Here is the setup: 1. Private cloud Debian 3CX deployment behind a SonicWALL with the latest 6.5 firmware 2. Static Public IP address forwarding ports UDP/TCP 5060, TCP 5061, UDP/TCP 5090, UDP 9000, TCP 5001 to private LAN IP 3. Outbound NAT policy with Disable Source Port Remap checked 4. Yealink T22 & T21P E2 phones upgraded to the required firmware 5. SIP transformations, static NAT unchecked and all security services disabled on the SonicWALL 6. Wildcard SSL cert installed - Setting up a site-to-site VPN between the private cloud and office and configuring the phones as Local LAN works. - Removing the VPN and using SBC internally and pointing to the private cloud also works. - as reported by many others, virtually every firewall checker test fails except no SIP-ALG detected The issue is STUN. The phones will provision & register but cannot make calls. No ringing. Eventually goes to VM but no sound and you can only tell because of the display. I tried changing the Local SIP port on the phones to be different - 5065, 5066, etc., as well as allowed a greater range on the RTP port for each phone 14000 - 14019, 14020 - 14039, etc. Even the provisioning of the Yealinks is a pain as the STUN URL is HTTPS and the only way to get the Yealinks to provision is to get on the phone and disable 'Only Accept Trusted Certificates'. For Local LAN the URL is HTTP and there is no issue. So, does anyone have v15.5 behind a SonicWALL 6.5 using STUN operating? I may swap out the SonicWALL for a new Fortinet to see if it acts any different but the preference is to use the SonicWALL.