VOIP SIP Trunk Gen7 - best practice - novice needs help
I am trying to setup my TZ570 for a PBX and I honestly have never setup VOIP with a Sonciwall as before our Phones were still "old tech" and managed by our landlord. But now we need a new phone system and it is going to be VOIP as its the standard.
The PBX will sit behind the TZ570 on the "LAN side" and it is going to be a Mitel unit.
Will use a 30 channel SIP trunk.
What I have done so far:
Created a dedicated VOIP Zone without any security services on an extra port
Created VOIP Service Group (SIP UDP and TCP ports as well as RTP/media Ports)
created rule from LAN/VOIP to WAN for VOIP Service Group and added BWM and UDP timout to 180s
VOIP - SIP transformations in TZ570 are disabled
The SIP Trunk provider states:
if possible no ALG
STUN Server: no
so far so good :-) - here come my questions!
When I look at this guide:
I should also create:
an access rule WAN to VOIP - so basically portforwarding (Step 10)
create 3 NAT rules
enable "consitent NAT"
I have read a lot about VOIP/SIP and mostly port forwarding should not be used.
Also the SIP trunk provider explicitly writes "sip seession only need to be open from LAN to WAN" - why does SW say I should open WAN to LAN?
Do I need the NAT rules in gen7 or are standard ones and "consistent NAT" sufficient - this confuses me NAAT rules + consistent NAT
thx for any help here!