We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Sonicwall solutions for voip

kallatech
kallatech asked
on
Medium Priority
303 Views
Last Modified: 2012-05-06
I have a client that needs to secure her medical transcripton business.
I am looking at sonicwalls and need to know which one would be good for voip.
I have worked with sonicwalls for many years but never set one up for voip.
I have worked with the tz170 standardand enhanced. I also have worked with the tz180 wireless standard
My client uses vonage as her voip carrier.

Currently she is using the windows firewall to secure her systems and a linksys router.
She recently got the anti-virus 360 spyware program on a system and I had to clean it off for her. I scanned all her other systems and found some other malicious programs. Which I cleaned with malware bytes

I believe implementing a sonicwall along with avg free will take care of her security.
She has one 2003 small business server, 4 xp pro workstations and one laptop.

Any advice or other alternative security measures would be appreciated.
Comment
Watch Question

Director
Commented:
Sounds like a TZ170 will suffice!

Now if her VOIP use is a single phone connected to an external service, then there shoudn't be a problem. Set the phone up normally using SIP and STUN and you don't need to do anything on the Sonicwall. The sonicwall does have a SIP TRANSFORMS setting BUT you should not need to use it - if you DO use it, then do NOT use STUN on the phone settings.

If you can allocate a single fixed IP specifically for the phone in NAT it  won't hurt at all.

Better yet, if you have multiple fixed IPs to play with and can allocate one to the phone, connect the phone OUTSIDE the firewall direct to the public IP address. (Voip and NAT don't play well.)

If she has an IP-PBX, then tell us more..

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Do you mean setup the phones in the opt zone?

ccomleyDirector

Commented:
No - but you could do that and set the Opt zone to Transparent.

Author

Commented:
Are there any alternative hardware firewalls that "play" better with voip?
ccomleyDirector

Commented:
It's not really the firewall per se, it's the NAT that VOIP doesn't like. Well, SIP/RTP doesn't like, and most modern VOIP systems are SIP/RTP. You have  to start using tools to obviate the problems caused by the NAT system changing the IP address. STUN is one such, and ususally works. Some firewalls provide ALGs (Application Layer Gateways) which sometmies work but you can onyl use ONE so if you're using the ALG you have to turn STUN off and vice-versa. And usually one or the other works and that's fine but it's a pain when you have to fiddle about a lot to find a workign combination.

IF YOU CAN rule NAT out of the picture, i.e. put the (WAN port of) your IP-PBX directly onto it's real public IP address you avoid all this kerfuffle.  

One way to achieve this is to put the (Wan port of) IP-PBX on the public netowk, if it's "protected" enough to put up with that. Another is to use a firewall which has a bridge or "transparent" mode of operation, i.e. uses public IPs on the LAN side.

Author

Commented:
Thank you for that information.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.