Sonicwall Hell

Discussion in '3CX Phone System - General' started by jonathanjohnsn, Aug 4, 2011.

Thread Status:
Not open for further replies.
  1. jonathanjohnsn

    Joined:
    Jul 3, 2010
    Messages:
    23
    Likes Received:
    0
    Has anyone ever successfully got a Sonicwall TZ-170 working with SIP Trunks?

    The incoming voice is working fine. However, the outgoing voice skips very bad.

    Here is what I have in place:
    Firewall Rules:

    WAN>LAN
    # Priority Source Destination Service Action Users
    1 1 Any Any 3CX::ALL_SERVICES Allow All
    2 2 Any Any Any Deny All

    LAN>WAN
    # Priority Source Destination Service Action Users
    1 1 Any Any 3CX::ALL_SERVICES Allow All
    2 2 Any Any Any Allow All

    NAT Policies: ( I only have one rule created)
    Original Source: Any
    Translated Source: Original
    Original Destination: Any
    Translated Destination: 3CX:pBX
    Original Service: 3CX: ALL SERVICES (Contains 5060BOTH,5090BOTH, 9000-9014UDP, 10000-10049UDP)
    Translated Service: Original
    Inbound Interface: X1 (WAN/Internet)
    Outbound Interface: Any

    I have Consistent NAT enabled, and everything else unchecked. Also under firewall options I have all of those dynamic options unchecked.

    Any ideas?

    Thx in advance,
    Jonathan
     
  2. KerryG

    KerryG Active Member

    Joined:
    Jun 19, 2009
    Messages:
    960
    Likes Received:
    0
    Personally I love the irony that sonic, meaning sound, is hard to get working on a sonicwall. Try changing the SIP ALG setting and see if that helps.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. jonathanjohnsn

    Joined:
    Jul 3, 2010
    Messages:
    23
    Likes Received:
    0
    Thanks for your reply.

    I will try that again. It seems like when I checked that, the call wouldn't even go through after that. I will try again though.

    Also, just for the record, do you have a recommendation for an easy router to configure that is proven to work with your experience? I may order one after I smash this sonicwall.

    Thx again,
    Jonathan
     
  4. willow

    willow Member

    Joined:
    Mar 1, 2011
    Messages:
    471
    Likes Received:
    0
    I have gotten quite a few sonicwalls to work. It is best to use the wizard to turn on the forwarding. leaving the SIP alg off is the best practice. If the voice is bad then it may be a bandwidth issue or qos on the data network side. As far as a beter router, I have had good luck with netgears, cisco/linksys, and adtran.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    Is these range of ports correct? By default the 3CX expects ports 9000 - 9049 for RTP.

    Regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. jonathanjohnsn

    Joined:
    Jul 3, 2010
    Messages:
    23
    Likes Received:
    0
    I am not sure why I put 9000-9014, but I do have the correct ports, 9000-9049. It seems like if I reset it to factory defaults, and forward the ports again, it works for a few days, and then it starts getting bad again, even with BWM, etc configured. I think the sonicwall just sucks at voice.
     
  7. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    In all cases it is not easy. I gave up and got rid of Sonicwall and replace it with Mikrotik RB450G, which is behaving marvelously. Already have over 15 installations with Mikrotik, 3CX and other IP PBXs and haven't experienced a single firewall / NAT issue.

    Regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. jonathanjohnsn

    Joined:
    Jul 3, 2010
    Messages:
    23
    Likes Received:
    0
    Hi Orlin,
    Thanks for your response. I just ordered a MicroTik. You cannot beat the price. Is there anything specific you need to do to get the MicroTik working?

    Thx in advance,
    Jonathan
     
  9. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    Hi Jonathan,

    No, but I will share you a 'recommended' configuration. Which model you bought?

    Regards,
    Orlin.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. jonathanjohnsn

    Joined:
    Jul 3, 2010
    Messages:
    23
    Likes Received:
    0
    I bought the AR7240 with Level 4 Software.
     
  11. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    Hi,

    This is the built-in switch model, not the router.
    I suppose you bought either a RB-750, RB-750G or RB-750GL.

    Regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. jonathanjohnsn

    Joined:
    Jul 3, 2010
    Messages:
    23
    Likes Received:
    0
    It is the RB/750...
    https://www.streakwave.com/ItemDesc.asp?ic=RB%2F750
     
  13. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    Fine,

    the RB-750G / 750GL implement Gigabit ports, but nevertheless you will not benefit from them, unless the CPU of RB-750G is faster (680 MHz).

    By default you connect your WAN to port 1 and expect to receive an IP address from your ISP by DHCP.
    Ports 2-5 are configured as a LAN switch with address 192.168.88.1 and working as DHCP server.
    There is a basic firewall and NAT implemented.
    You may log into the router at: http://192.168.88.1 with username: admin and blank password.

    Before that I recommend downloading a Windows Management Console from: http://www.mikrotik.com/download/winbox.exe

    What I need to know what is your public address (if static) or whether a PPPoE or other type of connection needed to your ISP?
    If you are going to share sensitive information please send me a private message, otherwise this configuration may be useful for other users (3CX server behind a Mikrotik router).

    Second I need to know what is your local network (e.g. 192.168.1.0/24, etc.?) and what is the local address of your 3CX server?

    Regards,
    Orlin
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. jonathanjohnsn

    Joined:
    Jul 3, 2010
    Messages:
    23
    Likes Received:
    0
    Thanks again. I have a T1 Bonded Loop(T1x2), so I have a static IP. I run windows DHCP, so I will disable the DHCP server.

    My default gateway/router is 192.168.0.1/255.255.255.0
    My 3CX Server is 192.168.0.102. It is also a windows domain controller. I thought about putting 3CX on its own box, but I haven't had any problems as the server is a eight core dell poweredge with 8gb ram, so its never taxed. What is your experience with running 3CX with other applications on the same box; should I continue like it is, or give it its own box?

    Thx, Jonathan
     
  15. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    OK,

    this means that the Mikrotik will have an internal address 192.168.0.1 (replacing your default router), yes?

    You need to change the address of your internal LAN switch in Mikrotik (MT) and to disable DHCP.
    To do this you have to log into the MT via Winbox (as this is another network, you must click on ... next to address entry field, and having discovered the MT, click on his MAC address, not on IP.
    Go to IP | Addresses and change the address of LAN from 192.168.88.1/24 to 192.168.0.1/24.
    Define also a static address for your WAN port (Ether1); tip - you should not specify network and broadcast if you enter the address like A.B.C.D/M where M is the mask, i.e. 24 bit, etc.
    Go to IP | DHCP server and delete the settings.
    Go to IP | Routes and create an entry like 0.0.0.0/0 your_ISP_gateway_address Ether1
    Go to IP | Firewall | Filter rules and create rules accepting TCP requests to port 5090 and UDP requests to ports 5060, 5090, 9000-9049
    Go to IP | Firewall | NAT and create destination rules for TCP port 5090 from address A.B.C.D to 192.168.0.102 and UDP ports 5060, 5090, 9000-9049 from A.B.C.D to 192.168.0.102
    That's all. Perform firewall checker on 3CX server. Everything should work.

    If you like I could create a configuration file for you to upload directly into your router.

    --

    It is OK to operate your 3CX server on your Windows server (it is powerful enough).

    Regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.