Internet networks that experience latency due to high network congestion can cause VoIP phones to experience poor call quality. Like most hosted VoIP phone systems, our services work best in networks that maintain consistently low ping times. This can be achieved by preparing your router(s) and firewall(s) for use in VoIP. This can entail creating VoIP VLANs or Zones, implementing bandwidth management policies, and protecting voice traffic that traverses your network to our services. 

This document provides guidance for configuring a SonicWALL for SpectrumVoIP services. Included are instructions for traffic prioritization. This uses features within the SonicWALL firewall to appropriately prioritize VoIP-related traffic to help ensure a positive calling experience for your team and callers.

Recommended Adjustments

Before learning how you can optimize your Sonicwall's settings for use with VoIP reliant devices, it is recommended to read the sections below to review the different adjustments suggested by our team, such as ports and subnets to allow traffic to use, bandwidth requirements, and more.

Create Service Objects for Subnets and Ports

To make sure traffic to our specific services is not blocked, Service Objects should be created for each of the different port ranges used by the SpectrumVoIP services your company uses. If you are using multiple services with different port ranges, then multiple service objects will need to be created for each port range. These Service Objects can be grouped together into a single Service Group.

These Service Objects can be created on the OBJECTS page by navigating to Match Objects → Services.

SpectrumVoIP Public Subnets

• 199.71.209.0/24
• 24.227.249.0/25
• 72.249.136.32/28
• 206.123.122.32/27
• 212.69.157.32/27
• 40.143.31.64/27
• 45.41.5.0/24
• 12.150.91.0/24

Ports - Stratus Platform

Main Utilized Ports

• 5060-5062 UDP - SIP
• 20,000-40,000 UDP - RTP
• 80, 443 TCP - HTTP/HTTPS

Portal Dynamic Updates

• 8001 - TCP

Text-to-Speech Services - TCP and UDP

• 35.175.185.150:3001
• 35.175.185.150:8000
• 44.212.88.215:8000
• 54.149.243.27:3001
• 54.149.243.27:8000
• 54.70.235.134:3001
• 54.70.235.134:8000

StratusFAX 2.0 - TCP

• 5066 TCP - HTTPS and HTTP

StratusHUB Desktop App - TCP

• 199.71.209.150:8082 - TCP

StratusMEETING - TCP and UDP

• 54.188.133.147:3443
• 3.130.158.184:3443
• 35.183.150.146:3443

StratusWEB PHONE

• 9002 - TCP - websockets

Ports - Enswitch 1 and 2 Platforms

• 5060-5062 UDP - SIP
• 10,000-20,000 UDP - RTP
• 80, 443 TCP - HTTP/HTTPS

Push Notifications Ports

Android and Google Devices - Google's Firebase Cloud Messaging, aka FCM

• 443, 5228, 5229, 5230 - TCP

Apple Devices - Apple Push Notification Service, aka APNs

• 5223, 443, 2197 - TCP

Bandwidth Requirements

Voice-only applications utilize G.711 U-Law as the primary codec and require 87.2 kbps of bandwidth per active call. 

It is recommended to round the requirement up to 100 kbps to account for signaling and overhead.

Connect Devices to an Interface Set as a VoIP Zone

It is best practice to create separate zones for your different groups of IP devices, such as your desk phones. Doing so can simplify managing your network and troubleshooting future issues with those devices. 

Setting VoIP devices in a separate zone will keep VoIP traffic separate from Data traffic. Creating a VoIP Zone will allow you to more easily create Access Rules and NAT Rules for VoIP traffic,  

Manual/Static Interface Configuration

For this method, an interface tied to a port of the SonicWall is set to use a VoIP Zone you create. This interface can be one of the physical interfaces that exists within the SonicWall, or a Virtual Sub-Interface (VLAN) that you can create and assign to a physical interface (the Parent Interface). 

For Devices Connected to a Specific Port

In many networks, VoIP devices may be connected to ports of a specific network switch that connects to a port (i.e., a physical interface) of the SonicWall. That physical interface will need to be assigned a VoIP Zone you create to ensure devices that are physically connected to it follow Access Rules, NAT Rules, and security settings you set to use the VoIP Zone. 

For Devices Connected to a VLAN

If you create a virtual sub-interface to act as a VLAN, you can assign it a VLAN Tag (i.e., 20) the SonicWall will look out for. 

This VLAN tag would then be added to the VoIP devices that would need to be connected to this VLAN. This is done by assigning the Static IP Addresses to the VoIP devices. 

When the SonicWall sees a device connecting that has the VLAN tag within its IP Address (e.g., desk phone uses IP address 192.168.20.5), the SonicWall will follow any Access Rules and NAT Rules that have been created to handle traffic that has the VLAN as a source/destination. The settings that were configured for the VoIP Zone during its creation will also be followed since the VoIP Zone is set as the Zone for the VLAN. 

Automatic Discovery via LLDP/CDP 

If your network switches support Link Layer Discovery Protocol (LLDP), LLDP Media Endpoint Discovery (LLDP-MED), and/or Cisco Discovery Protocol (CDP), Grandstream, Yealink, and Polycom desk phones are compatible with these protocols and can utilize them to be discovered by neighbor devices and switches. 

If your network switch does offer LLDP, LLDP-MED, or CDP, it is recommended to ensure these protocols are enabled and configured to point to your desired VLAN. Doing so will allow the switches to discover compatible IP phones and set the devices in a VLAN dynamically depending on the device's configuration information. 

Option 132 for Yealink Phones

Option 132 in DHCP is a feature that enables automatic VLAN assignment. When a device connects to the network, it sends a DHCP request containing its MAC address. The DHCP server that has Option 132 configured identifies the device and assigns a suitable VLAN. 

