Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SIP Trunking Firewall

Status
Not open for further replies.

Bibbyboy

Programmer
Jan 26, 2009
70
US
I have a 400 processor on 4.2 software and I am working with SIP Trunking. The IT guy at this site wants to put a firewall inbetween the IPO and the ITSP. Because of this the PBX will now have an internal IP and the firewall will now take the external IP and forward packets to the IPO. The IP office is 192.168.1.240 and the sonicwall firewall is 192.168.1.18. What do I need to change in Manager besides the LAN 1 tab obviously, I put in an IP route that lists the firewall as the gateway as well.
 
I think the IT guys is having problems with his sonicwall as he can see packets being dropped everytime I try to call in. Does Avaya have a firewall that they recommended or have any documentation on, as Manager clearly has an option under the LAN tab that acknowledges a firewall, surely Avaya has tested this and has some kind of list that works guaranteed.
 
the option under lan is for the avaya built in firewall.

sonicwall is sip friendly so it's a matter of making sure it is on the latest firmware and opening 5060 (5061, 5070 UDP) to the internal. IP route will be whatever gateway gets to the internet, be it the firewall or other router.
That's the only port you should need open but on some strict routers (and not sip friendly) you need to also open and forward the rtp ports, defined in system tab.

When a call is sent in to the pbx you should see the packet arrive in Monitor/SIP Trace. If it being dropped at the firewall you won't see it here, otherwise you might have incorrect settings in manager/sip.
 
TheTaker, where do you need the 5061, 5070 UDP for?

Avaya_Red.gif

___________________________________________
It works! Now if only I could remember what I did...
___________________________________________
 
Bibbyboy,

I've put IPO's behind a Sonicwall and it's hit or miss, more miss with 406v2 and more hit with 500 (cannot explain, but it's a fact).

The basics on the Sonicwall are:

ENABLE SIP Transformations
DISABLE H323 Transformations
Do not manually open any ports

And on the IPO:

Put 0.0.0.0 for STUN Server and 0 for STUN Port
Choose "OPEN INTERNET" for Firewall Type
Put 0.0.0.0 for Public IP
Put 5060 for Port

I will assume you have the correct IP Route statement built on the IPO.

Reboot the IPO and the Sonicwall.

Beyond the above, you will need to tell us more about your Sonicwall and ITSP:

1. Model, Firmware Version, and Standard or enhanced OS on Sonicwall?

2. Are you doing SIP Reg with your ITSP, or Static IP Route?

 
Put 0.0.0.0 for Public IP"

This will cause issues nat issues, you must have your public address in here.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top