Configuring the Dell SonicWALL NSA series for use with SIP.US SIP Trunking should be a breeze with this guide. There are only four primary steps. Before we begin note the information we used for this document and gather similar information for your setup:
* Polycom IP Phone attached to X2 using ports 2222 to 2230 for RTP, and port 25204 for SIP Traffic, addressed as 10.5.10.213
* WAN Connection on X1
* SIP.US GW1 IP 65.254.44.194 (SIP.US GW2 Connection is 74.81.71.18)
BEGIN CONFIGURATION:
1. Create Service Groups on your NSA for SIP and RTP traffic. Reference the image below and the port information you gathered previously.
2. Create Address Groups on your NSA for your PBX/IP Phone, and SIP.US. Reference the image below and the information you gathered previously (Note: the image only shows gw1.sip.us as an address, you will want to input gw2.sip.us as a second entry.)
3. Create Access Rules to match the service groups and addresses that will be entering the firewall destined for a secure network. We had to use the ANY/ANY for destination to get the NSA to allow the UDP traffic. If we specified the destination it would drop the packets every time. Our assumption is that NAT is being processed after the firewall rules and so the address group created didn't match for the inbound rule. However, creating an address object for the IP of the WAN interface and allowing UDP traffic to it didn't seem to work either. For our purposes we allowed destination as ANY/ANY on these ports to get this working. SonicWALL support may be able to improve this configuration to get translation and access rules to match.
4. Create NAT Translation rules that provide for 1:1 Port Translation on our Service Objects that were previously created. Reference the image below and the information you gathered previously.
CONFIGURATION COMPLETE
Your set-up should now be working with this baseline configuration. If you have issues we will do our best to assist you after you have created a ticket using the link at the top right. However, you may want to contact SonicWALL support for more specific guidance on securing your connections.
Comments