This guide will demonstrate how to prioritize VoIP packets on a Sonicwall router for ParagonVoIP. It is based on an 10x10 Internet connection with 10 concurrent calls using the G.711 codec (ie. approximately 90 Kbps downstream / upstream per call). Please adjust these variable as needed for your setup.


Accessing The Firewall’s Interface

1. Enter the firewall's IP address in the address bar of your web browser.

NOTE: To learn how to check your firewall's IP address, refer to your firewall's documentation or contact manufacturer for support.

2. Enter your firewall's username and password.


VoIP Settings

1. Go to VoIP > Settings.

2. Check Enable Consistent NAT, uncheck/disable everything else.

3. Click Accept to save the settings.


Firewall Settings

1. Go to Firewall Settings > BWM.

2. Under Bandwidth Management Type, select Global.

3. Under Priority, disable EVERY category, except Medium.

Set values to: 

Guaranteed: 50
Burst: 90
Enable Realtime and set values to:    Guaranteed: 50   Burst: 100%


4. Click Accept to save the settings


Network

1. Go to Network > Interfaces > X1 (WAN)

2. Click the Configure icon on far right.

3. Go to Advance > Link Speed, and then set to Auto Negotiate


> Bandwidth Management (at bottom)...  
• Check Enable Egress; set interface egress bandwidth to 10000.000000 (type in the upload speed in Kbps from your ISP)  
• Check Enable Ingress; set interface ingress bandwidth to 10000.000000 (type in the download speed in Kbps from your ISP).

 

4. Click OK to save the settings.


Firewall

1. Go to Firewall > Service Objects > Services

NOTE: There may be a need to scroll down, as there are two categories, Service Group and Services.

2. Click Add

 

Name : service_ports
Protocol : UDP
Port Range : 1000-65500
Subtype : none 
NOTE: This range covers all the possible ports in a typical office including SIP, RTP, and Soft Phones.

 

3. Click OK to save the settings

4. Go to Address Objects

NOTE: There may be a need to scroll down, as there are two categories, Address Objects and Address Groups.

5. Click Add:

Name : DAL_network
Zone Assignment : WAN
Type : Network
Network: 75.98.50.46
Netmask: 255.255.255.0


Name : NYC_network
Zone Assignment : WAN
Type : Network
Network: 70.42.44.15
Netmask: 255.255.255.0

6. Click Add to save and then click Close.

7. Go to Address Groups.

8. Click Add Group. Name : SKY_networks group

9. Select DAL_network and NYC_network to add address object to group.

10. Click OK to save.


Access Rules

1. Go to Firewall > Access Rules.

2. Click Add to add the rule for LAN > WAN

> in the General tab

Action : Allow
Service: Create New Service Group   
Name : service_ports   
Add the following port range to this group: service_ports
Source : Any Destination : SKY_networks group
Users Allowed : ALL
Schedule : Always on

 

> in the QoS tab

DSCP Marking Action : Explicit
Explicit DSCP Value : 46 - Expedited Forwarding (EF) > in the Ethernet BWM tab Enable both Inbound and Outbound Bandwidth Management; set both to 0 Realtime

 

3. Click Add to save and then click on Close

4. Click Add to add rule for WAN > LAN

> in 'General' Tab

Action :Allow
Service : service_ports
Source : networks group
Destination : Any
Users Allowed : ALL
Schedule : Always on

 

> in QoS tab

DSCP Marking Action : Explicit 
Explicit DSCP Value : 46 - Expedited Forwarding (EF)

 

> in the Ethernet BWM tab

Enable both Inbound and Outbound Bandwidth Management; set both to 0 Realtime

 

5. Click Add to save and then click Close