Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Getting a Sonicwall To Stop Port Remapping Guidance needed

I'm pulling hairs out over sonicwall still remapping sip ports on our devices. I'll list out my steps so far, but if anyone has a successful guide to preventing ports from being remapped by this device on UDP please share your steps or review my own for missing ones.

SONICWALL

1)In Network-VOIP

-Checked off every single setting, ensuring that only sip transformations are enabled in this VOIP section of Firewall. 


2)In Network-DHCP Server Settings-Lease Scopes

selected Add static

set IP desired under IP address, set MAC under ethernet address, left lease time at 1440, set gateway & subnet from CMD-ipconfig/all found data.

3) Network-services

Added services: named R!ATAFaxUDP

5060-5080 UDP ports 


4) -Network-NAT Policy/Rules (2 entries)

Named: No SIP Port Remap WAN-To-LAN & No SIP Port Remap LAN-To-WAN

Source LAN Destination WAN for Service R!ATAFaxUDP

Source WAN Destination LAN for Service R!ATAFaxUDP

Under Advanced for both of these, unchecked 'source port remap'.

Rebooted devices, issues persist. 😓

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    What firmware are you running? Generally, using SIP Transformations on a Sonicwall is NOT recommended. Using Consistent NAT on the VoIP page is though.

    Have you gone through the articles?


    Have you contacted your ISP to ensure they don't have SIP ALG turned on on their equipment. Make sure your SIP endpoint is aware of the NAT in play.

  • bobbob Newbie ✭

    I was mistaken on that point, 'Consistent NAT' is the only setting that's enabled, not SIP transformations, excuse the error.

    Regarding the SIP endpoint, it has a field dedicated to the SIP port, and every time a port is selected, the Sonicwall remaps it. The process was repeated half a dozen times. What sort of settings make an endpoint aware of 'nat in play'? SIP devices often have a NAT section, but this is often a 'manual NAT' (a tool to configures the IP address to be advertised in SIP signaling/invites on the network) or one of many protocols like ICE, STUN, or TURN to better register a device, not particularly keep a SIP Port.

    I'm going through the articles now and will follow up but please advise on what you mean..

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    "What sort of settings make an endpoint aware of 'nat in play'?"

    Typically a PBX or phone will have a setting to tell it if it is behind a NAT device and what the external public IP of the NAT is.

    Is the endpoint on the latest firmware? What is the endpoint?

  • bobbob Newbie ✭

    Article breakdowns:

    -How to troubleshoot common VoIP issues? This addresses audio issues and quality issues. Nothing about port remapping.

    -Basic information for successful troubleshooting of Voice over IP issues. This is a list of info to provide to no one in particular. The basics of forum posts are to share your own attempts and insight, and provide more information on request. If no one has requested all this extra information, it'll only make my post seem more cumbersome to deal with won't it?

    -VoIP: Poor quality or calls getting dropped - This addresses quality and call drops. It provides some steps to move voip traffic away from some firewall/security options, but doesn't outright mention the port remapping steps/concerns. We'll perform these steps to see if it affects port remapping.

    -Trouble shooting a scenario where Source remap is causing the VOIP issues - This article is exactly what we need, it describes the issue perfectly, but it has already been followed. Ports are still being remapped by the Sonicwall. Identical devices using the same VOIP service don't see remaps when routed away from the Sonicwall.

    ---------------------------

    Regarding NAT, Endpoint is on the latest firmware, device is a Grandstream HT801 Fax ATA. It includes STUN options and a NAT yes/no option. I've attached a screenshot of all the nat settings available.


    What other requisites are required for this port remap concern? It comes up far too often in VOIP for there to be one

    barebones article and gishgallop article lists whenever it's asked about. The same device can pull accurate SIP ports when we rule out the sonicwall in the exact same network and cabling environment. What is the full list of settings/steps to avoid ource/port remaps?

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Can you send screenshots of your NAT rules or at least better descriptions? Are you allowing inbound SIP to this fax ATA?

  • bobbob Newbie ✭

    Thanks for the follow up, I'm gathering screenshots of the full NAT rule list and the firewall/network policies amount to:

    Zones: 'lan to wan any service for device IP of fax' this is repeated for sip port range 5060-5100

    Zones: 'wan to lan any service for device IP of fax' this is repeated for sip port range 5060-5100

    Updates to follow!

Sign In or Register to comment.