VoIP > Settings
The SonicWALL security appliance allows VoIP phone and applications to be
deployed behind the firewall. The VoIP > Settings page
includes the settings for supporting VoIP traffic on the SonicWALL security
Voice over IP (VoIP) protocols is a term used in IP telephony for a
set of facilities for managing the delivery of voice information using IP.
this means sending voice information in digital form in discrete packets
rather than in the traditional circuit protocols of the public switched telephone
network (PSTN). A major advantage of VoIP and Internet telephony is that
avoids the tolls charged by traditional telephone service.
The SonicWALL security appliance supports the most widely used VoIP standard
protocols and the most commonly used VoIP vendors and systems on the market.
Providing full VoIP support on the SonicWALL security appliance enables organizations
with increasingly decentralized workforces to access corporate voice services
from remote sites. VoIP systems consist of multiple clients (such as IP phones
or soft phones) and VoIP servers residing at different parts of the network.
This section provides a concept overview on H.323 and SIP protocols. Refer
to the “Configuring the VoIP Settings” section for configuration
tasks for H.323 and SIP networks.
H.323 is a comprehensive suite of protocols for voice, video, and data communications
between computers, terminals, network devices, and network services. H.323
is designed to enable users to make point-to-point multimedia phone calls over
connectionless packet-switching networks such as private IP networks and the
H.323 is widely supported by manufacturers of video conferencing equipment,
VoIP equipment and Internet telephony software and devices.
An H.323 network consists of four different types of entities:
- Terminals - Client end points for multimedia communications. An example
would be an H.323 enabled Internet phone or PC
- Gateways - Connectivity between H.323 networks and other communications
services, such as the circuit-switched Packet Switched Telephone Network
- Gatekeepers - Services for call setup and tear down, and registering
H.323 terminals for communications
- Multipoint control units (MCUs) - Three-way and higher multipoint communications
Session Initiation Protocol (SIP) is a signaling protocol used in VoIP. Using
SIP, a VoIP client can initiate and terminate call sessions, invite members
into a conferencing session, and perform other telephony tasks. SIP also enables
Private Branch Exchanges (PBXs), VoIP gateways, and other communications devices
to communicate in standardized collaboration. SIP was also designed to avoid
the heavy overhead of H.323.
The Consistent NAT setting ensures predictable re-use of the same translated
IP address and UDP port pair for internal (LAN) address and port pairs. This
checkbox is disabled by default. Consistent NAT changes standard NAT policy
to provide greater compatibility with peer-to-peer applications that require
a consistent IP address to connect to, such as Apple’s iChat, and certain
online games. Consistent NAT uses an MD5 hashing method to consistently assign
the same mapped public IP address and UDP Port pair to each internal private
IP address and port pair.
This section provides configuration tasks for SIP Settings.
- The Enable SIP Transformations setting transforms SIP
messages between LAN (trusted) and WAN/DMZ (untrusted). You need to check this
when you want the SonicWALL
to do the SIP transformation. If your SIP proxy is located on the public
(WAN) side of the SonicWALL and SIP clients are on the LAN side, the SIP
by default embed/use their private IP address in the SIP/Session Definition
Protocol (SDP) messages that are sent to the SIP proxy, hence these messages
are not changed and the SIP proxy does not know how to get back to the
client behind the SonicWALL. Selecting Enable SIP Transformations enables
to go through each SIP message and change the private IP address and assigned
port. Enable SIP Transformation also controls and opens up the RTP/RTCP
ports that need to be opened for the SIP session calls to happen. NAT translates
Layer 3 addresses but not the Layer 7 SIP/SDP addresses, which is why you
to select Enable SIP Transformations to transform the SIP messages. It's
recommended that you turn on Enable SIP Transformations unless there is
another NAT traversal
solution that requires this feature to be turned off. SIP Transformations
works in bi-directional mode and it transforms messages going from LAN
to WAN and
- Permit non-SIP packets on signaling port - This checkbox is disabled
by default. Select this checkbox for enabling applications such as Apple
this checkbox may open your network to malicious attacks caused by malformed
or invalid SIP traffic.
- SIP Signaling inactivity time out (seconds) - This field has a default
value of 1200 seconds (20 minutes).
- SIP Media inactivity time out (seconds) - This field has a default value
of 120 seconds (2 minutes).
- Additonal SIP signaling port (UDP) for transformations (optional) -
This setting allows you to specify a non-standard UDP port used to carry
SIP signaling traffic. Normally, SiP signaling traffic is carried on UDP
port 5060. However, a number of commercial VOIP services use different
ports, such as 1560. Using this setting, the security appliance performs
SIP transformation on these non-standard ports.
This section provides configuration tasks for H.323 Settings.
- Enable H.323 Transformation - Select this option to allow stateful H.323
protocol-aware packet content inspection and modification by the SonicWALL.
performs any dynamic IP address and transport port mapping within the H.323
packets, which is necessary for communication between H.323 parties in
trusted and untrusted networks/zones. Clear the Enable H.323 Transformation to bypass
the H.323 specific processing performed by the SonicWALL.
- Only accept incoming calls from Gatekeeper - Select this checkbox to
ensure all incoming calls go through the Gatekeeper for authentication.
will refuse calls that fail authentication.
- Enable LDAP ILS Support - LDAP stands for Lightweight Directory Access
Protocol, a standard protocol for accessing information in a directory.
ILS stands for
Internet Locator Service, a LDAP service that enables Microsoft NetMeeting
users to locate and connect to users for conferencing and collaboration
over the Internet.
- H.323 Signaling/Media inactivity time out (seconds) -
This field has a default value of 300 seconds (5 minutes). This is a similar
connection inactivity timeout.
- Default WAN/DMZ Gatekeeper IP Address - This field
has a default value of 0.0.0.0. Enter the default H.323 Gatekeeper IP address
in this field
to allow LAN-based
H.323 devices to“discover” the gatekeeper using the multicast
address 220.127.116.11. If you do not enter an IP address, multicast discovery
messages from LAN-based H.323 devices will go through the configured multicast
Help Table of Contents