Mike Beirne's personal site

• Home
  • Mike Beirne
• Tutorials
  • VoIP and TZ170
  • IPCop IPSec VPN
• Stories
  • Wake-up alarm
  • Fonality Bell prank
• Links
  • Yahoo
• Pictures
  • Peacocks

VoIP through a SonicWall TZ170

The purpose of this document is to show how to set up a Sonicwall firewall to allow VoIP services or remote phones to connect through it. The Fonalty PBXtra or trixbox CE server use the SIP service which is on UDP port 5060 and also the RTP service for the audio portion of the call on a random port in the range of UDP 10,000 to UDP 20,000. This page will document how to forward these ports through a Sonicwall TZ170 running SonicOS Standard 3.1.2.6-97s, but most other Sonicwall firewalls have a similar set up.

If you have multiple static IP addresses from your ISP, then it is also possible to set up a one-to-one NAT between one of your external IP addresses and the Fonality PBXtra or the trixbox CE system. Then you can either add a firewall rule that forwards all traffic from the external IP address to the PBXtra or add rules specifying exactly which ports to forward. Since I do not have a second static IP address, these screen shots will not cover that set up. This set up will work with both VoIP services and remote phones. If you want the HUD3 client to work remotely, then you will also have to add the HUD3 service on TCP port 5222 and use the "Rule Wizard" to forward that service to the the IP address of the PBXtra or trixbox Pro server.

First login to your Sonicwall firewall and click on the "Firewall" tab and then the "Services" page.

Click on the "Add" button below "Custom Services"

Click "OK" to add the FonalityRTP service

Services showing custom addition

Then click on the "Firewall" button again and then click on "Rule Wizard".

Just click "Next"

Click the radio button "Public Server" and then click "Next"

Select "SIP" from the service drop down menu and put in the IP address that you assigned to your PBXtra or trixbox server and click "Next"

Click "Apply"

Now we need to add the RTP rule too. Click on the "Rule Wizard" again.

Just Click "Next"

Click on the radio button "Public Server" and then click "Next"

Select "FonalityRTP" from the "Service" drop down menu, put in the IP address of your PBXtra or trixbox server and click "Next"

Click "Apply"

Firewall rules after the additions

Then we need to change several options under the "Firewall" Voip page.

Click "Apply" after setting the Firewall VoIP settings.

I have tested these settings on my home trixbox CE system, so I know that they work.

Some of the additional Security Services, like the Gateway anti-virus, anti-spyware or Content filtering, can cause dropped calls so they must be disabled.