®

SonicWall Management
Services VoIP Setup
Administration
Contents 1
Configuring the Voice over IP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Enabling Secure NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Configuring Session Initiation Protocol (SIP) Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Configuring the H.323 Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

SonicWall Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Management Services VoIP Setup Administration

2
Contents
 1
Configuring the Voice over IP
Settings

TIP: You can configure VoIP on the global, group, or unit level.

Topics:
• Enabling Secure NAT
• Configuring Session Initiation Protocol (SIP) Settings
• Configuring the H.323 Settings

Enabling Secure NAT

To enable secure NAT:
1 Navigate to the VoIP > Settings page.
2 In the General Settings section, select Enable consistent NAT. (This option is not selected by default.)
3 Click Update. The Modify Task Description and Schedule dialog displays.
4 Enter the name of the schedule in the Description field. This field is populated with the name of the
setting to which the schedule applies.
5 Select the type of schedule for the task:
• Default
• Immediate
• At: (specify when the task is to take place)
6 Click Accept.
The settings are changed for each selected SonicWall appliance. To clear all settings and start over, click Reset.

Configuring Session Initiation Protocol

(SIP) Settings
To configure the SIP settings:
1 Navigate to the VoIP > Settings page.
2 Scroll to the SIP Settings section.

Management Services VoIP Setup Administration

3
Configuring the Voice over IP Settings
 3 Select Enable SIP Transformations to support translation of Session Initiation Protocol (SIP) messages.
This option is not selected by default.
TIP: By default, NAT translates Layer 3 addresses, but does not translate Layer 5 SIP/SDP addresses.
Unless there is another NAT traversal solution that requires this feature to be turned off, it is highly
recommended to enable SIP transformations.

After enabling SIP transformations, these options become available:

4 To enable SIP transformations on TCP connections, select Enable SIP Transformations.
5 Select Permit non-SIP packets on signaling port to enable applications such as Apple iChat and MSN
Messenger, which use the SIP signaling port for additional proprietary messages. This option is disabled
by default.
IMPORTANT: Enabling this option might open your network to malicious attacks caused by
malformed or invalid SIP traffic.

6 Select Enable SIP Back-to-Back User Agent (B2BUA) support when the SonicWall security appliance can
see both legs of a voice call (for example, when a phone on the LAN calls another phone on the LAN).
IMPORTANT: This option should only be enabled when the SIP Proxy Server is being used as a
B2BUA.

TIP: If there is not the possibility of the SonicWall security appliance seeing both legs of voice calls
(for example, when calls are only made to and received from phones on the WAN), Enable SIP
Back-to-Back User Agent (B2BUA) support should be disabled to avoid unnecessary CPU usage.

7 SIP Signaling inactivity time out (seconds)—Specifies the period of time that must elapse before timing
out an inactive SIP session if no SIP signaling occurs (default: 1800 seconds or 30 minutes).
8 SIP Media inactivity time out (seconds)—Specifies the period of time that must elapse before timing out
an inactive SIP session if no media transfer activity occurs (default: 120 seconds or 2 minutes).
9 Additional SIP signaling port (UDP) for transformations (optional) allows you to specify a nonstandard
UDP port used to carry SIP signaling traffic. Normally, SIP signaling traffic is carried on UDP port 5060.
However, a number of commercial VoIP services use different ports, such as 1560. Using this setting, the
security appliance executes SIP transformation on these non-standard ports.
TIP: Vonage’s VoIP service uses UDP port 5061.

10 To track endpoint registration anomalies, select Enable SIP endpoint registration anomaly tracking. The
following three fields become available.
• Registration tracking interval (seconds); the default is 300 seconds.
• Failed registration threshold; the default is 5.
• Endpoint block interval (seconds); the default is 3600 seconds.
11 Click Update. The Modify Task Description and Schedule dialog displays.
12 Enter the name of the schedule in the Description field. This field is populated with the name of the
setting to which the schedule applies.
13 Select the type of schedule for the task:
• Default
• Immediate
• At: (specify when the task is to take place)
14 Click Accept.
The settings are changed for each selected SonicWall appliance. To clear all settings and start over, click Reset.

Management Services VoIP Setup Administration

4
Configuring the Voice over IP Settings
Configuring the H.323 Settings
To configure the H.323 settings:
1 Navigate to the VoIP > Settings page.
2 Scroll to the H.323 Settings section.
3 Choose the type of control to enable H.323 transformations:
• Use global control to enable H323 Transformations (default)
• Use firewall Rule-based control to enable H323 Transformations
4 Select Enable H.323 Transformations to allow stateful H.323 protocol-aware packet content inspection
and modification by the SonicWall. The SonicWall executes any dynamic IP address and transport port
mapping within the H.323 packets, which is necessary for communication between H.323 parties in
trusted and untrusted networks/zones. This option is selected by default. Clear this checkbox to bypass
the H.323-specific processing done by SonicWall.
When Enable H.323 Transformations is enabled, additional options become available.
5 Select Only accept incoming calls from Gatekeeper to only accept incoming calls from the specified
Gatekeeper IP address.
6 In the H.323 Signaling/Media inactivity time out field, specify how long the SonicWall appliance waits
before closing a connection when no activity is occurring. The default is 300 seconds.
7 In the Default WAN/DMZ Gatekeeper IP Address field, specify the IP address of the H.323 Gatekeeper
that acts as a proxy server between clients on the private network and the Internet.
8 Click Update. The Modify Task Description and Schedule dialog displays.
9 Enter the name of the schedule in the Description field. This field is populated with the name of the
setting to which the schedule applies.
10 Select the type of schedule for the task:
• Default
• Immediate
• At: (specify when the task is to take place)
11 Click Accept.
The settings are changed for each selected SonicWall appliance. To clear all settings and start over, click Reset.

Management Services VoIP Setup Administration

5
Configuring the Voice over IP Settings
 2
SonicWall Support
Technical support is available to customers who have purchased SonicWall products with a valid maintenance
contract and to customers who have trial versions.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a
day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support.
The Support Portal enables you to:
• View knowledge base articles and technical documentation
• View video tutorials
• Access MySonicWall
• Learn about SonicWall professional services
• Review SonicWall Support services and warranty information
• Register for training and certification
• Request technical support or customer service
To contact SonicWall Support, visit https://www.sonicwall.com/support/contact-support.

Management Services VoIP Setup Administration

6
SonicWall Support
About This Document
Legend
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.

Management Services VoIP Setup Administration

Updated - October 2018
232-004545-00 Rev A

Copyright © 2018 SonicWall Inc. All rights reserved.

SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other
trademarks and registered trademarks are property of their respective owners
The information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or
implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall
products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT,
SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY
WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT,
INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF
PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF
SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no
representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to
make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make any
commitment to update the information contained in this document.
For more information, visit https://www.sonicwall.com/legal.

End User Product Agreement

To view the SonicWall End User Product Agreement, go to: https://www.sonicwall.com/en-us/legal/license-agreements.

Open Source Code

SonicWall is able to provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, AGPL when applicable
per license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or money
order in the amount of USD 25.00 payable to “SonicWall Inc.”, to:
General Public License Source Code Request
SonicWall Inc. Attn: Jennifer Anderson
1033 McCarthy Blvd
Milpitas, CA 95035

Management Services VoIP Setup Administration

7
SonicWall Support