Solved

SonicWall TZ100 configuration for asterisk server

Posted on 2011-03-04
14
1,716 Views
Last Modified: 2012-05-11
I;m trying to configure SonicWall TZ100, which I put between router Thomson TG585 v7 connected to ISP with static IP (port X1 WAN) and my LAN switch (port X0 LAN). LAN also use static IPs for all devices.
On LAN I have Asterisk server which required in router port forwarding to Asterisk:
IAX_REG - TCP/UDP 4569
VPN_ASTERISK - TCP/UDP 1149 (I understand for connecting to second asterisk server in other office)
What exactly I need to configure in TZ100 for it (routing policies, firewall rules, ets)?
If in router configuration something need to be changed?
Detailed instructions/explanations highly appreciated.
0
Comment
Question by:Lambru
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 4
14 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 35037971
to send the asterisk traffic out the WAN interface from the LAN, you can run the public server wizard. the kb below can outline that.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7027

regarding the VPN, unless you plan to control what hosts have access to the vpn, all traffic is allowed via the VPN connection so there's really nothing you need to do there.

what is asterisk?
0
 

Author Comment

by:Lambru
ID: 35038604
Thank you for the link.
Unfortunately Asterisk it's SIP VoIP server - software PBX, and there is no similar type of server in this wizard.
VPN is also organised somehow from 1 asterisk server to the other for voice trafic only, I even do not know how exactly - I'm new in asterisk and it's not me who did this installation.
Thus I need somehow to configure new appliance (TZ100) in order all this not to stop working.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35038667
is IAX_REG your providers voip server?
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 

Author Comment

by:Lambru
ID: 35038787
It is port forwarding configured now on router, but asterisk do connect to at least 2 different voip providers-both making and accepting calls.
0
 
LVL 6

Expert Comment

by:caskrist
ID: 35039342
With my sonicwall (NSA240) I can run the public server wizard and choose 'other' at 'the 'Server type' field. And i can create a new service with the wizard. But maybe it is easier to create the services before running the wizard (and create a servicegroup).

Maybe it is because I am running SonicOS enhanced, I dont know what a TZ100 is running.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35039385
@caskrist :: 100 runs the enhanced OS.

and caskrist is correct. you can create your own service under firewall > services. choose that during the public server wizard.
0
 

Author Comment

by:Lambru
ID: 35041065
OK, let's let alone the wizard - as we do no know exactly if it's suite our case or not. Probably manually step by step will be more reliable.
I did created services IAX_REG and VPN_ASTERISK with the appropriate ports. As in my router was written TCP/UDP, and in SonicOS I can select only or TCP or UDP, I also created IAX_REG_UDP and VPN_ASTERISK_UDP with the same port numbers.
As probably we will need name for the server I also created ASTERISK object with server IP adress.
What to do next?
0
 
LVL 33

Expert Comment

by:digitap
ID: 35041609
sure...the first link below is a video tutorial and the second is the step by step of what you ask for.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8368

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7712
0
 
LVL 6

Expert Comment

by:caskrist
ID: 35042179
You can create a service group in which you can put multiple custom services (service A tcp and service A Ido, service B tcp and service B udp, all together in 1 servicegroup). This servicegroup you can use in the NAT policies and firewall files).
0
 
LVL 6

Expert Comment

by:caskrist
ID: 35042190
Ido is udp in the post above, and firewall files should be firewall rules ofcourse. I am getting used to my new phone:-)
0
 

Author Comment

by:Lambru
ID: 35043253
Thank you. I created SRV_ASTERISK group with 4 members.
0
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 35043617
hmm, the steps i gave above do not talk about service groups and i thought they did. sorry.
0
 
LVL 6

Assisted Solution

by:caskrist
caskrist earned 250 total points
ID: 35045137
Now you can follow the steps in the videos, or run the wizard.
0
 
LVL 6

Expert Comment

by:caskrist
ID: 35057682
Thanks fot the points. Hope it works now.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question