SonicWall....

Discussion in '3CX Phone System - General' started by JavierT, Nov 21, 2011.

Thread Status:
Not open for further replies.
  1. JavierT

    Joined:
    Nov 15, 2011
    Messages:
    7
    Likes Received:
    0
    Going through the 3CX certification training course and found it interesting that SonicWall was grouped in with ISA server as "doesn't play nice with VOIP..."

    We have quite a few Sonicwall TZ210's deployed and were wondering what kind of issues folks were running into...

    We do like the tunnel feature remote users, but for some instances we plan to connect remote offices via VPN, we have this established now on our office setup and the VPN solution is working great.

    Thoughts on Sonicwalls?
     
  2. pat

    pat

    Joined:
    Feb 12, 2008
    Messages:
    34
    Likes Received:
    0
    Hi

    TZ170 enh.:

    -no problem with tunnel's
    -no problem with 1 ext voip client, 2. client's doesn't work. (for me)

    pat
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. talward

    Joined:
    Nov 21, 2011
    Messages:
    2
    Likes Received:
    0
    Well, I can say that setting this up initially was a headache. But its works great at our site under a NSA 240.. (Using the Enhanced Firmware version)

    I'm running under VLAN's on the sonicwall, which made my setup a little more complicated but you'll have to route VOIP traffic directly to the PBX server. I also auto provisioned my phones through the DHCP server scopes of the Sonicwall.

    Things to make note of:

    - Make sure you create a Address Object of your PBX Server

    Next

    - Make Service Objects of all the ports used for 3CX - to cover all bases (http://www.3cx.com/forums/the-portforwarding-faq-hope-this-gets-a-sticky-1697.html)
    - Then make it into a Service group.

    Next

    - Most important are the NAT policies and Firewall rules. Once you allow the traffic you need to route it appropriately; in this case it's the PBX server.
    In your Firewall Access Rules you need to have traffic from the WAN zone allowed to your LAN zone (or the zone you have the 3CX system, in my case a VLAN zone named 3CX). This is where you'll using the Service group you created and allow it to the zone. Make sure you have the "destination" (when you add the rule) as your "WAN interface" - This can be "WAN Interface" or "X1 IP". Once thats done you can move onto NAT polices.

    Next

    The NAT polices. Route the traffic correctly. You'll want to create a reflective policy after the first one is done.
    So start with your inbound policy:

    INBOUND:
    Original Source: Any
    Translated Source: Original
    Original Destination: X1 IP or WAN Interface
    Translated Destination: This is the Address Object of your PBX Server
    Original Source: This is the Service Group you created
    Translated Source: Original
    Inbound Interface: X1
    Outbound Interface: Any
    Comment: Anything you want but denote it's Inbound
    Check Enable NAT policy (of course)
    And Check Create a reflective policy

    OUTBOUND:
    The only thing you need to change on the reflective policy is the inbound interface to the interface of the 3CX server and the outbound Interface to X1 and the Comment to Outbound.

    IP HELPER:
    Another thing that helped is putting the UDP port "5060" under IP helper. This will help with relaying the port correctly.

    After that you need to goto the VOIP Settings of the sonicwall. I found that this is pretty much useless but I did keep Consistant NAT enabled. Everything else is disabled. SIP transformations might be something I'll try to get to work because it would be nice to see activity inside the sonicwall about VOIP traffic.

    My setup was actually on two Layer 2 switches so in order for my phones to register I had to hard code the ports used on the switch to the appropriate VLAN. After that I made a few adjustments to the 3CX software.

    3CX Software:

    On each extension I had to uncheck "Disallow use of extension outside the LAN" - Mostly likely because of my VLAN setup.
    Checked "Allow non-sequental RTP port" under General->Firewall
    -------------------------------------------

    And thats about it.. Everything is working aside of some customization I need to do to the phones but we're live. I even have my iphone 3CX app working correctly (even on 3g..)

    Hope this helps..!! :shock:

    -Tim
     
  4. mylove4life

    mylove4life New Member

    Joined:
    Jan 7, 2010
    Messages:
    165
    Likes Received:
    0
    I have a 2400 and it was easy to get running i thought. No trouble at all.
     
  5. AAConsult

    Joined:
    Aug 1, 2012
    Messages:
    2
    Likes Received:
    0
    Talward

    Thanks for the great post. I am having issues with my TZ 215 and the phones work and are able to make and recieve calls but the phone guy (I am in IT and try not to work with phone system too much) is saying that the 3CX server's firewall checker is still saying translation when performing the test.

    With your setup working properly, is your firewall checker passing all the tests? Or does it say it's translating? Please let me know.
    Ahmad
     
  6. jpillow

    jpillow Well-Known Member

    Joined:
    Jun 20, 2011
    Messages:
    1,342
    Likes Received:
    0
    I haves 3 clients with sonciwall, with the assistance of their it I'd they had it no issues using. If no active it I'd simply. All sonciwall/dell support. It's simple as forwarding a a few ports
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. AAConsult

    Joined:
    Aug 1, 2012
    Messages:
    2
    Likes Received:
    0
    jpillow

    So if you do a firewall test on the 3CX system does it pass everything or does it still show translation? This is the main issue I have now and the 3CX guy says we will have problems as log as we have translation on the firewall tester.....

    I said that sometime the test will issue false negatives (according the the article called "Working Sonicwall Configuration") but I think I would feel better if someone else is getting my same results.
    Ahmad
     
  8. jpillow

    jpillow Well-Known Member

    Joined:
    Jun 20, 2011
    Messages:
    1,342
    Likes Received:
    0
    I've not done a firewall test as once the tech enabled port forwarding on the needed ports all calls went through. Though I did have seen a few posts and an article in the blog that indicates issues with Sonic Wall I've experianced none. I will however attemtept a firewall check out of curiosity to see if any NAT issues are detected. Who is your ISP?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.