This guide will demonstrate how to prioritize VoIP packets on a Sonicwall router for ParagonVoIP. It is based on an 10x10 Internet connection with 10 concurrent calls using the G.711 codec (ie. approximately 90 Kbps downstream / upstream per call). Please adjust these variable as needed for your setup.
Accessing The Firewall’s Interface
1. Enter the firewall's IP address in the address bar of your web browser.
NOTE: To learn how to check your firewall's IP address, refer to your firewall's documentation or contact manufacturer for support.
2. Enter your firewall's username and password.
VoIP Settings
1. Go to VoIP > Settings.
2. Check Enable Consistent NAT, uncheck/disable everything else.
3. Click Accept to save the settings.
Firewall Settings
1. Go to Firewall Settings > BWM.
2. Under Bandwidth Management Type, select Global.
3. Under Priority, disable EVERY category, except Medium.
Set values to:
Guaranteed: 50% Burst: 90% Enable Realtime and set values to: Guaranteed: 50% Burst: 100%
|
4. Click Accept to save the settings
Network
1. Go to Network > Interfaces > X1 (WAN)
2. Click the Configure icon on far right.
3. Go to Advance > Link Speed, and then set to Auto Negotiate
> Bandwidth Management (at bottom)... • Check Enable Egress; set interface egress bandwidth to 10000.000000 (type in the upload speed in Kbps from your ISP) • Check Enable Ingress; set interface ingress bandwidth to 10000.000000 (type in the download speed in Kbps from your ISP).
|
4. Click OK to save the settings.
Firewall
1. Go to Firewall > Service Objects > Services
NOTE: There may be a need to scroll down, as there are two categories, Service Group and Services.
2. Click Add
Name : service_portsProtocol : UDPPort Range : 1000-65500Subtype : none NOTE: This range covers all the possible ports in a typical office including SIP, RTP, and Soft Phones.
|
3. Click OK to save the settings
4. Go to Address Objects
NOTE: There may be a need to scroll down, as there are two categories, Address Objects and Address Groups.
5. Click Add:
Name : DAL_network
Zone Assignment : WAN
Type : Network
Network: 75.98.50.46
Netmask: 255.255.255.0
Name : NYC_network
Zone Assignment : WAN
Type : Network
Network: 70.42.44.15
Netmask: 255.255.255.0
6. Click Add to save and then click Close.
7. Go to Address Groups.
8. Click Add Group. Name : SKY_networks group
9. Select DAL_network and NYC_network to add address object to group.
10. Click OK to save.
Access Rules
1. Go to Firewall > Access Rules.
2. Click Add to add the rule for LAN > WAN
> in the General tab
Action : AllowService: Create New Service Group Name : service_ports Add the following port range to this group: service_portsSource : Any Destination : SKY_networks groupUsers Allowed : ALLSchedule : Always on
|
> in the QoS tab
DSCP Marking Action : ExplicitExplicit DSCP Value : 46 - Expedited Forwarding (EF) > in the Ethernet BWM tab Enable both Inbound and Outbound Bandwidth Management; set both to 0 Realtime
|
3. Click Add to save and then click on Close
4. Click Add to add rule for WAN > LAN
> in 'General' Tab
Action :AllowService : service_portsSource : networks groupDestination : AnyUsers Allowed : ALLSchedule : Always on
|
> in QoS tab
DSCP Marking Action : Explicit Explicit DSCP Value : 46 - Expedited Forwarding (EF)
|
> in the Ethernet BWM tab
Enable both Inbound and Outbound Bandwidth Management; set both to 0 Realtime
5. Click Add to save and then click Close.