Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

VOIP SETUP (Ring Central) on TZ500

Having issues with configuring the NAT policies for our new Ring Central VOIP system (Previously on Mitel). Has anyone had any experience with this type of setup that can shed some light on what I might be doing wrong? Everytime create the NAT policy I take down some users internet. Any help is appreciated.

Category: Firewall Management and Analytics
Reply

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    You haven't shown us anything or provided enough information for us to help.

  • FelipeFelipe Newbie ✭

    Sorry for some reason the images failed to come over.

  • FelipeFelipe Newbie ✭
    edited October 4

    This is my complete setup so far. Unfortunately i have little knowledge on NAT Policies to set up the inbound and outbound connection and yes i am a newbie. Hope this helps

    2. Access the VoIP Settings


    1. Go to VoIP > Settings.

    2. Put a check on Enable Consistent NAT.  

    3. Disable/uncheck Sip Transformations. This will disable SIP ALG.

    4. Click Accept to save the settings.

    3. Access the Firewall Settings 


    1. Go to Firewall Settings > BWM.

    2. Under Bandwidth Managment Type, select Global.

    3. Under Priority, disable EVERY category, except Medium

    Set Medium values to:

    Guaranteed : 30%

    Maximum / Burst: 50%

    Enable Realtime and set values to:

    Guaranteed : 70%

    Maximum / Burst: 100%

    4. Click Accept to save the settings.

    4. Access the Network Settings


    1. Go to Network > Interfaces > X1 (WAN)


    2. Under the General tab, click the Configure icon (on far right).


    3. Go to Advance > Link Speed, and then set to Auto Negotiate (UNLESS there's a need to set it to something specific).


    4. Under Bandwidth Management set the following:

    • Check the tickbox next to Enable Egress, and set Interface Egress Bandwidth to match the available bandwidth.

    • Check the tickbox next to Enable Ingress, and set Interface Ingress Bandwidth to match the available bandwidth.


    5. Click OK to save the settings.


    6. Under Network on the left side of the page, go to Address Objects.


    7. Click Add under Address Objects.

    Name: RCFullRange1

    Zone Assignment: WAN

    Type: Network

    Network: 199.255.120.0

    Netmask: 255.255.252.0

    Click Add

    Name: RCFullRange2

    Zone Assignment: WAN

    Type: Network

    Network: 199.68.212.0

    Netmask: 255.255.252.0

    Click Add

    Name: RCFullRange3

    Zone Assignment: WAN

    Type: Network

    Network: 104.245.56.0

    Netmask: 255.255.248.0

    Click Add 

    Name: RCFullRange4

    Zone Assignment: WAN

    Type: Network

    Network: 185.23.248.0

    Netmask: 255.255.252.0

    Click Add

    Name: RCFullRange5

    Zone Assignment: WAN

    Type: Network

    Network: 103.44.68.0

    Netmask: 255.255.252.0

    Click Add

    Name: RCFullRange6

    Zone Assignment: WAN

    Type: Network

    Network: 208.87.40.0

    Netmask: 255.255.252.0

    Click Add

    Name: RCFullRange7

    Zone Assignment: WAN

    Type: Network

    Network: 192.209.24.0

    Netmask: 255.255.248.0

    Click Add 


    Name: RCFullRange8

    Zone Assignment: WAN

    Type: Network

    Network: 80.81.128.0

    Netmask: 255.255.240.0

    Click Add


    8. Click Add Group. Name the group RCFullRNGGp and then add RCFullRange1RCFullRange2, RCFullRange3, RCFullRange4RCFullRange5, RCFullRange6, RCFullRange7 and RCFullRange8 to the Group. Use the arrows in the box to move the highlighted information from left to right, then click OK


    9. Still under Network on the left side of the page, go to Services.


    10. Click Add under Services, and then add the following:

    Name: RC1

    Protocol: UDP

    Port Range: 1000-65535

    Sub type: none

    Click Add

    Name: RC2

    Protocol: TCP

    Port Range: 5060-6000

    Sub type: none

    Click Add

    Name: RC3

    Protocol: TCP

    Port Range: 80-80

    Sub type: none

    Click Add

    Name: RC4

    Protocol: TCP

    Port Range: 443-443

    Sub type: none

    Click Add

    Name: RC5

    Protocol: UDP

    Port Range: 123-123

    Sub type: none

    Click Add

     

    11. Still on Services under Service Groups, click Add Group, to add the services to a groupName the group RingCentral, and then highlight RC1 through RC5. Use the arrows in the box to move the highlighted information from left to right. Click OK.

     

    5. Access Rules 


    1. On the left side of the page, go to Firewall > Access Rules.


    2. Click Add to add the rule for LAN-to-WAN and WAN-to-LAN.

    WAN > LAN

    LAN > WAN

    • General tab

    • General tab


    Action: Allow

    From Zone: WAN

    To Zone: LAN

    Service: RingCentral 

    Source: RCFullRNGGrp

    Destination: Any

    Users Allowed: All

    Schedule: Always on

    Check Enable Logging

    Check Allow Fragmented Packets

    Click Add

     


    Action: Allow

    From Zone: LAN

    To Zone: WAN

    Service: RingCentral

    Source: Any

    Destination: RCFullRNGGrp

    Users Allowed: All

    Schedule: Always on

    Check Enable Logging

    Check Allow Fragmented Packets

    Click Add

     


    3. Click the edit button 

     on both the LAN-to-WAN and WAN-to-LAN settings for RCFullRNGGrp, and go to the Ethernet BWM tab.

    Ethernet Bandwidth Management

    Check the box next to Enable Outbound Bandwidth Management, and set the Bandwidth Priority to Realtime. 

    • Check the box next to Enable Inbound Bandwidth Management, and set the Bandwidth Priority to Realtime.


    4. Go to the QoS tab.

    DSCP Marking Settings

    • DSCP Marking Action: Explicit

    • Explicit DSCP Value: 46 - Expedited Forwarding (EF)


    5. Click OK to save

    I

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    You still havent shown us the problem NAT policy...

Sign In or Register to comment.