The SonicWALL SOHO router can be configured to open ports, prioritize voice traffic and set minimum bandwidth for the Apex VoIP service. Follow the instructions below to configure your SonicWALL firewall.


NOTE: Based on available ISP bandwidth of 10Mbps/10Mbps (download/upload); accounting for 10 concurrent calls, adjust your numbers accordingly.  1 call requires approx. 90Kbps download/upload. Using 100Kbps in sample below for ease of calculation.


1. Access the firewall interface

Step 1:

Enter the firewall's IP address in the address bar of your web browser.


NOTE:   To check your firewall's IP address, refer to your firewall's documentation or contact the manufacturer for support.


Step 2:

Enter the firewall's username and password.  Click OK.


NOTE:  The default username and password is admin.


2. VoIP Settings

Step 1:

Go to VoIP > Settings.


Step 2:

Check Enable Consistent NAT, uncheck/disable everything else.


Step 3:

Click  Accept to save the settings.


3. Firewall Settings

Step 1:

Go to Firewall Settings > BWM.


Step 2:

Under Bandwidth Management Type, select Global.


Step 3:

Under Priority, disable EVERY category, except Medium.


Set Medium values to:

Guaranteed : 30%

Maximum / Burst: 50%


Enable Realtime and set values to:

Guaranteed : 70%

Maximum / Burst: 100%


Step 4:

Click Accept to save the settings.


4. Network

Step 1:

Go to Network > Interfaces > X1 (WAN)


Step 2:

Under the General tab, click the Configure icon (on far right).


Step 3:

Go to Advance > Link Speed, and then set to Auto Negotiate (UNLESS there's a need to set it to something specific).


Step 4:

Under Bandwidth Management set the following:

  • Check the checkbox next to Enable Egress, and set Interface Egress Bandwidth to match the available bandwidth.
  • Check the checkbox next to Enable Ingress, and set Interface Ingress Bandwidth to match the available bandwidth.


Step 5:

Click OK to save the settings.


Step 6:

Under Network on the left side of the page, go to Address Objects.


Step 7:

Click Add under Address Objects.


Name: T2FullRange1

Zone Assignment: WAN

Type: Network

Network: 217.73.64.0

Netmask: 255.255.240.0

Click Add



Step 8:

Click Add Group. Name the group T2FullRanges and then add T2FullRange1 to the Group. Use the arrows in the box to move the highlighted information from left to right, then click OK.


Step 9:

Still under Network on the left side of the page, go to Services.


Step 10:

Click Add under Services, and then add the following:


Name: T2Service1

Protocol:  UDP

Port Range: 10000-20000

Sub type: none

Click Add


Name: T2Service2

Protocol:  TCP

Port Range: 5060-6000

Sub type: none

Click Add


Name: T2Service3

Protocol:  UDP

Port Range: 5060-6000

Sub type: none

Click Add


Name: T2Service4

Protocol:  TCP

Port Range: 25760-25760

Sub type: none

Click Add


Name: T2Service5

Protocol:  TCP

Port Range: 80-80

Sub type: none

Click Add


Name: T2Service6

Protocol:  TCP

Port Range: 443-443

Sub type: none

Click Add


Step 11:

Still on Services under Service Groups, click Add Group, to add the services to a group. Name the group T2Services, and then highlight T2Service1 through T2Service6. Use the arrows in the box to move the highlighted information from left to right. Click OK.


5. Access Rules

Step 1:

On the left side of the page, go to Firewall > Access Rules.


Step 2:

Click Add to add the rule for LAN-to-WAN and WAN-to-LAN.

WAN > LAN

General tab

Action: Allow

From Zone: WAN

To Zone: LAN

Service: T2Services

Source: T2FullRanges

Destination: Any

Users Allowed: All

Schedule: Always on

Check Enable Logging

Check Allow Fragmented Packets

Click Add

LAN > WAN

General tab

Action: Allow

From Zone: LAN

To Zone: WAN

Service: T2Services

Source: Any

Destination: T2FullRanges

Users Allowed: All

Schedule: Always on

Check Enable Logging

Check Allow Fragmented Packets

Click Add


Step 3:

Click the edit button User-added image on both the LAN-to-WAN and WAN-to-LAN settings for T2FullRanges, and go to the Ethernet BWM tab.


Ethernet Bandwidth Management

  • Check the box next to Enable Outbound Bandwidth Management, and set the Bandwidth Priority to Realtime.
  • Check the box next to Enable Inbound Bandwidth Management, and set the Bandwidth Priority to Realtime.


Step 4:

Go to the QoS tab.


DSCP Marking Settings

  • DSCP Marking Action: Explicit
  • Explicit DSCP Value: 46 - Expedited Forwarding (EF)


Step 5:

Click OK to save.