![untangle firewall vs sonicwall untangle firewall vs sonicwall](https://www.knowledgenile.com/wp-content/uploads/2020/07/pfSense-Vs-Untangle.jpg)
Good luck and feel free to PM me if there are any further issues with sonicwalls and your PBXIt depends on what features you're looking for. Turn of SIP translations, and no additional firewall rules are needed since the default rules will allow outbound SIP registrations and inbound RTP relating to a SIP connection. Make sure the extensions are defined with NAT=YES. Asterisk does a better job of inserting the NAT headers than a firewall (not to mention the overhead required on the firewall).įor a “public” server (which I don’t recommend any server have a public interface) - just assign the public IP to the server. The reason that there are problems using the built-in SIP translation is that the Sonicwall is actually a bit too smart for its own good when doing deep packet inspection for SIP. Use the “Public Server Wizard” to set up public access via SIP (UDP 5060) and RTP (UDP 10000-20000) - This will take care of the proper firewall settings (rules & natting) all at once, quickly and simply.Turn off any NAT-Related settings in the “VoIP” Section of the Sonicwall admin.Using the SIP module in FreePBX - set the “ExternIP” settings to the External (public) IP assigned to be NATed to the the FreePBX machine.Set the private IP on the FreePBX server to a static IP (as usual).To configure a FreePBX machine behind a Sonicwall where the system is on the LAN side (recommended) I dislike that they are constantly getting a bad name. We regularly use Sonicwall with DATA system - they are actually very good - Just don’t use the internal VoIP NAT Translations. You could also go Open Source with PF Sense or Untangle. It was all ripped out in less than a year. We have a regional supermarket chain that drank the sonic wall Kool-Aid. There is reason you never see this stuff in Enterprise deployments. I want to reiterate I do not know of a single soul running SIP behind a Sonicwall having a positive experience.Ībout the only thing worse is Barracuda, great marketing lousy product. Sell the Sonicwall to the another sucker. Grab $200 and run (don’t walk) over to Flea-Bay and pick yourself up a Juniper SSG 5 or a Cisco PIX 515. How much is your time worth? The sonic wall has no value. When you have NAT traversal (called NAT-T) enabled at both ends you have two devices with no state information being passed making changes based on assumptions to the payload of the SIP messages.
![untangle firewall vs sonicwall untangle firewall vs sonicwall](https://www.untangle.com/wp-content/uploads/appliances/useries-stack.png)
Just when you think you found the formula the translation table gets hosed or the firewall makes a decision that confounds Asterisk. This this is the pr**k tease of firewalls. You can run wireshark and both ends and see how the Sonicwall is mutilating the SIP packets. And yes, SW is a pain to get working because you can’t get any useful support from them (or at least couldn’t-I haven’t needed to since they got purchased by Dell). That make sure you have those things settled first. This could either be done beforehand in the Firewall Settings general area (which would affect all future created rules, but is not linked so can be changed later), or for the specific rule itself, under the Advanced tab. Asterisk has a default timeout of 60, but to be safe I set the UDP timeout to 120. The second issue is a little trickier, and because its only in troubleshooting that it shows up, it’s likely a bit more tricky to track down: the UDP timeout on the Sonicwall is 30 seconds, and that is too short for the needs here. Turning Consistent NAT on will make sure everything stays on port 5060.
#Untangle firewall vs sonicwall registration
First, the simple one: Consistent NAT needs to be turned on, otherwise the SIP registration that is supposed to happen on UDP port 5060 get shifted/randomized by the Sonicwall, but the server at the other end will inevitably have issues. So after much consternation and testing, it turns out there are two issues at play when configuring a Sonicwall unit to play nicely with Asterisk SIP registration. I wrote this up after having issues with a Sonicwall to remind myself later- it may get you part of the way there: