Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Whitelisting IPs

We have a Sonicwall TZ300. Recently VOIP phones where added to the network and are having issues. Their support suggested adding their IP the whitelist. I've seen some instructions on adding ips to the email whitelist, but I don't think that's the same. Any help is appreciated.

Category: Entry Level Firewalls
Reply

Answers

  • shiprasahu93shiprasahu93 Moderator

    @ReverendC,

    Welcome to SonicWall community. There are various security services on the firewall and whitelisting IPs can mean a lot of different things.

    First of all you would need to address objects for the IPs provided to you from the VoIP phones's support team and you can either exclude them from each security service, but the easier option would be disabling DPI (Deep packet inspection).

    Here is a KB on adding address objects and groups.

    So, you just need to add all the IPs into address objects, add them together to an address group and then create an access rule from zone LAN(assuming phones are on LAN zone, if not select that specific zone) to WAN under MANAGE | Rules | Access rules and select the source as the address group, destination as any, service as any and action as allow. On the advanced tab of that access rule, you can find the option to disable DPI.

    This KB article should show you the steps:

    Let me know if that helps.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • ReverendCReverendC Newbie ✭

    Thanks. I will try that. They also want me to set QoS for VOIP to prioritize it for network traffic. Is that doable on the TZ300?

  • NevyadithaNevyaditha Moderator
  • ReverendCReverendC Newbie ✭

    Is that KB article a general description for all Sonicwall routers. Looks a bit different from my GUI. Also, I notice a VoIP section in the settings. Is that what I should be looking at?

  • NevyadithaNevyaditha Moderator

    @ReverendC ,

    The Navigation steps listed in the KB article is for all SonicWall Firewalls with firmware SonicOS 6.5.X Series and above.

    Can you please let us know the current firmware on TZ300?

    The VOIP section on Firewall is for configuring settings related to VOIP protocol SIP and H.323. Can you please let us know what VOIP protocol are you using?

    Thanks

    Nevyaditha P

    Technical Support Advisor, Premier Services

  • PradipPradip SonicWall Employee
    edited June 16

    @ReverendC,

    Although all phone vendors will tell you to set QoS for VoIP traffic prioritization, here are a few things to consider first.

    • QoS is a change on the IP header and setting it on the firewall is adding this extra info in the header so that all the subsequent devices will see this and prioritize this traffic
    • If the phones are set to communicate over a private link like P2P or MPLS, setting QoS might be helpful. But, if this is just going to the internet, not all transit devices look into this field until set and might not help.

    I would suggest using BWM (Bandwidth management) in this scenario from my experience as that reserves bandwidth on the firewall for VoIP traffic and that automatically helps it get processed faster.

    Here is a KB article on the same.

    You can use this on the same access rule that was requested you to create on the first comment.

    Again, the navigation and screenshots are taken from a 6.5.x firmware and might look a little different to you.

    Since you were asking about VoIP settings, here is a quick overview of that feature.

    Thanks!!

  • HI All, I have a similar scenario. The difference is that, I have an outside Security Provider that requires access to our security cameras DVD's system. Byway of using DNS to connect for example: http://sw12.shopperworld.net:8080/

    They also asked me me to white list (3) ranges of IP addresses. I have already created both the address objects and groups. My question is how do I create the NAT for this scenario or are access rules a better option? I have created NAT before but, it was NAT from an on site server to the cloud. Is it the same? I new to this, Thanks in advance.

Sign In or Register to comment.