shouldn't |
One-way audio | You can hear the other party, but they can't hear you (or vice versa) |
Dropped calls | Calls disconnect after a specific time period |
No incoming calls | Phone doesn't ring for incoming calls |
Call transfer failures | Parties can't hear each other after transfers |
Call hold issues | Audio doesn't return after placing a call on hold |
Provider-Specific Requirements
Important: You need to configure the following settings on your Sonicwall firewall.
Requirement | Specification |
|---|---|
IP Range to Whitelist |
|
SIP-ALG Status | Must be DISABLED |
Consistent NAT | Must be ENABLED |
Core Configuration Steps
VoIP-Specific Settings (CRITICAL)
Critical: These settings MUST be configured exactly as shown. Incorrect settings will cause VoIP failure.
Navigation | Setting | Action |
|---|---|---|
| Enable Consistent NAT | âś… CHECK |
Enable SIP Transformations | ❌ UNCHECK (Disables SIP-ALG) |
Bandwidth Management
Navigation | Setting | Value |
|---|---|---|
| BWM Type |
|
Realtime Bandwidth | âś… CHECK; Set to |
Flood Protection
Navigation | Setting | Action |
|---|---|---|
| UDP Flood Protection | ❌ UNCHECK (Keep disabled) |
UDP Timeout Value | Change from |
WAN Interface Bandwidth
Navigation | Setting | Action |
|---|---|---|
| Egress Bandwidth (Upload) | âś… CHECK; Set to ISP Upload speed |
Ingress Bandwidth (Download) | âś… CHECK; Set to ISP Download speed |
Pro tip: Verify your actual speeds using a reliable speed test before configuring these values.
Advanced Connection Timeouts
Navigation | Setting | Value |
|---|---|---|
| TCP Inactivity Timeout |
|
UDP Inactivity Timeout |
|
IP Whitelisting
Create the following access rule to allow traffic from our servers.
Field | Value |
|---|---|
Service | Any |
Source |
|
Destination |
|
Comment |
|
Advanced | Allow Fragmented Packets |
TCP Timeout: | |
UDP Timeout: |
Note: The
/27notation includes 32 IP addresses ranging from64.26.133.64to64.26.133.95.
âś… Configuration Checklist
# | Task |
|---|---|
1 | Consistent NAT Enabled |
2 | SIP Transformations Disabled (SIP-ALG off) |
3 | BWM configured (Global) |
4 | UDP Flood Protection disabled |
5 | UDP timeout set to |
6 | WAN bandwidth limits applied (Egress/Ingress) |
7 | TCP timeout set to |
8 | UDP timeout (advanced) set to |
9 | Whitelist Rule created: |
10 | All changes applied and configuration saved |
Verification & Testing
SIP-ALG Verification Test
Test URL:
http://mcstest.visualware.com/myspeed/myvoiph5_g711_sipalg.html
Item | Detail |
|---|---|
Requirement | Download the BCS utility when prompted |
Expected Result |
|
If Result Shows "Y" | SIP-ALG is still active. Revisit Section 2.1 and confirm SIP Transformations are UNCHECKED. |
Functional Testing
Test Case | Procedure | Expected Result |
|---|---|---|
Outbound Call | Place call to external number | Two-way audio established |
Inbound Call | Call in from external number | Phone rings, call connects with two-way audio |
Call Hold/Resume | Place call on hold, then resume | Audio returns successfully |
Call Transfer | Transfer an active call | Transfer completes, parties can communicate |
🚨 Quick Troubleshooting
Issue | Most Likely Cause | Solution |
|---|---|---|
One-way audio | SIP Transformations enabled | Re-check Section 2.1 |
No incoming calls | Missing whitelist rule | Verify Rule exists and is active (Section 3) |
Calls drop after ~30 seconds | UDP timeout too low | Confirm UDP timeout = |
Phones re-registering constantly | SIP-ALG interfering | Run SIP-ALG test; re-check Section 2.1 |
🛠️ Official Sonicwall Tutorials
For visual guidance on configuring your Sonicwall firewall, visit the official Sonicwall Video Tutorials page:
đź”— Sonicwall Tutorials