***NOTE: This guide assumes standard registration with your trunk at SIP.US. This model of SonicWALL is incompatible with IP Based Authentication at SIP.US if you do not have a separate static IP for VoIP traffic and that configuration is not addressed in this guide***
Many of our customers use Dell SonicWALL products. These products provide some advanced security functionality by transforming ports in a randomized fashion. This can create some problems with SIP traffic if steps are not taken to assure the stability of port transformations.
An additional layer of complexity is added with Dell's 6.x firmware, as it is not capable of assigning static ports while maintaining NAT capabilities without additional static IP addresses. Additionally it does not relate RTP (Audio) traffic to the SIP control traffic. This brief guide will give you the settings you need to get your PBX working with SIP.US under most circumstances where you must share 1 public IP between standard internet and VoIP traffic.
1. Go to the "Access" tab in your SonicWALL gui
2. Scroll down to the section labeled "SIP"
3. Ensure that "Enable Sip Transformations" is checked.
***NOTE: DO NOT forward any ports to your PBX even if another guide at SIP.US says to do so. SonicWALL devices do not consistently transform forwarded packets in a way that SIP.US and most PBX's anticipate.***
4. Select the "Rules" tab
5. Create rules to allow all traffic from sip.us IP addresses 220.127.116.11 and 18.104.22.168 to your PBX's IP only.
***NOTE: This is EXTREMELY insecure, but due to the way SonicWall transforms ports in a pseudo random fashion, there is no other way to get this firmware to work consistently with SIP.US. We do our best to ensure that only SIP and RTP traffic originate on the IP's listed but we cannot make any guarantee that only legitimate traffic will reach your device. To enhance the security of this scenario we recommend that you place DROP/DENY rules ahead of the above rules for any other ports which may be in an open/listening state on your PBX's IP.***
6. Open a support ticket with SIP.US informing them that you need, "Audio support enabled for a Sonicwall 6.x firmware device."
7. Set registration frequency on your PBX, ATA, or Phone to 30 seconds. This is to ensure that we are sending inbound calls to the most recently opened port on the SonicWALL. If you set your registration period for longer you may not consistently receive inbound calls.
8. After SIP.US has confirmed that they have enabled audio support for your device please test your connection and ability to make/receive SIP calls.