To create a DHCP VLAN option on your DHCP server to allow Yealink phones to automatically connect and provision when plugged in, the following can be configured:

• Option 132: Set Voice VLAN ID
• Type: String (ASCII)
• Value : 'VLANTAG' for example '20' for VLAN 20

This DHCP option should be applied to your native DHCP server so that the phones receive the configuration when first plugged in. This may also be applied to the voice VLAN if needed.

Configure Your Sonicwall's VoIP Settings

SonicWalls offer a VOIP Settings page where you can find two settings that need to be updated for networks utilizing VoIP services: Consistent NAT and SIP Transformations. 
For most networks utilizing SpectrumVoIP's PBX, Consistent NAT should be enabled, and SIP Transformations should be disabled. 

For SonicOS 7.X:

For SonicOS 6.5:

For SonicOS 6.2 and below:

Why Enable Consistent NAT?

Consistent NAT almost always needs to be enabled for your SonicWall's VoIP settings. 

This setting improves compatibility between peer-to-peer applications that require a consistent IP address to route traffic to, such as VoIP reliant devices and softphones. 

This feature is important for VoIP applications since endpoints within a call need to be able signal to each other and send media back and forth without any interruptions. Consistent NAT prevents sudden call disruptions by mapping internal IP addresses and ports to the same external IP addresses and ports as the SonicWall filters traffic using its NAT rules.

Why Disable SIP Transformations?

For VoIP systems, SIP Transformations almost always need to be disabled.

The SIP Transformations function (also referred to as SIP ALG) allows your SonicWall to rewrite the destination addresses of the SIP packets sent during VoIP calls. Since the destination IP addresses of the packets being sent during a call are overwritten by the Application Layer Gateway (ALG), this causes the call's packets to not reach their destination. This can result in one-way audio during calls where only one side of the call is able to hear the other caller. 

In the Sonicwall's SIP Settings, the Enable SIP Transformations setting is enabled by default. Having this setting enabled can commonly cause quality of service issues with VoIP calls. It is recommended to disable SIP Transformations to avoid one-way audio and issues with parking and transferring. 

Prioritize SpectrumVoIP Traffic

One of the greatest challenges for VoIP is ensuring high speech quality over an IP network. VoIP and other types of media streaming are very sensitive to delay and packet loss. Managing access and prioritizing traffic are important requirements for ensuring high-quality, real-time VoIP communications.

This can be done by creating Access Rules and NAT Rules for your SonicWall that will 

Use Option 66: Phone Provisioning via DHCP

If your Sonicwall will act as a DHCP server, you can set it to utilize Option 66 to make it simpler to install and provision your desk phones. 

When Option 66 is configured, phones that boot up and connect to the Sonicwall will be provided a Provisioning URL. When the phones use the Provisioning URL to connect to our TFTP server, they can request and apply a config file to make setting up and updating themselves more streamlined.

To configure Option 66 for your Sonicwall, this can be done by creating an Option Object in its DHCP Advanced Settings.

1. Login to the SonicWall Management GUI
2. Navigate to Network → System → DHCP Server.
3. Click the Advanced button next to the Enable DHCPv4 Server option.
4. On the Option Objects tab of the DHCP Advanced Settings window, click the + Add button.
5. Enter the following information:
   • Option Name: Enter a name for this object, such as “Option 66”.
   • Option Number: Select 66 (TFTP Server Name)
   • Option Value: Enter the URL for our provisioning server provided by a SpectrumVoIP Installer or Technician. 
     

     Note: If you do not have this URL, contact your SpectrumVoIP Installer or our Technical Support team for further assistance.

      
6. Click the Save button.
   

   ✔ Once you have created an Option 66 Option Object, you can assign it to existing DHCP Server Lease Scopes that are assigned to subnets your desk phones will be connected to. 

    

Quality of Service

QoS encompasses a number of methods intended to provide predictable network behavior and performance. Network predictability is vital to VoIP services. QoS, when configured and implemented correctly, can properly manage traffic and guarantee the desired levels of network service.

Manage Bandwidth on a WAN Interface

Bandwidth Management (BWM) can be configured by enabling BWM on a relevant WAN interface and specifying the available bandwidth on the interface in Kbps. This is performed from the Network → Interfaces page by selecting the Configure icon for the WAN interface, and navigating to the Advanced tab.

Egress and Ingress BWM can be enabled jointly or separately on WAN interfaces. Different bandwidth values may be entered for outbound and inbound bandwidth to support asymmetric links. Link rates up to 100,000 Kbps (100Mbit) may be declared on the Fast Ethernet interface, while Gigabit Ethernet interfaces will support link rates up to 1,000,000 (Gigabit). ad

Once one or both BWM settings are enabled on the WAN interface and the available bandwidth has been declared, a Bandwidth tab will appear on Access Rules.

To configure Bandwidth Management on your SonicWALL…

1. Navigate to Network → Interfaces.
2. Click the Edit icon in the Configure column in the WAN (X1) line of the Interfaces table.
3. In the Edit Interface window, the Advanced tab.
4. Select Enable Egress (Outbound) Bandwidth Management and enter the available bandwidth in the Available Interface Egress Bandwidth Management field.
5. Select Enable Ingress (Inbound) Bandwidth Management and enter the available bandwidth in the Available Interface Ingress Bandwidth Management field.
6. Click OK.

Enable VoIP Logging

You can enable the logging of VoIP events on the Log → Settings page. Log entries are displayed on the Log → Monitor page. To enable logging of VoIP, see Log → Settings.