I have a 400 processor on 4.2 software and I am working with SIP Trunking. The IT guy at this site wants to put a firewall inbetween the IPO and the ITSP. Because of this the PBX will now have an internal IP and the firewall will now take the external IP and forward packets to the IPO. The IP office is 192.168.1.240 and the sonicwall firewall is 192.168.1.18. What do I need to change in Manager besides the LAN 1 tab obviously, I put in an IP route that lists the firewall as the gateway as well.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
SIP Trunking Firewall
- Thread starter Bibbyboy
- Start date
telecomtekperson
Vendor
If your ITSP uses STUN, you can set up a stun server. OR, set up a LAN2 port on the public side of the internet, and give it a static IP. I have mine set up the latter way...
- Thread starter
- #3
I think the IT guys is having problems with his sonicwall as he can see packets being dropped everytime I try to call in. Does Avaya have a firewall that they recommended or have any documentation on, as Manager clearly has an option under the LAN tab that acknowledges a firewall, surely Avaya has tested this and has some kind of list that works guaranteed.
IPOfficeIreland
Technical User
the option under lan is for the avaya built in firewall.
sonicwall is sip friendly so it's a matter of making sure it is on the latest firmware and opening 5060 (5061, 5070 UDP) to the internal. IP route will be whatever gateway gets to the internet, be it the firewall or other router.
That's the only port you should need open but on some strict routers (and not sip friendly) you need to also open and forward the rtp ports, defined in system tab.
When a call is sent in to the pbx you should see the packet arrive in Monitor/SIP Trace. If it being dropped at the firewall you won't see it here, otherwise you might have incorrect settings in manager/sip.
sonicwall is sip friendly so it's a matter of making sure it is on the latest firmware and opening 5060 (5061, 5070 UDP) to the internal. IP route will be whatever gateway gets to the internet, be it the firewall or other router.
That's the only port you should need open but on some strict routers (and not sip friendly) you need to also open and forward the rtp ports, defined in system tab.
When a call is sent in to the pbx you should see the packet arrive in Monitor/SIP Trace. If it being dropped at the firewall you won't see it here, otherwise you might have incorrect settings in manager/sip.
IPOfficeIreland
Technical User
some sip servers send calls in on those ports Bas
IPOfficeIreland
Technical User
5061 for example is used for TLS SIP Invites (Secure)
Bibbyboy,
I've put IPO's behind a Sonicwall and it's hit or miss, more miss with 406v2 and more hit with 500 (cannot explain, but it's a fact).
The basics on the Sonicwall are:
ENABLE SIP Transformations
DISABLE H323 Transformations
Do not manually open any ports
And on the IPO:
Put 0.0.0.0 for STUN Server and 0 for STUN Port
Choose "OPEN INTERNET" for Firewall Type
Put 0.0.0.0 for Public IP
Put 5060 for Port
I will assume you have the correct IP Route statement built on the IPO.
Reboot the IPO and the Sonicwall.
Beyond the above, you will need to tell us more about your Sonicwall and ITSP:
1. Model, Firmware Version, and Standard or enhanced OS on Sonicwall?
2. Are you doing SIP Reg with your ITSP, or Static IP Route?
I've put IPO's behind a Sonicwall and it's hit or miss, more miss with 406v2 and more hit with 500 (cannot explain, but it's a fact).
The basics on the Sonicwall are:
ENABLE SIP Transformations
DISABLE H323 Transformations
Do not manually open any ports
And on the IPO:
Put 0.0.0.0 for STUN Server and 0 for STUN Port
Choose "OPEN INTERNET" for Firewall Type
Put 0.0.0.0 for Public IP
Put 5060 for Port
I will assume you have the correct IP Route statement built on the IPO.
Reboot the IPO and the Sonicwall.
Beyond the above, you will need to tell us more about your Sonicwall and ITSP:
1. Model, Firmware Version, and Standard or enhanced OS on Sonicwall?
2. Are you doing SIP Reg with your ITSP, or Static IP Route?
IPOfficeIreland
Technical User
Put 0.0.0.0 for Public IP"
This will cause issues nat issues, you must have your public address in here.
This will cause issues nat issues, you must have your public address in here.
- Status
Similar threads
