VOIP SETUP (Ring Central) on TZ500

Felipe

Having issues with configuring the NAT policies for our new Ring Central VOIP system (Previously on Mitel). Has anyone had any experience with this type of setup that can shed some light on what I might be doing wrong? Everytime create the NAT policy I take down some users internet. Any help is appreciated.

TKWITS

You haven't shown us anything or provided enough information for us to help.

Felipe

Sorry for some reason the images failed to come over.

Felipe

This is my complete setup so far. Unfortunately i have little knowledge on NAT Policies to set up the inbound and outbound connection and yes i am a newbie. Hope this helps

2. Access the VoIP Settings

1. Go to VoIP > Settings.

2. Put a check on Enable Consistent NAT.  

3. Disable/uncheck Sip Transformations. This will disable SIP ALG.

4. Click Accept to save the settings.

3. Access the Firewall Settings 

1. Go to Firewall Settings > BWM.

2. Under Bandwidth Managment Type, select Global.

3. Under Priority, disable EVERY category, except Medium. 

Set Medium values to:

Guaranteed : 30%

Maximum / Burst: 50%

Enable Realtime and set values to:

Guaranteed : 70%

Maximum / Burst: 100%

4. Click Accept to save the settings.

4. Access the Network Settings

1. Go to Network > Interfaces > X1 (WAN)

2. Under the General tab, click the Configure icon (on far right).

3. Go to Advance > Link Speed, and then set to Auto Negotiate (UNLESS there's a need to set it to something specific).

4. Under Bandwidth Management set the following:

• Check the tickbox next to Enable Egress, and set Interface Egress Bandwidth to match the available bandwidth.

• Check the tickbox next to Enable Ingress, and set Interface Ingress Bandwidth to match the available bandwidth.

5. Click OK to save the settings.

6. Under Network on the left side of the page, go to Address Objects.

7. Click Add under Address Objects.

Name: RCFullRange1

Zone Assignment: WAN

Type: Network

Network: 199.255.120.0

Netmask: 255.255.252.0

Click Add

Name: RCFullRange2

Zone Assignment: WAN

Type: Network

Network: 199.68.212.0

Netmask: 255.255.252.0

Click Add

Name: RCFullRange3

Zone Assignment: WAN

Type: Network

Network: 104.245.56.0

Netmask: 255.255.248.0

Click Add 

Name: RCFullRange4

Zone Assignment: WAN

Type: Network

Network: 185.23.248.0

Netmask: 255.255.252.0

Click Add

Name: RCFullRange5

Zone Assignment: WAN

Type: Network

Network: 103.44.68.0

Netmask: 255.255.252.0

Click Add

Name: RCFullRange6

Zone Assignment: WAN

Type: Network

Network: 208.87.40.0

Netmask: 255.255.252.0

Click Add

Name: RCFullRange7

Zone Assignment: WAN

Type: Network

Network: 192.209.24.0

Netmask: 255.255.248.0

Click Add 

Name: RCFullRange8

Zone Assignment: WAN

Type: Network

Network: 80.81.128.0

Netmask: 255.255.240.0

Click Add

8. Click Add Group. Name the group RCFullRNGGp and then add RCFullRange1, RCFullRange2, RCFullRange3, RCFullRange4, RCFullRange5, RCFullRange6, RCFullRange7 and RCFullRange8 to the Group. Use the arrows in the box to move the highlighted information from left to right, then click OK. 

9. Still under Network on the left side of the page, go to Services.

10. Click Add under Services, and then add the following:

Name: RC1

Protocol: UDP

Port Range: 1000-65535

Sub type: none

Click Add

Name: RC2

Protocol: TCP

Port Range: 5060-6000

Sub type: none

Click Add

Name: RC3

Protocol: TCP

Port Range: 80-80

Sub type: none

Click Add

Name: RC4

Protocol: TCP

Port Range: 443-443

Sub type: none

Click Add

Name: RC5

Protocol: UDP

Port Range: 123-123

Sub type: none

Click Add

 

11. Still on Services under Service Groups, click Add Group, to add the services to a group. Name the group RingCentral, and then highlight RC1 through RC5. Use the arrows in the box to move the highlighted information from left to right. Click OK.

 

5. Access Rules 

1. On the left side of the page, go to Firewall > Access Rules.

2. Click Add to add the rule for LAN-to-WAN and WAN-to-LAN.

WAN > LAN

LAN > WAN

• General tab

• General tab

Action: Allow

From Zone: WAN

To Zone: LAN

Service: RingCentral 

Source: RCFullRNGGrp

Destination: Any

Users Allowed: All

Schedule: Always on

Check Enable Logging

Check Allow Fragmented Packets

Click Add

 

Action: Allow

From Zone: LAN

To Zone: WAN

Service: RingCentral

Source: Any

Destination: RCFullRNGGrp

Users Allowed: All

Schedule: Always on

Check Enable Logging

Check Allow Fragmented Packets

Click Add

 

3. Click the edit button 

 on both the LAN-to-WAN and WAN-to-LAN settings for RCFullRNGGrp, and go to the Ethernet BWM tab.

Ethernet Bandwidth Management

• Check the box next to Enable Outbound Bandwidth Management, and set the Bandwidth Priority to Realtime. 

• Check the box next to Enable Inbound Bandwidth Management, and set the Bandwidth Priority to Realtime.

4. Go to the QoS tab.

DSCP Marking Settings

• DSCP Marking Action: Explicit

• Explicit DSCP Value: 46 - Expedited Forwarding (EF)

5. Click OK to save

I

TKWITS

You still havent shown us the problem NAT policy...