Sonicwall solutions for voip

I have a client that needs to secure her medical transcripton business.
I am looking at sonicwalls and need to know which one would be good for voip.
I have worked with sonicwalls for many years but never set one up for voip.
I have worked with the tz170 standardand enhanced. I also have worked with the tz180 wireless standard
My client uses vonage as her voip carrier.

Currently she is using the windows firewall to secure her systems and a linksys router.
She recently got the anti-virus 360 spyware program on a system and I had to clean it off for her. I scanned all her other systems and found some other malicious programs. Which I cleaned with malware bytes

I believe implementing a sonicwall along with avg free will take care of her security.
She has one 2003 small business server, 4 xp pro workstations and one laptop.

Any advice or other alternative security measures would be appreciated.
kallatechAsked:
Who is Participating?
 
ccomleyCommented:
Sounds like a TZ170 will suffice!

Now if her VOIP use is a single phone connected to an external service, then there shoudn't be a problem. Set the phone up normally using SIP and STUN and you don't need to do anything on the Sonicwall. The sonicwall does have a SIP TRANSFORMS setting BUT you should not need to use it - if you DO use it, then do NOT use STUN on the phone settings.

If you can allocate a single fixed IP specifically for the phone in NAT it  won't hurt at all.

Better yet, if you have multiple fixed IPs to play with and can allocate one to the phone, connect the phone OUTSIDE the firewall direct to the public IP address. (Voip and NAT don't play well.)

If she has an IP-PBX, then tell us more..
0
 
kallatechAuthor Commented:
Do you mean setup the phones in the opt zone?

0
 
ccomleyCommented:
No - but you could do that and set the Opt zone to Transparent.

0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
kallatechAuthor Commented:
Are there any alternative hardware firewalls that "play" better with voip?
0
 
ccomleyCommented:
It's not really the firewall per se, it's the NAT that VOIP doesn't like. Well, SIP/RTP doesn't like, and most modern VOIP systems are SIP/RTP. You have  to start using tools to obviate the problems caused by the NAT system changing the IP address. STUN is one such, and ususally works. Some firewalls provide ALGs (Application Layer Gateways) which sometmies work but you can onyl use ONE so if you're using the ALG you have to turn STUN off and vice-versa. And usually one or the other works and that's fine but it's a pain when you have to fiddle about a lot to find a workign combination.

IF YOU CAN rule NAT out of the picture, i.e. put the (WAN port of) your IP-PBX directly onto it's real public IP address you avoid all this kerfuffle.  

One way to achieve this is to put the (Wan port of) IP-PBX on the public netowk, if it's "protected" enough to put up with that. Another is to use a firewall which has a bridge or "transparent" mode of operation, i.e. uses public IPs on the LAN side.

0
 
kallatechAuthor Commented:
Thank you for that information.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.