This configuration is on a Sonicwall TZ205 with 22.214.171.124-2o firmware (GUI version 6), but should be relatively similar for all models.
Note: Sonicwall's IPS service has been known to block VoIP even if you have these rules set as it confuses it for a DDoS attack. If you lower the protection level from high, it generally fixes it.
Note: The FQDNS on this doc are for APOLLO clusters. You should follow this doc and use the server addresses your site/customer is associated with:
We recommend the TZ series for no more then 25 phones. If you plan to expand beyond that we recommend the NSA series.
1. Consistent NAT
Ensure "Enable Consistent Nat" is checked
2. Enable WAN BWM (Bandwidth Management)
Ensure advanced is checked as seen below
3. Enable BWM on WAN
Click the configure pencil located next to your primary WAN connection
Under the bandwidth management section, check both enable Egress and Ingress. Egress is the upload speed of your internet connection. Ingress is the download speed. Best practice is to run a speed test before setting these options. The example below shows a 100MBPS download and 35MBPS upload speed connection.
4. Create LAN>Wan firewall rule to allow and prioritize all traffic to both Kinect Servers
You are going to create a rule that allows all traffic to our server as seen in the screen shots below. Under the destination submenu click "create new network" to add our servers. You will build this rule four (4) times, two using our NJ servers FQDN of core2-nj.syntelsolutions.com & core-nj.syntelsolutions.com, and two using our FL server of core2-fl.syntelsolutions.com & core-fl.syntelsolutions.com
Then under the QOS tab, change DSCP to "Explicit"
Under the BWM tab, check enable Egress and ingress, under the drop down you will create a new bandwidth object. You will use this for both inbound and outbound firewall rules as you will see later. The best rule of thumb is to guarantee about 25% of the bandwidth to the phones, and to allow 100% if needed. This way phone calls always will have priority, but not use the entire connection when not in use.
5. Now we go back to access rules, to create a similar rule from WAN>LAN
Here you will build similar rules to LAN>WAN, the only difference being we will be changing the "Source" to the Kinect Servers, and the other options to "any". Therefore creating a rule saying all traffic ONLY from our servers, is allowed and prioritized.
Be sure to set the QOS and BWM tabs the same as the previous rules
Congrats! You've successfully configured your firewall for the Syntel Solutions UCaas Platform.
Download the PDF