Sonicwall solutions for voip

Posted on 2009-02-18
Last Modified: 2012-05-06
I have a client that needs to secure her medical transcripton business.
I am looking at sonicwalls and need to know which one would be good for voip.
I have worked with sonicwalls for many years but never set one up for voip.
I have worked with the tz170 standardand enhanced. I also have worked with the tz180 wireless standard
My client uses vonage as her voip carrier.

Currently she is using the windows firewall to secure her systems and a linksys router.
She recently got the anti-virus 360 spyware program on a system and I had to clean it off for her. I scanned all her other systems and found some other malicious programs. Which I cleaned with malware bytes

I believe implementing a sonicwall along with avg free will take care of her security.
She has one 2003 small business server, 4 xp pro workstations and one laptop.

Any advice or other alternative security measures would be appreciated.
Question by:kallatech
    LVL 16

    Accepted Solution

    Sounds like a TZ170 will suffice!

    Now if her VOIP use is a single phone connected to an external service, then there shoudn't be a problem. Set the phone up normally using SIP and STUN and you don't need to do anything on the Sonicwall. The sonicwall does have a SIP TRANSFORMS setting BUT you should not need to use it - if you DO use it, then do NOT use STUN on the phone settings.

    If you can allocate a single fixed IP specifically for the phone in NAT it  won't hurt at all.

    Better yet, if you have multiple fixed IPs to play with and can allocate one to the phone, connect the phone OUTSIDE the firewall direct to the public IP address. (Voip and NAT don't play well.)

    If she has an IP-PBX, then tell us more..

    Author Comment

    Do you mean setup the phones in the opt zone?

    LVL 16

    Expert Comment

    No - but you could do that and set the Opt zone to Transparent.


    Author Comment

    Are there any alternative hardware firewalls that "play" better with voip?
    LVL 16

    Expert Comment

    It's not really the firewall per se, it's the NAT that VOIP doesn't like. Well, SIP/RTP doesn't like, and most modern VOIP systems are SIP/RTP. You have  to start using tools to obviate the problems caused by the NAT system changing the IP address. STUN is one such, and ususally works. Some firewalls provide ALGs (Application Layer Gateways) which sometmies work but you can onyl use ONE so if you're using the ALG you have to turn STUN off and vice-versa. And usually one or the other works and that's fine but it's a pain when you have to fiddle about a lot to find a workign combination.

    IF YOU CAN rule NAT out of the picture, i.e. put the (WAN port of) your IP-PBX directly onto it's real public IP address you avoid all this kerfuffle.  

    One way to achieve this is to put the (Wan port of) IP-PBX on the public netowk, if it's "protected" enough to put up with that. Another is to use a firewall which has a bridge or "transparent" mode of operation, i.e. uses public IPs on the LAN side.


    Author Closing Comment

    Thank you for that information.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Suggested Solutions

    We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
    Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now