Optimizing Firewall configuration for VoIP and 3cx

Discussion in '3CX Phone System - General' started by zooeyhall, Feb 2, 2009.

Thread Status:
Not open for further replies.
  1. zooeyhall

    Joined:
    Apr 15, 2008
    Messages:
    42
    Likes Received:
    0
    We are using 3cx Small Business edition in two of our office locations. We are using SNOM phones.

    My company has 6 locations, and we would like to have 3cx in all locations.

    Our remote locations are connected to the main office via DSL site-to-site VPN tunnels. Each location's ISP provides an internet connection of 3 gb download 750 mb upload.

    We have some test phones deployed to test reliability and quality of VoIP over our VPN tunnels.

    Can anyone advise on what optimizations or other "best practices" I can make to our router configurations, to enhance the quality of conversations over our VPN tunnels between company sites?

    We are using a Sonicwall NSA2400 firewall/router with Enhanced OS.

    Calls outside the company are made through PSTN lines.

    I really appreciate advice. Thank you!
     
  2. zooeyhall

    Joined:
    Apr 15, 2008
    Messages:
    42
    Likes Received:
    0
    Surely 3cx is better then something free like Yahoo?!?

    Surprised that there hasn't been any replies to my post.

    We would like to buy 3cx for all of my company's locations, but site-to-site performance has been less then satisfactory.

    Now there is someone trying to convince the boss about how great Yahoo Instant Messenger voice calls are so good. And I have to admit that the voice quality beats what our 3cx system is doing.

    Surely 3cx can out perform something free like Yahoo when it comes to voice calls, can't it?
     
  3. discovery1

    discovery1 Member

    Joined:
    Aug 4, 2008
    Messages:
    355
    Likes Received:
    0
    Hi There

    You don't actually mention the up/down speed of your ADSL connections - it should be something like 24Mbps/1Mbps for an ADSL2+ connection.
    I also assume that you have Sonicwall firewalls at each office?

    You also need to see how much bandwidth is being used between the offices to see if it is already being fully utilised - if it is maxed out then VOIP calls will suffer due to congestion.

    This is from another post about Sonicwalls and 3CX

    Check the UDP timeout setting for SIP registrations to your VoIP provider and ensure that they are set to a higher number of seconds than your system needs to re-register. SonicWALL firewalls are very good at closing connections if they don't see any traffic after the default 30 seconds and this can catch you out by disconnecting your registrations until the next re-registration by the 3CX Server. (You get an engaged signal on inbound calls or it misses inbound calls altogether)

    Also, in the VoIP section select "Enable SIP transformations" - this allows the SonicWALL to understand your SIP calls and VoIP works significantly better with this switched on. Don't change any other settings in this screen.

    The "Enable SIP transformations" feature appeared possibly in a later version of the firmware so make sure you are not running an old one.

    FYI - when you run the firewall tests in 3CX, they will fail because the SonicWALL does seem to play around with the RTP port mappings however this does still allow calls to pass through reliably (the purpose of the SIP tranformations setting). We have seen this on 3CX as well as other VoIP systems.

    ...and of course, don't forget to setup your QoS settings on the firewall - you would need to define the actual amount of bandwidth that you have on the WAN interface first before then applying the bandwidth and priority rules on the firewall rules themselves.


    So to summarise - check that the Sonicwall is configured correctly with QOS settings and guaranteed bandwidth available for VOIP (work on 64kbps per G711 call). Also check that you have enough bandwidth between the offices for the amount of calls you want to use and that other protocols and services aren't taking all the available bandwidth already.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Pentangle

    Pentangle Member

    Joined:
    Dec 6, 2007
    Messages:
    261
    Likes Received:
    0
    Bottom line: 99% of the problems you will find with VoIP calls is related to QoS.

    I moved to Cisco 877s as a result, and have a vastly improved experience. The Sonicwall just doesn't cut it IMHO.

    Mike.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Henk

    Henk Member

    Joined:
    Nov 13, 2007
    Messages:
    250
    Likes Received:
    0
    You are on the money there Mike, also make sure that all the devices use the same QoS protocol type.

    H.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.