The SonicWALL SOHO router can be configured to open ports, prioritize voice traffic and set minimum bandwidth for the Apex VoIP service. Follow the instructions below to configure your SonicWALL firewall.
NOTE: Based on available ISP bandwidth of 10Mbps/10Mbps (download/upload); accounting for 10 concurrent calls, adjust your numbers accordingly. 1 call requires approx. 90Kbps download/upload. Using 100Kbps in sample below for ease of calculation.
1. Access the firewall interface
Step 1:
Enter the firewall's IP address in the address bar of your web browser.
NOTE: To check your firewall's IP address, refer to your firewall's documentation or contact the manufacturer for support.
Step 2:
Enter the firewall's username and password. Click OK.
NOTE: The default username and password is admin.
2. VoIP Settings
Step 1:
Go to VoIP > Settings.
Step 2:
Check Enable Consistent NAT, uncheck/disable everything else.
Step 3:
Click Accept to save the settings.
3. Firewall Settings
Step 1:
Go to Firewall Settings > BWM.
Step 2:
Under Bandwidth Management Type, select Global.
Step 3:
Under Priority, disable EVERY category, except Medium.
Set Medium values to:
Guaranteed : 30%
Maximum / Burst: 50%
Enable Realtime and set values to:
Guaranteed : 70%
Maximum / Burst: 100%
Step 4:
Click Accept to save the settings.
4. Network
Step 1:
Go to Network > Interfaces > X1 (WAN)
Step 2:
Under the General tab, click the Configure icon (on far right).
Step 3:
Go to Advance > Link Speed, and then set to Auto Negotiate (UNLESS there's a need to set it to something specific).
Step 4:
Under Bandwidth Management set the following:
- Check the checkbox next to Enable Egress, and set Interface Egress Bandwidth to match the available bandwidth.
- Check the checkbox next to Enable Ingress, and set Interface Ingress Bandwidth to match the available bandwidth.
Step 5:
Click OK to save the settings.
Step 6:
Under Network on the left side of the page, go to Address Objects.
Step 7:
Click Add under Address Objects.
Name: T2FullRange1
Zone Assignment: WAN
Type: Network
Network: 217.73.64.0
Netmask: 255.255.240.0
Click Add
Step 8:
Click Add Group. Name the group T2FullRanges and then add T2FullRange1 to the Group. Use the arrows in the box to move the highlighted information from left to right, then click OK.
Step 9:
Still under Network on the left side of the page, go to Services.
Step 10:
Click Add under Services, and then add the following:
Name: T2Service1
Protocol: UDP
Port Range: 10000-20000
Sub type: none
Click Add
Name: T2Service2
Protocol: TCP
Port Range: 5060-6000
Sub type: none
Click Add
Name: T2Service3
Protocol: UDP
Port Range: 5060-6000
Sub type: none
Click Add
Name: T2Service4
Protocol: TCP
Port Range: 25760-25760
Sub type: none
Click Add
Name: T2Service5
Protocol: TCP
Port Range: 80-80
Sub type: none
Click Add
Name: T2Service6
Protocol: TCP
Port Range: 443-443
Sub type: none
Click Add
Step 11:
Still on Services under Service Groups, click Add Group, to add the services to a group. Name the group T2Services, and then highlight T2Service1 through T2Service6. Use the arrows in the box to move the highlighted information from left to right. Click OK.
5. Access Rules
Step 1:
On the left side of the page, go to Firewall > Access Rules.
Step 2:
Click Add to add the rule for LAN-to-WAN and WAN-to-LAN.
WAN > LAN
General tab
Action: Allow
From Zone: WAN
To Zone: LAN
Service: T2Services
Source: T2FullRanges
Destination: Any
Users Allowed: All
Schedule: Always on
Check Enable Logging
Check Allow Fragmented Packets
Click Add
LAN > WAN
General tab
Action: Allow
From Zone: LAN
To Zone: WAN
Service: T2Services
Source: Any
Destination: T2FullRanges
Users Allowed: All
Schedule: Always on
Check Enable Logging
Check Allow Fragmented Packets
Click Add
Step 3:
Click the edit button User-added image on both the LAN-to-WAN and WAN-to-LAN settings for T2FullRanges, and go to the Ethernet BWM tab.
Ethernet Bandwidth Management
- Check the box next to Enable Outbound Bandwidth Management, and set the Bandwidth Priority to Realtime.
- Check the box next to Enable Inbound Bandwidth Management, and set the Bandwidth Priority to Realtime.
Step 4:
Go to the QoS tab.
DSCP Marking Settings
- DSCP Marking Action: Explicit
- Explicit DSCP Value: 46 - Expedited Forwarding (EF)
Step 5:
Click OK to save.