Whitelisting IPs
ReverendC
Newbie ✭
We have a Sonicwall TZ300. Recently VOIP phones where added to the network and are having issues. Their support suggested adding their IP the whitelist. I've seen some instructions on adding ips to the email whitelist, but I don't think that's the same. Any help is appreciated.
Category: Entry Level Firewalls
0
Answers
@ReverendC,
Welcome to SonicWall community. There are various security services on the firewall and whitelisting IPs can mean a lot of different things.
First of all you would need to address objects for the IPs provided to you from the VoIP phones's support team and you can either exclude them from each security service, but the easier option would be disabling DPI (Deep packet inspection).
Here is a KB on adding address objects and groups.
So, you just need to add all the IPs into address objects, add them together to an address group and then create an access rule from zone LAN(assuming phones are on LAN zone, if not select that specific zone) to WAN under MANAGE | Rules | Access rules and select the source as the address group, destination as any, service as any and action as allow. On the advanced tab of that access rule, you can find the option to disable DPI.
This KB article should show you the steps:
Let me know if that helps.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Thanks. I will try that. They also want me to set QoS for VOIP to prioritize it for network traffic. Is that doable on the TZ300?
Hi @ReverendC,
Yes, we can configure QoS on SonicWall, Please follow the KB
Hope this helps.
Thanks
Nevyaditha P
Technical Support Advisor, Premier Services
Is that KB article a general description for all Sonicwall routers. Looks a bit different from my GUI. Also, I notice a VoIP section in the settings. Is that what I should be looking at?
@ReverendC ,
The Navigation steps listed in the KB article is for all SonicWall Firewalls with firmware SonicOS 6.5.X Series and above.
Can you please let us know the current firmware on TZ300?
The VOIP section on Firewall is for configuring settings related to VOIP protocol SIP and H.323. Can you please let us know what VOIP protocol are you using?
Thanks
Nevyaditha P
Technical Support Advisor, Premier Services
@ReverendC,
Although all phone vendors will tell you to set QoS for VoIP traffic prioritization, here are a few things to consider first.
I would suggest using BWM (Bandwidth management) in this scenario from my experience as that reserves bandwidth on the firewall for VoIP traffic and that automatically helps it get processed faster.
Here is a KB article on the same.
You can use this on the same access rule that was requested you to create on the first comment.
Again, the navigation and screenshots are taken from a 6.5.x firmware and might look a little different to you.
Since you were asking about VoIP settings, here is a quick overview of that feature.
Thanks!!
HI All, I have a similar scenario. The difference is that, I have an outside Security Provider that requires access to our security cameras DVD's system. Byway of using DNS to connect for example: http://sw12.shopperworld.net:8080/
They also asked me me to white list (3) ranges of IP addresses. I have already created both the address objects and groups. My question is how do I create the NAT for this scenario or are access rules a better option? I have created NAT before but, it was NAT from an on site server to the cloud. Is it the same? I new to this, Thanks in advance.